Get Employee Details

curl --request POST \ --url https://{env}.tartanhq.com/api/external/employee/ \ --header 'Authorization: Basic <encoded-value>' \ --header 'Content-Type: application/json' \ --data ' { "encrypted_payload": "eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0...." } '

{ "requestId": "f6e80421-3901-4132-85c0-7bcdc1236ce9", "message": "success", "status_code": "success", "status": 200, "data": "eyJfdfasdfasdfasdfaIjoiQUl6YVN5QmJHc0t3bVZ6SUU5a2VnPT0iLCJkYXRhIjoiU2FtcGxlIEVuY3J5cHRlZCBTdHJpbmcifQ==" }

Authorizations

Authorization

string

header

required

Create a Basic Auth token by base64-encoding username:password

Body

application/json

encrypted_payload

string

required

JWE Compact Serialization string containing a signed payload.

Encryption Flow:

Construct payload using EmployeeEncryptedPayload schema
Convert payload to JSON string and sign it as a JWT (JWS) using RS256 with the client’s private key (alg: RS256, typ: JWT)
Encrypt the signed JWT using JWE:

alg: RSA-OAEP-256
enc: A256GCM
key: Tartan public key

Send the result as a compact JWE string

JWE Format: <protected-header>.<encrypted-key>.<iv>.<ciphertext>.<auth-tag>

Example header:

{
  "alg": "RSA-OAEP-256",
  "enc": "A256GCM",
  "cty": "JWT"
}

Decryption & Validation (Server-side):

Decrypt using Tartan private key
Extract signed JWT (JWS)
Verify signature using client public key
Extract and validate original payload

Example:

"eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0...."

Response

Employee details retrieved successfully

requestId

string

Example:

"f6e80421-3901-4132-85c0-7bcdc1236ce9"

message

string

Example:

"success"

status_code

string

Example:

"success"

status

integer

Example:

200

data

string

Example:

"eyJfdfasdfasdfasdfaIjoiQUl6YVN5QmJHc0t3bVZ6SUU5a2VnPT0iLCJkYXRhIjoiU2FtcGxlIEVuY3J5cHRlZCBTdHJpbmcifQ=="

Documentation Index

Authorizations

Body

Response