ChaCha20-Poly1305 strength, invisible glyph output, signed provenance. This is the minimal path to wrap your API responses and requests with TreeChain encryption in about 10 minutes.
Quickstart (What You'll Build)
You'll call TreeChain's API to encrypt a JSON payload, receive a glyph-encoded string with a signed provenance envelope, store it as UTF-8, and later verify & decrypt. No schema changes needed—glyphs are valid UTF-8 text.
Setup Keys
- Request an API key from hello@treechain.ai or the dashboard
- Save your
TC_API_KEY(starts withtc_) - Set environment variables—never commit keys to source control
# .env
TC_API_KEY=tc_your_api_key_here
TC_BASE_URL=https://glyphjammer-api-sdk.onrender.comcURL Examples
Encrypt
curl -X POST "$TC_BASE_URL/v1/encrypt" \
-H "X-API-Key: $TC_API_KEY" \
-H "Content-Type: application/json" \
-d '{"plaintext": "hello world"}'Response:
{
"ciphertext": "gs_54281f44195bbb7f030435bf7ef7924d",
"glyph": "Ʀɑ✆⤫Ꭵ☤☫∑ḅ𝟓Ж☬❺⁹ē🜄ʂƵ§☈🜙💞💕œ⁰₡#ς☟➒☗🜋➏🜍❕⁵₈☔ɟ",
"meta": {
"emotion": "love",
"shield_id": "gs_54281f44195bbb7f030435bf7ef7924d"
}
}Decrypt
curl -X POST "$TC_BASE_URL/v1/decrypt" \
-H "X-API-Key: $TC_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"ciphertext": "gs_54281f44195bbb7f030435bf7ef7924d",
"glyph": "Ʀɑ✆⤫Ꭵ☤☫∑ḅ𝟓Ж☬❺⁹ē🜄ʂƵ§☈🜙💞💕œ⁰₡#ς☟➒☗🜋➏🜍❕⁵₈☔ɟ"
}'Response:
{
"plaintext": "hello world",
"meta": {}
}Node/Express Middleware
Minimal interceptor that encrypts JSON responses under /api/secure/*:
import express from "express";
const app = express();
app.use(express.json());
const { TC_API_KEY, TC_BASE_URL } = process.env;
async function treechainEncrypt(plaintext, emotion = "love") {
const res = await fetch(`${TC_BASE_URL}/v1/encrypt`, {
method: "POST",
headers: {
"X-API-Key": TC_API_KEY,
"Content-Type": "application/json"
},
body: JSON.stringify({
plaintext: JSON.stringify(plaintext),
context: { emotion }
})
});
if (!res.ok) throw new Error(`TreeChain: ${res.status}`);
return res.json();
}
app.use("/api/secure", async (req, res, next) => {
const originalJson = res.json.bind(res);
res.json = async (body) => {
try {
const encrypted = await treechainEncrypt(body);
return originalJson(encrypted);
} catch (e) {
console.error(e);
return res.status(502).json({ error: "encryption_failed" });
}
};
next();
});
app.get("/api/secure/patient/:id", (req, res) => {
res.json({ id: req.params.id, status: "ok", notes: "PHI" });
});
app.listen(3000);glyph string (UTF-8) and ciphertext ID. To read, call decrypt with both values.Python FastAPI Client
from fastapi import FastAPI
import httpx, os
TC_BASE = os.getenv("TC_BASE_URL")
TC_KEY = os.getenv("TC_API_KEY")
app = FastAPI()
async def tc_decrypt(ciphertext: str, glyph: str):
async with httpx.AsyncClient(timeout=10) as c:
r = await c.post(
f"{TC_BASE}/v1/decrypt",
headers={"X-API-Key": TC_KEY},
json={"ciphertext": ciphertext, "glyph": glyph}
)
r.raise_for_status()
return r.json()["plaintext"]
@app.post("/read")
async def read_item(body: dict):
plaintext = await tc_decrypt(body["ciphertext"], body["glyph"])
return {"verified": True, "payload": plaintext}Provenance Envelope
Every encrypted object includes metadata for audit, consent, and verification—no secrets exposed:
{
"ciphertext": "gs_...", // Shield ID for lookup
"glyph": "Ʀɑ✆⤫Ꭵ☤...", // UTF-8 encoded payload
"meta": {
"emotion": "love", // Philosopher palette used
"shield_id": "gs_...", // Matches ciphertext
"timestamp": "2025-12-28T...", // When encrypted
"version": "1.0" // API version
}
}Store the full response. The glyph is your encrypted data; ciphertext is the lookup key for decryption.
Security Notes
- Defense-in-depth: Keep TLS + auth as-is; TreeChain handles payload encryption + lineage
- Key management: Store API keys in environment variables or secrets manager—never in code
- Encryption: ChaCha20-Poly1305 (RFC 8439) with independent glyph key—same cipher as Signal, WireGuard, TLS 1.3
- Minimize plaintext: Avoid logging raw payloads; log only metadata and shield IDs
- 133,387 glyphs: Output uses the full Unicode glyph bank across 8 emotional palettes
Errors & Retries
401 unauthorized: Invalid or missing API key422 validation_error: Malformed request body5xx upstream: Use exponential backoff with jitter; do not re-log plaintext on failure
// Retry strategy
retry(max=4, base=150ms, jitter=true) on 429, 502, 503, 504FAQs
How long does integration take?
Basic integration takes about 10 minutes. Add environment variables, wrap endpoints with encrypt/decrypt calls, and test the round-trip.
Do I need to change my database schema?
No. Glyph output is valid UTF-8 text. Any field that accepts strings can store encrypted payloads without modification.
Is this compatible with my existing auth?
Yes. TreeChain handles payload-layer encryption. Keep your TLS, JWT, OAuth, or other auth layers as-is.
What databases are supported?
TreeChain provides SDKs for 12 databases: MongoDB, PostgreSQL, MySQL, SQLite, Redis, SQLAlchemy, Firestore, Supabase, DynamoDB, Elasticsearch, Prisma, and Django ORM.
Take the Break This Challenge
Prove you can crack TreeChain encryption and claim the 100,000 TREE bounty.
See the Cryptographic Proofs
NIST-based statistical tests running against live production servers.