Last updated: 2019-09-09 21:26:45


1. API Description

API domain name:

This API generates a key designed for encrypting local data.

API request rate limit: 100 requests/sec.

2. Input Parameters

The list below contains only the API request parameters and certain common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter name Required Type Description
Action Yes String Common parameter. The value used for this API: GenerateDataKey
Version Yes String Common parameter. The version of this API: 2019-01-18
Region Yes String Common parameter. For more information, see the List of Regions supported by the product.
KeyId Yes String Globally unique ID of the CMK
KeySpec No String Specifies the encryption algorithm and the size of the DataKey generated. The encryption algorithm generally is AES_128 or, by default, AES_256.
NumberOfBytes No Integer Length of the generated DataKey. If both NumberOfBytes and KeySpec are specified, NumberOfBytes prevails. Minimum value: 1; maximum value: 1,024
DestinationEncryptionContext No String key-value pair JSON string for re-encryption. To use this field, you should fill the same string when decrypting the returned new ciphertext.

3. Output Parameters

Parameter name Type Description
KeyId String Globally unique ID of the CMK
Plaintext String Base64-encoded plaintext of the generated DataKey. You need to Base64-decode it to get the plaintext
CiphertextBlob String Encrypted DataKey ciphertext. You should keep it private
RequestId String Unique ID of the request. Each request returns a unique ID. The RequestId is required to troubleshoot issues.

4. Examples

Example 1. Generating a Data Key

Generate a data key using the specified CMK.

Input Sample Code
&<Common request parameter>

Output Sample Code

  "Response": {
    "RequestId": "fe11aa29-0cc2-4204-bfea-6ebb30cc00d7",
    "KeyId": "9999aed0-4956-11e9-bc70-5254005e86b4",
    "Plaintext": "uW9wqntw+FAgnfsIrxOpOA==",
    "CiphertextBlob": "g2F8eQk44QrTbfj09TL17AZyFPgs8BTtZe2j27Wuw1YzTBCxnd0T/gwFQSasmtzxZi6mmvD7DCjCE+LxJmdhXQ==-k-fKVP3WIlGpg8m9LMW4jEkQ==-k-h/nUfRbaTUY7/KWXwuSK1Py+ZFRTK5WQiUz6yQE5XBFUN3UwPOUbl8P3A3caow2rlqTjUw=="

5. Developer Resources

API Explorer

This tool makes it easy for you to call Tencent Cloud APIs, authenticate signature, generate SDK codes, and search for APIs.


TencentCloud API 3.0 integrates software development toolkits (SDKs) for various programming languages, facilitating API calls.


6. Error Codes

The following only lists the error codes related to this API. For other error codes, see Common Error Codes.

Error Code Description
InternalError Internal error.
InvalidParameter Incorrect parameter.
InvalidParameterValue.InvalidKeyId Invalid KeyId.
ResourceUnavailable.CmkDisabled The CMK has been disabled.
ResourceUnavailable.CmkNotFound The CMK does not exist.
UnauthorizedOperation Unauthorized operation.