Braze

Overview#

The Braze connector proxies Braze REST API calls through QuantaSeal's ML-KEM-768 + AES-256-GCM encryption layer. REST API keys are sealed in QuantaVault. Supports user tracking, campaign delivery, subscription management, and user data export/deletion for GDPR compliance.

Prerequisites#

• 1A Braze account with a workspace
• 2A Braze REST API key from Settings → API Keys (with the required permissions)
• 3Your Braze data centre base URL (US-01 through US-06, EU-01, AU-01)

Configuration#

Follow these steps to connect Braze to QuantaSeal. You can configure integrations via the Admin Console or directly via the API.

1. 1

   In Braze Dashboard → Settings → API Keys, create a REST API key with the permissions your integration needs.

2. 2

   Identify your data centre URL: US-01 is https://rest.iad-01.braze.com (default), EU-01 is https://rest.fra-01.braze.eu.

3. 3

   Seal: POST /api/v2/vault/seal with credential_type: api_key.

4. 4

   Create integration: POST /api/v2/integrations with system_type: braze, config: {base_url: 'https://rest.iad-01.braze.com'}.

5. 5

   Set allowed_operations to the Braze operations your application needs.

Authentication Types#

Seal the Braze REST API key as api_key. The base URL must match your workspace data centre (e.g. https://rest.iad-01.braze.com for US-01).

All credential types are sealed in QuantaVault with ML-KEM-768 + AES-256-GCM and wrapped by your tenant AWS KMS CMK before storage. See the Vault API reference for the full list of credential types and seal/unseal endpoints.

Available Operations#

QuantaSeal enforces a default-deny operation policy. Only operations listed in your integration's allowed_operations array will be permitted. Add operations when creating or updating the integration.

Code Example#

Every proxy call returns a HybridCryptoEnvelope - the response is ML-KEM-768 key-encapsulated, AES-256-GCM encrypted, and signed with ML-DSA-65 + HMAC-SHA-512. Verify both signatures before trusting the decrypted payload.

curl -X POST https://api.quantaseal.io/api/v2/proxy/outbound \
  -H "X-API-Key: qs_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "integration_id": "int_BRAZE001",
    "operation": "track_users",
    "payload": {
      "attributes": [{
        "external_id": "user-12345",
        "email": "alice@acme.com",
        "subscription_tier": "professional",
        "quantum_safe_enrolled": true
      }]
    }
  }'

# Response - HybridCryptoEnvelope (Braze response encrypted with ML-KEM-768)
{
  "success": true,
  "encrypted": {
    "ciphertext_kem":  "<base64 - 1088 bytes ML-KEM-768>",
    "ciphertext_data": "<base64 - AES-256-GCM encrypted Braze API response>",
    "nonce":           "<base64 - 12 bytes>",
    "tenant_id":       "ten_01HZ9X2K4MNPQR5STUVWXYZ00",
    "algorithm":       "ML-KEM-768"
  },
  "signature": {
    "pqc_signature":  "<base64 - ~3309 bytes ML-DSA-65>",
    "hmac_signature": "<base64 - 64 bytes HMAC-SHA-512>",
    "algorithm":      "ML-DSA-65+HMAC-SHA-512"
  },
  "audit_event_id": "aud_01HZ9XBRAZE001"
}

Troubleshooting#