Skip to main content
GET
/
persons
/
personal_ids
/
{personal_id_id}
/
reveal
Reveal Personal ID
curl --request GET \
  --url https://api-sandbox.synctera.com/v0/persons/personal_ids/{personal_id_id}/reveal \
  --header 'Authorization: Bearer <token>'
{
  "ciphertext": "eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImVuYyI6IkEyNTZHQ00iLCJraWQiOiJyZWNpcGllbnQta2V5LWlkIn0.AAAAAAAAAA.qcT0jHQJp5MI.0mxQptHnLbmpYmVF-HPzwg.iH2aDMwuCefM_iBPxuBbJA"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

personal_id_id
string<uuid>
required

UUID for a personal identifier.

Example:

"7d943c51-e4ff-4e57-9558-08cab6b963c7"

Query Parameters

personal_id_configuration_id
string<uuid>

UUID of the personal ID configuration to use for encryption. If not provided, the oldest configured public key will be used.

Example:

"7d943c51-e4ff-4e57-9558-08cab6b963c7"

Response

Revealed Personal ID encrypted via public key

ciphertext
string
required

JWE compact serialization of the encrypted personal id data as defined in RFC 7516 Section 7.1.

Format: header.encryptedKey.iv.ciphertext.authTag

All segments are base64url-encoded and concatenated with periods.

  • header: Contains algorithm information and key identifier

    • "alg": "ECDH-ES+A256KW" - Key management algorithm
    • "enc": "A256GCM" - Content encryption algorithm
    • "kid": base64url-encoded JWK thumbprint. The thumbprint is calculated using the JWK as per RFC 7638 and is used to identify the public key used for encryption.

    The algorithm identifiers follow RFC 7518

  • encryptedKey: The content encryption key encrypted using ECDH-ES

  • iv: Initialization vector for AES-GCM

  • ciphertext: The actual encrypted data

  • authTag: Authentication tag for AES-GCM integrity verification

Example:

"eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImVuYyI6IkEyNTZHQ00iLCJraWQiOiJyZWNpcGllbnQta2V5LWlkIn0.AAAAAAAAAA.qcT0jHQJp5MI.0mxQptHnLbmpYmVF-HPzwg.iH2aDMwuCefM_iBPxuBbJA"