Protect data
Use the /v1/protect API to protect data. This API uses the POST method.
Prerequisites
This section assumes you have fulfilled the prerequisites.
Syntax
curl -X POST -H "Content-Type: application/json" -d '{"protection_policy_name": "<protection_policy>","data": "<data>"}' <ip>:<port>/v1/protect
curl -X POST -H "Content-Type: application/json" --header 'Authorization: Bearer JWT' -d '{"protection_policy_name": "<protection_policy>","data": "<data>"}' <ip>:<port>/v1/protect
Here, ip is the IP of the host machine where CRDP container is deployed and <port> is the port of CRDP container.
Request Parameters
| Request Parameter | Description |
|---|---|
| Authorization Header | Authorization token (JWT). Required only when JWT verification for CRDP is enabled on the Application Data Protection UI. |
| protection_policy_name | Protection policy to be used during the protect operation. |
| data | Data to be protected. |
Response Parameters
| Response | Description |
|---|---|
| protected_data | Contains the resultant of the protect operation. — If internal protection policy is used, this field contains version header bytes + ciphertext. — For disabled version, this parameter only contains ciphertext. |
| external_version | Holds the protection policy version header details. Only applicable for external versioned protection policy. For internal and disabled versioned protection policies, this field is not applicable. |
| message | Only applicable when protect operation fails. This field stores the error message for failed operations. |
Note
The request parameters for the protect operation remain the same; however, the response will change based on the type of protection policy used (internal versioning, external versioning, and disabled versioning). Go through the following examples to learn how the response of the protect operation varies according to these types.
If JWT verification is enabled, the protect API requires an additional parameter, authorization token. The rest of the parameters and response remain the same. Follow the example to learn more.
Example 1: Protect with Internal Versioning Protection Policy
Request
curl --location 'http://10.0.x.x:8090/v1/protect' --header 'Content-Type: application/json' --data '{"protection_policy_name": "testpp-internal-versioned", "data": "1234-5678-9874-5632" }'
Response
{
"protected_data": "10010008484-4992-0056-6749"
}
This example uses internal versioned policy (testpp-internal-versioned) to protect data. In response, version header bytes + ciphertext (10010008484-4992-0056-6749) is returned in the protected_data field. The protection policy is configured to protect digits.
Example 2: Protect with External Versioning Protection Policy
Request
curl --location 'http://10.0.x.x:8090/v1/protect' --header 'Content-Type: application/json' --data '{"protection_policy_name": "testpp-external-versioned", "data": "1234-5678-9874-5632" }'
Response
{
"protected_data": "8484-4992-0056-6749",
"external_version": "1001000"
}
This example uses external versioned policy (testpp-external-versioned) to protect data. In response, ciphertext (8484-4992-0056-6749) is returned in the protected_data field . The external_version field holds the version bytes (1001000). The protection policy is configured to protect digits.
Example 3: Protect with Disabled Versioning Protection Policy
Request
curl --location 'http://10.0.x.x:8090/v1/protect' --header 'Content-Type: application/json' --data '{"protection_policy_name": "testpp-disabled-versioned", "data": "1234-5678-9874-5632" }'
Response
{
"protected_data": "8484-4992-0056-6749"
}
This example uses disabled versioned policy (testpp-disabled-versioned) to protect data. In response, only ciphertext (8484-4992-0056-6749) is returned in the protected_data field. The protection policy is configured to protect digits.
Example 4: Protect with Static Masking Format
Request
curl --location 'http://10.0.x.x:8090/v1/protect' --header 'Content-Type: application/json' --data '{"protection_policy_name": "test-static-masking", "data": "1234-5678-9874-5632" }'
Response
{
"protected_data": "10010001234-5696-7876-0753"
}
This example uses an internal versioned protection policy (test-static-masking) that uses static masking format (which is configured to preserve first six characters). In response, version header bytes + ciphertext (10010001234-5696-7876-0753) is returned in the protected_data field. The protection policy is configured to protect digits.
