SDK Overview
Qpher provides official SDKs for three languages. Each SDK is a thin wrapper around the Qpher REST API — all cryptographic operations happen server-side inside Qpher's secure enclave. The SDKs handle authentication, serialization, retries, and error mapping so you can integrate post-quantum cryptography in minutes.
Design Philosophy
Qpher SDKs follow a strict set of principles:
- No client-side cryptography. Private keys never leave Qpher's infrastructure. The SDK sends your data over TLS to the API, where PQC operations are performed in a secure enclave. There is nothing to compile, no native dependencies, and no side-channel risk on your machines.
- HTTP client under the hood. Every SDK method maps directly to a single REST API call. There is no hidden state, no local caching of keys, and no background threads. If you already have an HTTP client you prefer, you can call the REST API directly.
- Consistent across languages. Method names, parameter shapes, and error codes are the same in Python, Node.js, and Go. Code examples in one language translate naturally to the others.
Available SDKs
pip install qpher| Language | Package | Registry | Min Version | Reference |
|---|---|---|---|---|
| Python | qpher | PyPI | Python 3.9+ | Python SDK |
| Node.js | @qpher/sdk | npm | Node 18+ | Node.js SDK |
| Go | github.com/qpher/qpher-go | Go Modules | Go 1.21+ | Go SDK |
Features
Every Qpher SDK includes the following capabilities out of the box:
Authentication
Pass your API key once when you create the client. The SDK attaches it as the X-API-Key header on every request. No manual header management required.
KEM Encryption and Decryption
Encrypt arbitrary data with Kyber768 (ML-KEM-768) and decrypt it later. The SDK accepts raw bytes and returns raw bytes — base64 encoding for the wire format is handled automatically.
Digital Signatures
Sign messages with Dilithium3 (ML-DSA-65) and verify signatures. Signatures are returned as bytes; encoding and decoding happen transparently.
Key Management
Generate new key pairs, list keys, retrieve the currently active key or a specific version, rotate to a new key version, and retire old versions — all through the SDK.
Typed Errors
Every SDK defines a dedicated error class (QpherError in Python and Node.js, qpher.Error in Go) with structured fields:
| Field | Description |
|---|---|
error_code | Machine-readable code such as ERR_AUTH_001 or ERR_KEM_005 |
message | Human-readable description of the problem |
status_code | HTTP status code from the API |
request_id | UUID for the request, useful when contacting support |
Automatic Base64 Encoding
PQC ciphertexts and signatures are binary data. The SDK automatically base64-encodes outgoing binary fields and base64-decodes incoming fields so you work with native byte types in your language.
Retries with Backoff
Transient failures (HTTP 429, 502, 503, 504) are retried automatically with exponential backoff. You can configure max_retries (default: 3) and timeout (default: 30 seconds) when creating the client.
Request ID Propagation
Every response includes a request_id. If you supply your own X-Request-ID header, the SDK forwards it for end-to-end tracing through Qpher's infrastructure.
Quick Comparison
from qpher import Qpher
client = Qpher(api_key="qph_your_key_here")result = client.kem.encrypt(plaintext=b"sensitive data", key_version=1)
print(result.ciphertext) # bytesNext Steps
- Python SDK Reference — full API, error handling, and examples
- Node.js SDK Reference — TypeScript types and async patterns
- Go SDK Reference — context-based API and error unwrapping
- REST API Reference — raw HTTP and cURL for any language
Pick the language your backend is written in. All three SDKs have feature parity. If your stack is not Python, Node.js, or Go, use the REST API directly — every SDK operation maps to a single HTTP call.