Reveal data
Use the /v1/reveal
API to reveal data. This API uses the POST
method.
Prerequisites
CRDP must be up and running. Refer to the Quick Start section for details.
CipherTrust Manager must be up and running. Refer to CipherTrust Manager Deployment for details.
Protection policy must be created. Refer to Managing Protection Policy for details.
The key used in the protection policy must be added to the Application Data Protection Clients Group with Use, Read, Encrypt, Decrypt, and Export permissions.
Request URL
curl -X POST -H "Content-Type: application/json" \-d '{"protection_policy_name": "<protection_policy>","protected_data": "<data_to_be_revealed>","username": "<user>","external_version": "<external_version>"}' \<ip>:<port>/v1/reveal
curl -X POST -H "Content-Type: application/json" \--header 'Authorization: Bearer JWT` \-d '{"protection_policy_name": "<protection_policy>","protected_data": "<data_to_be_revealed>","username": "<user>","external_version": "<external_version>"}' \<ip>:<port>/v1/reveal
Here, ip
is the IP of the host machine where CRDP container is deployed and <port>
is the port of CRDP container.
Request Parameters
Request Parameter | Description |
---|---|
Authorization Header | Authorization token (JWT). Required only when JWT verification for CRDP is enabled on the Application Data Protection UI. |
protection_policy_name | Protection policy to be used during the reveal operation. |
ciphertext | Data to be revealed. |
username | Name of the user for whom data will be revealed. The reveal format will depend on the access policy selected while creating protection policy. If username is null or blank, the default reveal format will be used. |
external_version | Required only when protection policy with external versioning is used in the reveal operation. |
Response Parameters
Response Parameter | Description |
---|---|
data | The output can be ciphertext, plaintext, masked value, or error replacement value based on the reveal format configured for the user in protection policy. |
message | Only applicable when reveal operation fails. This field stores the error message for failed operations. |
Examples without authorization header
Examples with internal protection policy
Request
curl --location 'http://10.0.x.x:8090/v1/reveal' \--header 'Content-Type: application/json' \--data '{ "protection_policy_name": "testpp-internal-versioned","protected_data": "1001000ddfiplkx", "username": "", "external_version": ""}'
Response
{
"data": "abcdabcd"
}
In this example, plaintext (abcdabcd
) is returned in the data
field.
Request
curl --location 'http://10.0.x.x:8090/v1/reveal' \--header 'Content-Type: application/json' \--data '{ "protection_policy_name": "testpp-internal-versioned","protected_data": "1002008319-1604-3071", "username": "", "external_version": ""}'
Response
{
"data": "8319-1604-3071"
}
In this example, output of the reveal operation is returned as the ciphertext (8319-1604-3071
).
Request
curl --location 'http://10.0.x.x:8090/v1/reveal' \--header 'Content-Type: application/json' \--data '{ "protection_policy_name": "testpp-internal-versioned","protected_data": "1002008319-1604-3071", "username": "", "external_version": ""}'
Response
{
"data": "null"
}
In this example, output of the reveal operation is returned as null
.
Examples with external protection policy
Request
curl --location 'http://10.0.x.x:8090/v1/reveal' \--header 'Content-Type: application/json' \--data '{ "protection_policy_name": "testpp-external-versioned","protected_data": "ddfiplkx", "username": "", "external_version": "1001000"}'
Response
{
"data": "abcdabcd"
}
In this example, plaintext (abcdabcd
) is returned as the output of the reveal operation.
Request
curl --location 'http://10.0.x.x:8090/v1/reveal' \--header 'Content-Type: application/json' \--data '{ "protection_policy_name": "testpp-external-versioned","protected_data": "8319-1604-3071", "username": "", "external_version": "100200"}'
Response
{
"data": "my reveal format."
}
In this example, output of the reveal operation is returned as a custom value (my reveal format.
).
Request
curl --location 'http://10.0.x.x:8090/v1/reveal' \--header 'Content-Type: application/json' \--data '{ "protection_policy_name": "testpp-external-versioned","protected_data": "8319-1604-3071", "username": "", "external_version": "100200"}'
Response
{
"data": "1234-12XX-XXXX."
}
In this example, output of the reveal operation is returned as a masked value (1234-12XX-XXXX
).
Examples with authorization token
Request
curl --location 'http://10.0.2.15:8090/v1/reveal' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c' \--data '{ "protection_policy_name": "testpp-internal-versioned","protected_data": "1001000ddfiplkx", username": ""}'
Response
{
"data": "abcdabcd"
}
In this example, plaintext (abcdabcd
) is returned as the output of the reveal operation.
Request
curl --location 'http://10.0.2.15:8090/v1/reveal' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c' \--data '{ "protection_policy_name": "testpp-external-versioned","protected_data": "ddfiplkx", username": "", "external_version": "1001000"}'
Response
{
"data": "abcdabcd"
}
In this example, plaintext (abcdabcd
) is returned as the output of the reveal operation.
Erroneous example
Request
{
"protection_policy_name": "",
"protected_data: "123coyka45elfhn67",
"username": "",
"external_version": "1003000"
}
Response
{
"message": "Validation errors:\nprotection_policy_name: protection_policy_name is a required field"
}