# Client vaulting

## Endpoints

### POST /users/{fp_id}/client_token
**Create a client vaulting token**

Create a short-lived token safe to pass to your client for operations to vault or decrypt data for this user. This API is often used in combination with the [Footprint Form SDK](/articles/embedded-components/getting-started).

### PATCH /users/vault
**Update the vault**

Updates data in a vault given a short-lived, entity-scoped client token. The client token must have access to vault the provided data.

### POST /users/vault/validate
**Validate a vault data update**

Checks if provided data is valid before adding it to the vault given a short-lived client token. Returns an HTTP 200 if there are no validation errors, or HTTP 400 with context describing validation errors if any.

### POST /users/vault/decrypt
**Decrypt data from the vault**

Decrypts the specified list of fields given a short-lived client token. The client token must have access to decrypt the requested data.

### GET /users/vault/decrypt/{token}
**Download a file stored in the vault**

Decrypts and downloads the single piece of data from the user's vault as specified by the provided token.

### POST /users/vault/{identifier}/upload
**Upload a large file to the vault**

Upload a large file to the user's vault under the provided Data Identifier. The contents of the provided Data Identifier will be set to the contents of the provided HTTP request body.

# Client vaulting

In combination with Footprint's [Form SDK](/articles/embedded-components/getting-started), you can both render and collect additional information from your users securely and compliantly.

You can create a short-lived token from your backend that gives temporary permission to vault and/or decrypt data from your client. Simply pass this token into the Footprint Form SDK and it takes care of the rest.