> For the complete documentation index, see [llms.txt](https://exequantum.gitbook.io/exequantum-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://exequantum.gitbook.io/exequantum-docs/documentations/quickstart.md).

# Implementation

## Implementation Guide

### Overview

The ExeQuantum API provides enterprise-grade access to NIST-standardized post-quantum algorithms, including:

* **ML-KEM (Key Encapsulation Mechanism)** - the NIST-selected standard for establishing shared secrets.
* **ML-DSA (Digital Signature Algorithm)** - the NIST-selected standard for authentication and integrity.

Together, these algorithms enable organizations to establish quantum-safe channels for end-to-end communication, TLS, and data integrity, without needing to build or maintain cryptographic primitives in-house.

***

### Security Model

ExeQuantum never stores your private keys, shared secrets, or signatures.&#x20;

API tokens provide secure, authenticated access. Permanent root tokens should be kept in trusted environments, while temporary tokens are recommended for client-facing or short-lived sessions.

All API endpoints are accessible across programming languages; code samples are provided in Python for clarity.

### Deployment Options

ExeQuantum’s PQCaaS can be integrated flexibly depending on sovereignty and compliance requirements:

* **On-Premise / Local Partner Cloud** - API hosted within your infrastructure or by a certified national partner.
* **ExeQuantum Cloud** - secure, managed hosting by ExeQuantum.
* **Hybrid** - client-controlled key storage with ExeQuantum orchestration.

<figure><img src="/files/rbpi3hdroidCMDFTZUth" alt=""><figcaption><p>API dashboard</p></figcaption></figure>

You can also copy it without showing it, if you need extra privacy.

It is highly recommended that you only use this token from secure environments, and only use temporary (ideally single use) tokens when making calls from more exposed environments like frontend. Steps to generate a temporary tokens will be described later in this documentation.

Below that, you'll see the dashboard that shows your API usage for the month. Keep an eye on it to track your usage.

<figure><img src="/files/XXgA2BiHshfIVCtPGW9j" alt=""><figcaption><p>Usage metric and cost</p></figcaption></figure>

### Implementation Steps

#### Step 0 - Generate Temporary Token (Recommended)

Temporary tokens reduce exposure of your root API key and are best practice for frontend or client-exposed environments.

```
import requests

response = requests.get(
    'https://api.exequantum.com/api/token/new',
    headers={'Authorization': 'bearer ' + AUTH_TOKEN}
)
temp_token = response.json()['new_token']
headers = {'Authorization': 'bearer ' + temp_token}
```

#### ML-KEM - Establishing Shared Secrets

**A. Generate Key Pair (Initiator):**

```
headers = {'Authorization': 'Bearer ' + AUTH_TOKEN}

response = requests.get(
    'https://api.exequantum.com/api/kem/generate_keys',
    headers=headers
)
keys = response.json()

public_key = keys['pk']
secret_key = keys['sk']
verification_key = keys['verification_key']
signature = keys['signature']
```

**B. Encapsulate Shared Secret (Responder):**

```
body = {
    'pk': public_key,
    'verification_key': verification_key,
    'signature': signature
}
response = requests.post(
    'https://api.exequantum.com/api/kem/encapsulate_key',
    headers=headers,
    json=body
)
enc = response.json()
cipher = enc['cipher']
shared_secret = enc['shared_key']
```

**C. Decapsulate Shared Secret (Initiator):**

```
body = {
    'cipher': cipher,
    'sk': secret_key
}
response = requests.post(
    'https://api.exequantum.com/api/kem/decapsulate_key',
    headers=headers,
    json=body
)
dec = response.json()
shared_secret = dec['shared_key']
```

Both parties now share the same quantum-safe secret for symmetric encryption (e.g., AES-256).

#### Optional - AES via API

ExeQuantum provides AES-256 encryption/decryption endpoints for convenience.

#### AES-256 - Step 1 (By encryptor): <a href="#ml-kem---step-e-by-decryptor" id="ml-kem---step-e-by-decryptor"></a>

```
body = {
    'unencrypted': 'hello world',
    'key': shared_secret
}
response = requests.post(
    'https://api.exequantum.com/api/aes/encrypt_text',
    headers=headers,
    json=body
)
encrypted_message = response.json()
```

#### AES-256 - Step 2 (By decryptor): <a href="#ml-kem---step-e-by-decryptor" id="ml-kem---step-e-by-decryptor"></a>

```
body = {
    'ciphertext': encrypted_message,
    'key': shared_secret
}
response = requests.post(
    'https://api.exequantum.com/api/aes/decrypt_text',
    headers=headers,
    json=body
)
decrypted_message = response.json()

print("Decrypted message:", decrypted_message)
```

#### ML-DSA - Digital Signatures

**A. Sign Data:**

```
body = 
    'data': data
}
response = requests.post(
    'https://api.exequantum.com/api/signature/sign',
    headers=headers,
    json=body
)

data = response.json()

pk = data['pk']
sk = data['sk']
signature = data['signature']
```

**B. Verify Data:**

```
body = {
    'data': data,
    'pk': pk,
    'signature': signature
}
response = requests.post(
    'https://api.exequantum.com/api/signature/verify',
    headers=headers,
    json=body
)

data = response.json()

verified = data['verified']
```

* Contact us for enterprise licensing, on-prem deployments, or source code handover.

***

### Next Steps

* [Request a Demo](https://calendly.com/samuel-exequantum/30min)
* [Download the STAC White Paper](https://cdn.prod.website-files.com/6894247081dee0c35feb7f96/68a17022dfe3241d0aa3ff4c_Technical%20STAC%20Paper.pdf)
* [Contact Us](https://airtable.com/appvPTvZQLiu7j7fx/pagmVzWN3xXCFa1zw/form)

###

{% openapi src="/files/Cr71hzs1yBGC136kcRtL" path="/api/token/new" method="get" %}
[openapi.json](https://1251611773-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTe8j79lU2v2SHbz2aT2P%2Fuploads%2FHRuF3zHp9EK2RzVOGdoa%2Fopenapi.json?alt=media\&token=85bb12a6-8ce1-45d9-b996-90176c8a52ad)
{% endopenapi %}

{% openapi src="/files/Cr71hzs1yBGC136kcRtL" path="/api/kem/generate\_keys" method="get" %}
[openapi.json](https://1251611773-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTe8j79lU2v2SHbz2aT2P%2Fuploads%2FHRuF3zHp9EK2RzVOGdoa%2Fopenapi.json?alt=media\&token=85bb12a6-8ce1-45d9-b996-90176c8a52ad)
{% endopenapi %}

{% openapi src="/files/Cr71hzs1yBGC136kcRtL" path="/api/kem/encapsulate\_key" method="post" %}
[openapi.json](https://1251611773-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTe8j79lU2v2SHbz2aT2P%2Fuploads%2FHRuF3zHp9EK2RzVOGdoa%2Fopenapi.json?alt=media\&token=85bb12a6-8ce1-45d9-b996-90176c8a52ad)
{% endopenapi %}

{% openapi src="/files/Cr71hzs1yBGC136kcRtL" path="/api/kem/decapsulate\_key" method="post" %}
[openapi.json](https://1251611773-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTe8j79lU2v2SHbz2aT2P%2Fuploads%2FHRuF3zHp9EK2RzVOGdoa%2Fopenapi.json?alt=media\&token=85bb12a6-8ce1-45d9-b996-90176c8a52ad)
{% endopenapi %}

{% openapi src="/files/Cr71hzs1yBGC136kcRtL" path="/api/signature/sign" method="post" %}
[openapi.json](https://1251611773-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTe8j79lU2v2SHbz2aT2P%2Fuploads%2FHRuF3zHp9EK2RzVOGdoa%2Fopenapi.json?alt=media\&token=85bb12a6-8ce1-45d9-b996-90176c8a52ad)
{% endopenapi %}

{% openapi src="/files/Cr71hzs1yBGC136kcRtL" path="/api/signature/verify" method="post" %}
[openapi.json](https://1251611773-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTe8j79lU2v2SHbz2aT2P%2Fuploads%2FHRuF3zHp9EK2RzVOGdoa%2Fopenapi.json?alt=media\&token=85bb12a6-8ce1-45d9-b996-90176c8a52ad)
{% endopenapi %}

{% openapi src="/files/Cr71hzs1yBGC136kcRtL" path="/api/aes/encrypt\_text" method="post" %}
[openapi.json](https://1251611773-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTe8j79lU2v2SHbz2aT2P%2Fuploads%2FHRuF3zHp9EK2RzVOGdoa%2Fopenapi.json?alt=media\&token=85bb12a6-8ce1-45d9-b996-90176c8a52ad)
{% endopenapi %}

{% openapi src="/files/Cr71hzs1yBGC136kcRtL" path="/api/aes/decrypt\_text" method="post" %}
[openapi.json](https://1251611773-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTe8j79lU2v2SHbz2aT2P%2Fuploads%2FHRuF3zHp9EK2RzVOGdoa%2Fopenapi.json?alt=media\&token=85bb12a6-8ce1-45d9-b996-90176c8a52ad)
{% endopenapi %}
