> ## Documentation Index
> Fetch the complete documentation index at: https://developers.argosidentity.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Data Protection

> Learn how to strengthen data security through liveform encryption settings and secure transmission settings.

Data protection functions provide encryption and secure transmission options to strengthen project security levels. <br />Safe data transmission and storage are supported through liveform encryption settings and secure transmission settings.

## Liveform Encryption Settings

You can maintain higher security levels for user submissions through liveform encryption settings.

<Frame caption="Liveform Encryption Settings Screen">
  <img src="https://mintcdn.com/argosidentity/352WpTnZFyEfW7I6/images/dashboard/new/data_protection/livefom_encryption.png?fit=max&auto=format&n=352WpTnZFyEfW7I6&q=85&s=4352a467e76d34ef2856b183a7db7b37" alt="Liveform encryption settings" width="2230" height="634" data-path="images/dashboard/new/data_protection/livefom_encryption.png" />
</Frame>

### Encryption Algorithm Selection

When encryption is needed in liveform URL's Query String, data must be encrypted using the selected encryption algorithm and encryption key.

| Algorithm                     | Description                                                                 |
| ----------------------------- | --------------------------------------------------------------------------- |
| **ECB (Electronic Codebook)** | Fast and simple block encryption method                                     |
| **GCM (Galois/Counter Mode)** | Enhanced encryption method including authentication and integrity functions |

<Info>
  **How to Use After Algorithm Selection**

  After selecting encryption algorithm, parameters requiring encryption in liveform URL's Query String must be encrypted using the selected algorithm and encryption key, then used in the form `encrypted={encrypted_data}`.
</Info>

### Encryption-only Mode

Activate encryption-only mode when you want to encrypt and use all Query String parameters.

<Frame caption="Encryption-only Mode Settings">
  <img src="https://mintcdn.com/argosidentity/352WpTnZFyEfW7I6/images/dashboard/new/data_protection/encryption_only.png?fit=max&auto=format&n=352WpTnZFyEfW7I6&q=85&s=fa0b6c08e7061ddfb30948aef7bab335" alt="Encryption-only mode" width="2230" height="71" data-path="images/dashboard/new/data_protection/encryption_only.png" />
</Frame>

When encryption-only mode is activated, only `pid`, `encrypted`, `lang` parameters are allowed in liveform URL, and all other parameters must be encrypted and included in the `encrypted` parameter.

**Allowed URL Format:**

```
https://form.argosidentity.com?pid={project_Id}&encrypted={encrypted_data}&lang=ko
```

**Not Allowed URL Format:**

```
https://form.argosidentity.com?pid={project_Id}&encrypted={encrypted_data}&email=user@example.com
```

<Warning>
  **Encryption-only Mode Precautions**

  When encryption-only mode is activated, all unencrypted Query String parameters are ignored. All data must be encrypted and included in the `encrypted` parameter.
</Warning>

### Encryption Key Management

Manages keys to be used for encryption. You can use API KEY or issue and use a dedicated key (secretKey).

<Frame caption="Encryption Key Management Screen">
  <img src="https://mintcdn.com/argosidentity/352WpTnZFyEfW7I6/images/dashboard/new/data_protection/encryption_management.png?fit=max&auto=format&n=352WpTnZFyEfW7I6&q=85&s=6840abccd81e754c4aa8101c2f8e44f3" alt="Encryption key management" width="2230" height="185" data-path="images/dashboard/new/data_protection/encryption_management.png" />
</Frame>

<Frame caption="Encryption Key Issuance Popup">
  <img src="https://mintcdn.com/argosidentity/352WpTnZFyEfW7I6/images/dashboard/new/data_protection/encryption_management_pop.png?fit=max&auto=format&n=352WpTnZFyEfW7I6&q=85&s=dc3efeb981c07fe0621789f0ae4d2062" alt="Encryption key issuance" width="450" height="372" data-path="images/dashboard/new/data_protection/encryption_management_pop.png" />
</Frame>

| Key Type                      | Description                                                       |
| ----------------------------- | ----------------------------------------------------------------- |
| **API KEY**                   | Use the default API key assigned to the project as encryption key |
| **Dedicated Key (secretKey)** | Dedicated encryption key newly issued and used in liveform        |

<Warning>
  **Dedicated Key (secretKey) Important Notice**

  Newly issued dedicated key (secretKey) is **only displayed at issuance**, so be sure to store it safely. If lost, you must reissue and use, and existing keys can no longer be used.
</Warning>

<Tip>
  **Key Selection Guide**

  * **Using API KEY**: Can start quickly with simple settings.
  * **Using Dedicated Key (secretKey)**: Can strengthen security by using different keys in liveform and API.
</Tip>

***

## How to Use Liveform URL Encryption

Learn how to encrypt and use Query String parameters in liveform URLs.

### Step 1: Prepare Data to Encrypt

Prepare Query String parameters to encrypt in JSON format.

<CodeGroup>
  ```json ID document Example theme={null}
  {
    "email": "user@example.com",
    "userid": "user123",
    "cf1": "custom_field_1",
    "cf2": "custom_field_2",
    "cf3": "custom_field_3",
    "token": "token_id"
  }
  ```

  ```json Knowledge-based Example theme={null}
  {
    "email": "user@example.com",
    "userid": "user123",
    "knowledgeField": "birthDate,gender,nationality",
    "knowledgePrefill": "gender=male,nationality=USA,birthDate=1980-01-01"
  }
  ```
</CodeGroup>

<Note>
  **Non-encryptable Parameters**

  `pid`, `lang` query strings and `sid`, `action` query strings used in 'Additional Process (Injection)' page do not support encryption. However, when using Injection, `sid` and `action` must be encrypted by including them inside the `encrypted` parameter.
</Note>

### Step 2: Perform Encryption

Encrypt data using the selected encryption algorithm (ECB or GCM) and encryption key (API KEY or secretKey).

<Card title="Encryption Guide" icon="lock" href="/en/idcheck/getting-started/encrypt-and-decrypt-data/overview">
  View detailed encryption/decryption methods and code examples.
</Card>

**Encryption Example (ECB Method):**

```javascript theme={null}
// Node.js example
const crypto = require('crypto');

function encryptECB(data, apiKey) {
  const hashedKey = crypto.createHash('sha256').update(apiKey).digest();
  const cipher = crypto.createCipheriv('aes-256-ecb', hashedKey, null);
  return cipher.update(JSON.stringify(data), 'utf8', 'base64') + cipher.final('base64');
}

// Usage example
const data = {
  email: "user@example.com",
  userid: "user123",
  token: "token_id"
};
const encrypted = encryptECB(data, 'YOUR_API_KEY_OR_SECRET_KEY');
```

### Step 3: Add Encrypted Data to URL

Add encrypted data to the `encrypted` query parameter.

```
https://form.argosidentity.com?pid={project_Id}&encrypted={encrypted_data}
```

<Info>
  **URL Encoding**

  Encrypted data must be URL encoded before use in URLs.
</Info>

***

## Secure Transmission Settings

Settings to strengthen security for data transmission via API methods.

<Frame caption="Secure Transmission Settings Screen">
  <img src="https://mintcdn.com/argosidentity/352WpTnZFyEfW7I6/images/dashboard/new/data_protection/secure_data_transfer.png?fit=max&auto=format&n=352WpTnZFyEfW7I6&q=85&s=cedeafc03cbd672531f76091fc3e6786" alt="Secure transmission settings" width="2246" height="227" data-path="images/dashboard/new/data_protection/secure_data_transfer.png" />
</Frame>

### Secure Data Transmission

When secure data transmission option is activated, all data transmission between ARGOS and customers is encrypted.

| Setting                      | Description                                                                       |
| ---------------------------- | --------------------------------------------------------------------------------- |
| **Secure Data Transmission** | Encrypts and transmits data in API methods (GET, POST, PATCH, etc.) and webhooks. |

<Warning>
  **Important: Encryption/Decryption Required**

  When secure data transmission option is activated, all API request (Request) and response (Response) data must be encrypted/decrypted. Errors occur if requests are made with unencrypted data.
</Warning>

### API Request Data Encryption

When secure data transmission is activated, Request Body must be encrypted when making API requests.

**Encryption Methods:**

* **API Requests (GET, POST, PATCH)**: AES-256-ECB method
* **Webhook Data**: AES-256-CBC method

**Request Example:**

```javascript theme={null}
// POST /submission request example
const requestData = {
  email: "user@example.com",
  fullName: "John Doe",
  issuingCountry: "USA",
  birthDate: "1990-01-01"
};

// Encrypt data
const encryptedBody = encryptECB(requestData, apiKey);

// Send encrypted data as body
fetch('https://rest-api.argosidentity.com/v3/submission', {
  method: 'POST',
  headers: {
    'x-api-key': apiKey,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    body: encryptedBody
  })
});
```

### API Response Data Decryption

When secure data transmission is activated, API responses are also encrypted, so decryption is required.

**Response Format:**

```json theme={null}
{
  "data": "encrypted-string",
  "isEncrypted": true
}
```

**Decryption Example:**

```javascript theme={null}
// Response processing
const response = await fetch('https://rest-api.argosidentity.com/v3/submission/{submissionId}', {
  headers: {
    'x-api-key': apiKey
  }
});

const responseData = await response.json();

if (responseData.isEncrypted) {
  // Decrypt encrypted data
  const decryptedData = decryptECB(responseData.data, apiKey);
  const submission = JSON.parse(decryptedData);
  console.log(submission);
} else {
  // Unencrypted case (generally does not occur)
  console.log(responseData);
}
```

### Webhook Data Encryption/Decryption

Webhook data is encrypted using AES-256-CBC method.

<Card title="Encryption Guide" icon="lock" href="/en/idcheck/getting-started/encrypt-and-decrypt-data/overview#4-secure-data-transmission-option">
  Learn webhook data encryption/decryption methods in detail.
</Card>

***

## Configuration Guide by Scenario

<AccordionGroup>
  <Accordion title="Scenario 1: Selective Encryption Usage" icon="key">
    When selecting encryption algorithm and encrypting only some Query Strings.

    **Configuration:**

    * Encryption Algorithm: Select ECB or GCM
    * Encryption Key: Select API KEY or dedicated key
    * Encryption-only Mode: Deactivated

    **Usage Example:**

    ```
    https://form.argosidentity.com?pid={project_Id}&email=user@example.com&encrypted={encrypted_token_data}
    ```

    In this case, `email` is a normal parameter, and sensitive information such as `token` is encrypted and included in the `encrypted` parameter.
  </Accordion>

  <Accordion title="Scenario 2: Full Encryption Usage (Encryption-only Mode)" icon="lock">
    When encrypting and using all Query String parameters.

    **Configuration:**

    * Encryption Algorithm: Select ECB or GCM
    * Encryption Key: Select API KEY or dedicated key
    * Encryption-only Mode: Activated

    **Usage Example:**

    ```
    https://form.argosidentity.com?pid={project_Id}&encrypted={all_parameters_encrypted_data}&lang=ko
    ```

    In this case, all parameters except `pid`, `lang` must be encrypted and included in the `encrypted` parameter.
  </Accordion>

  <Accordion title="Scenario 3: API Data Transmission Security Enhancement" icon="shield-check">
    When strengthening security for data transmission via API.

    **Configuration:**

    * Secure Data Transmission: Activated

    **Required Tasks:**

    * Encrypt all API requests (Request Body)
    * Decrypt all API responses (Response Body)
    * Decrypt webhook received data

    <Warning>
      When secure data transmission is activated, all API communication is encrypted, so encryption/decryption logic must be implemented on the client side.
    </Warning>
  </Accordion>
</AccordionGroup>

***

## Related Documentation

<CardGroup cols={2}>
  <Card title="Access Control" icon="user-shield" href="/dashboard/en/project-management/security-settings/access-control">
    View private mode and Token ID management settings.
  </Card>

  <Card title="Encryption Guide" icon="lock" href="/en/idcheck/getting-started/encrypt-and-decrypt-data/overview">
    View detailed encryption/decryption methods and code examples.
  </Card>

  <Card title="Query String Guide" icon="link" href="/en/idcheck/getting-started/liveform-url/querystring-and-token-guide">
    Learn how to use Query String parameters.
  </Card>

  <Card title="API Reference" icon="code" href="/en/idcheck/api-reference/api-reference-guide/overview">
    Learn how to use APIs.
  </Card>
</CardGroup>
