Skip to main content

Codec Server

A Codec Server is an HTTP/HTTPS server that you host and operate. It runs your Payload Codec logic to encode and decode Payloads on behalf of the Temporal CLI and Web UI. The Codec Server is independent of the Temporal Service. Encryption keys and codec logic remain in your environment.

For setup instructions, see Codec Server setup.

Why use a Codec Server

When you apply a custom Payload Codec for encryption or compression, data stored in the Temporal Service is encoded. The Temporal Service never has access to your encryption keys, so it cannot decode this data. Without a Codec Server, the Web UI and CLI display raw encoded payloads.

A Codec Server solves this by giving the Web UI and CLI a way to decode payloads on demand, without exposing keys to the Temporal Service. Common reasons to run a Codec Server include:

  • Debugging Workflows. View decoded Workflow inputs, outputs, and Event History in the Web UI instead of reading base64-encoded or encrypted blobs.
  • Operating from the CLI. Use commands like temporal workflow show and temporal workflow execute with readable data, even when payloads are encrypted at rest.
  • Encoding inputs from the UI and CLI. When you start or signal a Workflow from the Web UI or CLI, the Codec Server can encode the input before it reaches the Temporal Service, so sensitive data is never sent in plaintext.
  • Compliance and access control. Because the Codec Server runs in your environment, you control who can decode payloads and under what conditions. You can layer authorization on top of the decode endpoint to restrict access per user or per Namespace.

How a Codec Server works

A Codec Server follows the Temporal Codec Server Protocol. It exposes two HTTP POST endpoints:

  • /encode accepts plaintext payloads and returns encoded payloads. Used for sending payloads.
  • /decode accepts encoded payloads and returns decoded payloads. Used for retrieving payloads.

Both endpoints receive and respond with a JSON body containing a payloads array of Payload objects. The Codec Server passes each payload through your Payload Codec, which applies the same encoding or decoding logic that your Workers use.

Codec ServerCodec Server

Codec Server

When the Web UI or CLI needs to display decoded data, it sends the encoded payloads to your Codec Server's /decode endpoint. The Codec Server decodes the payloads and returns them to the client. The Temporal Service never sees the decoded data.

The /encode endpoint works in the other direction. When you start a Workflow or send a Signal from the Web UI or CLI, the input is sent to the Codec Server's /encode endpoint first, so data reaches the Temporal Service in its encoded form.

Your Codec Server should use the same Payload Codec implementation as your Workers to ensure consistent encoding and decoding.

Codec Server with External Storage

When your Workers and Clients use External Storage, your storage drivers replace some payloads in the Event History with small references that point to data in an external store like Amazon S3. The Temporal Service and the Web UI only see these references, not the actual payload data. This is further complicated by setups where you run Codecs in proxy that encode payloads after the Data Converter has returned on the Worker. Your Codec Server must be able to handle downloading and decoding in the correct order for you to be able to view the Workflow data in the UI or CLI.

To support External Storage, configure your Codec Server with your storage drivers, your Payload Codec, and any proxy-level codecs in a single PayloadHTTPHandler configuration. The handler applies them in the correct order across all endpoints automatically. When you configure your Codec Server with storage drivers, the existing endpoints become storage-aware and a new /download endpoint becomes available:

  • /download retrieves the actual payload data from external storage and decodes it through the Payload Codec. This endpoint is used internally by /decode when it encounters storage references, but you can also call it directly from to retrieve the decoded payload. The Temporal Web UI uses this endpoint when you click to view the full payload for a storage reference.
  • /decode still decodes encoded payloads, but also handles storage references. By default, /decode uses the download logic internally to retrieve and decode any storage references in the request alongside regular payloads. With the ?preserveStorageRefs=true query parameter, /decode skips retrieval and returns storage references as-is.
  • /encode applies the Payload Codec, then uploads payloads that exceed the size threshold to external storage and replaces them with reference tokens.
Codec Server with External StorageCodec Server with External Storage

Codec Server with External Storage

The following example walks through how all three endpoints work together:

  1. A user starts a Workflow from the CLI with a plaintext input. The CLI sends the input to the Codec Server's /encode endpoint.
  2. The Codec Server encodes the payload through the Payload Codec. The encoded payload exceeds the storage threshold, so the Codec Server uploads it to external storage and returns a small reference token.
  3. The CLI sends the reference token to the Temporal Service, which stores it in the Event History.
  4. Later, a user views the Workflow in the Web UI. The Web UI retrieves the Event History from the Temporal Service and sends the payloads to the Codec Server's /decode endpoint with the ?preserveStorageRefs=true query parameter.
  5. The Codec Server decodes any payloads that are below the storage threshold through the Payload Codec, but returns storage references as-is. The Web UI displays the reference metadata, indicating the payload is stored externally.
  6. The user clicks to view the full payload. The Web UI sends the storage reference to the /download endpoint.
  7. The Codec Server retrieves the encoded payload from external storage, decodes it through the Payload Codec, and returns the plaintext result to the Web UI.

Codec Server vs. Payload Codec

A Codec Server runs a Payload Codec internally, so the two are directly connected. The difference is where the codec logic runs and who calls it.

Payload CodecCodec Server
PurposeEncodes and decodes Payloads. Applies encryption, compression, or other byte-level transformations.Hosts a Payload Codec as an HTTP service so the Web UI and CLI can encode and decode Payloads remotely.
Runs whereIn-process, inside your Workers and Clients. Also runs inside the Codec Server.As a standalone HTTP service in your environment, with a Payload Codec inside it.
Called byThe Temporal SDK, automatically on every serialization and deserialization.The Web UI and CLI, over HTTP, when a user views or submits Payload data.
Has access to encryption keysYes. Keys are available in the Worker or Client process.Yes. Must be configured with the same keys the Payload Codec uses.

You implement the transformation logic once in a Payload Codec, then host that logic in a Codec Server so the Web UI and CLI can use it remotely.

Securing a Codec Server

Access to a Codec Server should be restricted because it can decode sensitive data. Common approaches include:

  • Network-level restrictions. Run the Codec Server on localhost or behind a VPN. The Web UI can communicate with a Codec Server that is only accessible locally.
  • Token-based authorization. Integrate your organization's authentication provider (OAuth, Auth0, or similar). Temporal Cloud can pass access tokens (JWT) to your Codec Server with each request. Verify these tokens against the Temporal Cloud JWKS endpoint.

You may also need key management infrastructure to share encryption keys between your Workers and the Codec Server.

SDK Codec Server samples

Most Temporal SDKs provide example Codec Server implementations: