Quickstart Guide
Go from zero to quantum-safe encryption in under 5 minutes. By the end of this guide, you will have encrypted and decrypted your first message using Qpher's Kyber768 (ML-KEM-768) API.
Prerequisites
- A Qpher account (create one here)
- An API key from your dashboard
- A tool to make HTTP requests (cURL, Python, Node.js, or Go)
Step 1: Create Your Account
Visit portal.qpher.ai/register and sign up. The Free plan includes 1,000 PQC operations per month -- more than enough to get started.
After verifying your email, you will land on your dashboard.
Step 2: Get Your API Key
From the dashboard, navigate to Settings > API Keys and create a new key.
Copy the key value -- it starts with qph_ and will only be shown once.
Your API key is displayed only at creation time. Store it in a secrets manager or environment variable. Never commit API keys to source control.
export QPHER_API_KEY="qph_your_key_here"
Step 3: Generate a PQC Key
Before encrypting data, generate a Kyber768 key pair. Qpher creates and stores the key pair for you -- the private key never leaves our infrastructure.
curl -X POST https://api.qpher.ai/api/v1/kms/keys/generate \
-H "X-API-Key: qph_your_key_here" \
-H "Content-Type: application/json" \
-d '{"algorithm": "Kyber768"}'The response includes the key_version (starting at 1) and the public_key.
You will use the key_version in every subsequent operation.
{
"data": {
"algorithm": "Kyber768",
"key_version": 1,
"status": "active",
"public_key": "base64-encoded-public-key..."
},
"request_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"timestamp": "2026-01-15T10:30:00Z"
}
Step 4: Encrypt Your First Message
Now encrypt a message. Pass your plaintext as a base64-encoded string along with
the key_version from the previous step.
curl -X POST https://api.qpher.ai/api/v1/kem/encrypt \
-H "X-API-Key: qph_your_key_here" \
-H "Content-Type: application/json" \
-d '{"plaintext": "SGVsbG8gUXVhbnR1bSBXb3JsZCE=", "key_version": 1}'The response contains the ciphertext and the key_version used. Save both --
you will need them for decryption.
{
"data": {
"ciphertext": "base64-encoded-ciphertext...",
"key_version": 1,
"algorithm": "Kyber768"
},
"request_id": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"timestamp": "2026-01-15T10:30:05Z"
}
The ciphertext is a single base64-encoded blob that contains the KEM ciphertext, a nonce, the AES-256-GCM encrypted data, and an authentication tag. You do not need to parse or manage these components -- just store and pass it back to decrypt.
Step 5: Decrypt the Message
To decrypt, send the ciphertext and the same key_version back to the decrypt endpoint.
curl -X POST https://api.qpher.ai/api/v1/kem/decrypt \
-H "X-API-Key: qph_your_key_here" \
-H "Content-Type: application/json" \
-d '{"ciphertext": "YOUR_CIPHERTEXT_FROM_STEP_4", "key_version": 1}'{
"data": {
"plaintext": "SGVsbG8gUXVhbnR1bSBXb3JsZCE=",
"key_version": 1,
"algorithm": "Kyber768"
},
"request_id": "c3d4e5f6-a7b8-9012-cdef-123456789012",
"timestamp": "2026-01-15T10:30:10Z"
}
Base64-decode the plaintext field to get your original message: Hello Quantum World!
Congratulations -- you have just performed quantum-resistant encryption and decryption.
What's Next?
Now that you have made your first PQC API calls, explore more of what Qpher offers:
- Core Concepts -- Understand tenants, key versioning, and the hybrid encryption scheme
- Authentication -- Learn about the auth pipeline and security best practices
- Encrypt Data Guide -- Deep dive into encryption patterns and options
- Digital Signatures Guide -- Sign and verify documents with Dilithium3
- Key Management Guide -- Generate, rotate, and manage PQC keys
- API Reference -- Full endpoint documentation with request/response schemas
- Python SDK -- Use our official Python client library for a simpler integration