TLS terminates at your CDN, load balancer, or WAF. After that point, request and response bodies are plaintexts. Cloudflare, AWS ALB, GCP -- they can all read your API payloads. For most production APIs, this is the reality.

hpke-http adds RFC 9180 HPKE encryption on top of TLS. It's a drop-in middleware for FastAPI (server) and aiohttp/httpx (client). Zero application code changes:

  app.add_middleware(HPKEMiddleware, private_keys={...}, psk_resolver=resolve_psk)

That's it. Your existing routes, request.json(), return values -- all unchanged. Bodies are encrypted end-to-end between client and origin server.

What it does: encrypts/decrypts request and response bodies using X25519 + HKDF-SHA256 + ChaCha20-Poly1305. PSK mode binds each request to an API key. Counter-based nonces prevent replay attacks. SSE streaming and file uploads work with O(chunk_size) memory. Optional zstd compression before encryption.

What it does NOT do: encrypt URLs, headers, query params, or status codes. Those remain visible to intermediaries. This is not a replacement for TLS -- it's a layer on top.

Cipher suite is a single opinionated choice (no algorithm negotiation), validated against official CFRG test vectors and Wycheproof. 10K lines of library, 14K lines of tests including property-based fuzzing and statistical randomness verification.

We looked for an open-source, standards-based HTTP body encryption middleware and couldn't find one, so we built it. Apache-2.0.

https://github.com/dualeai/hpke-http