Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Examples

Protect data

search

Please Note:

printsuggest an editpdf paneldownload

Protect data

Use the /v1/protect API to protect data. This API uses the POST method.

copy link to clipboardPrerequisites

This section assumes you have fulfilled the prerequisites.

copy link to clipboardSyntax

curl -X POST -H "Content-Type: application/json" -d '{"protection_policy_name": "<protection_policy>","data": "<data>"}' <ip>:<port>/v1/protect
curl -X POST -H "Content-Type: application/json" --header 'Authorization: Bearer JWT' -d '{"protection_policy_name": "<protection_policy>","data": "<data>"}' <ip>:<port>/v1/protect

Here, ip is the IP of the host machine where CRDP container is deployed and <port> is the port of CRDP container.

copy link to clipboardRequest Parameters

Request ParameterDescription
Authorization HeaderAuthorization token (JWT). Required only when JWT verification for CRDP is enabled on the Application Data Protection UI.
protection_policy_nameProtection policy to be used during the protect operation.
dataData to be protected.

copy link to clipboardResponse Parameters

ResponseDescription
protected_dataContains the resultant of the protect operation.
— If internal protection policy is used, this field contains version header bytes + ciphertext.
— For disabled version, this parameter only contains ciphertext.
external_versionHolds the protection policy version header details.
note

Note

Only applicable for external versioned protection policy. For internal and disabled versioned protection policies, this field is not applicable.

messageOnly applicable when protect operation fails. This field stores the error message for failed operations.

Note

  • The request parameters for the protect operation remain the same; however, the response will change based on the type of protection policy used (internal versioning, external versioning, and disabled versioning). Go through the following examples to learn how the response of the protect operation varies according to these types.

  • If JWT verification is enabled, the protect API requires an additional parameter, authorization token. The rest of the parameters and response remain the same. Follow the example to learn more.

copy link to clipboardExample 1: Protect with Internal Versioning Protection Policy

Request

curl --location 'http://10.0.x.x:8090/v1/protect' --header 'Content-Type: application/json' --data '{"protection_policy_name": "testpp-internal-versioned", "data": "1234-5678-9874-5632" }'

Response

{
    "protected_data": "10010008484-4992-0056-6749"
}

This example uses internal versioned policy (testpp-internal-versioned) to protect data. In response, version header bytes + ciphertext (10010008484-4992-0056-6749) is returned in the protected_data field. The protection policy is configured to protect digits.

copy link to clipboardExample 2: Protect with External Versioning Protection Policy

Request

curl --location 'http://10.0.x.x:8090/v1/protect' --header 'Content-Type: application/json' --data '{"protection_policy_name": "testpp-external-versioned", "data": "1234-5678-9874-5632" }'

Response

{
    "protected_data": "8484-4992-0056-6749",
    "external_version": "1001000"
}

This example uses external versioned policy (testpp-external-versioned) to protect data. In response, ciphertext (8484-4992-0056-6749) is returned in the protected_data field . The external_version field holds the version bytes (1001000). The protection policy is configured to protect digits.

copy link to clipboardExample 3: Protect with Disabled Versioning Protection Policy

Request

curl --location 'http://10.0.x.x:8090/v1/protect' --header 'Content-Type: application/json' --data '{"protection_policy_name": "testpp-disabled-versioned", "data": "1234-5678-9874-5632" }'

Response

{
    "protected_data": "8484-4992-0056-6749"
}

This example uses disabled versioned policy (testpp-disabled-versioned) to protect data. In response, only ciphertext (8484-4992-0056-6749) is returned in the protected_data field. The protection policy is configured to protect digits.

copy link to clipboardExample 4: Protect with Static Masking Format

Request

curl --location 'http://10.0.x.x:8090/v1/protect' --header 'Content-Type: application/json' --data '{"protection_policy_name": "test-static-masking", "data": "1234-5678-9874-5632" }'

Response

{
    "protected_data": "10010001234-5696-7876-0753"
}

This example uses an internal versioned protection policy (test-static-masking) that uses static masking format (which is configured to preserve first six characters). In response, version header bytes + ciphertext (10010001234-5696-7876-0753) is returned in the protected_data field. The protection policy is configured to protect digits.

On this page