Reveal data
Use the /v1/reveal API to reveal data. This API uses the POST method.
Prerequisites
This section assumes you have fulfilled the prerequisites.
Syntax
curl -X POST -H "Content-Type: application/json" -d '{"protection_policy_name": "<protection_policy>","protected_data": "<data_to_be_revealed>","username": "<user>","external_version": "<external_version>"}' <ip>:<port>/v1/reveal
curl -X POST -H "Content-Type: application/json" --header 'Authorization: Bearer JWT` -d '{"protection_policy_name": "<protection_policy>","protected_data": "<data_to_be_revealed>","username": "<user>","external_version": "<external_version>"}' <ip>:<port>/v1/reveal
Here, ip is the IP of the host machine where CRDP container is deployed and <port> is the port of CRDP container.
Request Parameters
| Request Parameter | Description |
|---|---|
| Authorization Header | Authorization token (JWT). Required only when JWT verification for CRDP is enabled on the Application Data Protection UI. |
| protection_policy_name | Protection policy to be used during the reveal operation. |
| protected_data | Data to be revealed. |
| username | Name of the user for whom data will be revealed. The reveal format will depend on the access policy selected while creating protection policy. If username is null or blank, the default reveal format will be used. Username is ignored if the |
| external_version | Required only when protection policy with external versioning is used in the reveal operation. |
Response Parameters
| Response Parameter | Description |
|---|---|
| data | The output can be plaintext, ciphertext, error replacement value, or masked value based on the reveal format configured for the user in access policy. |
| message | Only applicable when reveal operation fails. This field stores the error message for failed operations. |
Below table shows examples for different reveal formats supported in CRDP:
| Example | User | Reveal Format | Protection Policy Versioning |
|---|---|---|---|
| Example 1 | user1 | Plaintext | Internal |
| Example 2 | user2 | Ciphertext | Internal |
| Example 3 | user3 | Error Replacement Value (null) | Disabled |
| Example 4 | user4 | Masked Value | External |
Example 1
Request
curl --location 'http://10.0.x.x:8090/v1/reveal' --header 'Content-Type: application/json' --data '{ "protection_policy_name": "testpp-internal-versioned","protected_data": "10010008484-4992-0056-6749", "username": "user1"}'
Response
{
"data": "1234-5678-9874-5632"
}
In this example, plaintext (1234-5678-9874-5632) is returned in the data field.
Example 2
Request
curl --location 'http://10.0.x.x:8090/v1/reveal' --header 'Content-Type: application/json' --data '{ "protection_policy_name": "testpp-internal-versioned","protected_data": "10010008484-4992-0056-6749", "username": "user2"}'
Response
{
"data": "10010008484-4992-0056-6749"
}
In this example, output of the reveal operation is returned as the protected_data (10010008484-4992-0056-6749).
Example 3
Request
curl --location 'http://10.0.x.x:8090/v1/reveal' --header 'Content-Type: application/json' --data '{ "protection_policy_name": "testpp-disabled-versioned","protected_data": "8484-4992-0056-6749", "username": "user3"}'
Response
{
"data": null
}
In this example, output of the reveal operation is returned as null.
Example 4
Request
curl --location 'http://10.0.x.x:8090/v1/reveal' --header 'Content-Type: application/json' --data '{ "protection_policy_name": "testpp-external-versioned","protected_data": "8484-4992-0056-6749", "external_version": "1001000", "username": "user4"}'
Response
{
"data": "XXXX-XXXX-XXXX-5632"
}
In this example, output of the reveal operation is returned as a masked value (XXXX-XXXX-XXXX-5632). The masking format configured in access policy is SHOW_LAST_FOUR.
