Explore the Protegrity API Playground

Test Our Cutting-Edge
Data Security Solutions

Experience the core functionality of Protegrity’s data protection features with our free, developer-friendly API Playground. Ideal for safe experimentation using synthetic data.

Learn More

Get Access to API Playground

Gain access to the Protegrity API Playground to test our data security suite, featuring Vaultless Tokenization for secure and analyzable data. Perfect for experimenting with synthetic data protection and retrieval.*

Protegrity API Playground

Protegrity API Playground is a free to use platform that allows you to try out the core functionality of Protegrity data security suite: data protection and unprotection. Protegrity patented Vaultless Tokenization is the foundation of the service, securing the data while preserving its analytical utility. Data you send to the API is tokenized in a format, language, and length preserving manner. Every time you send a specific data point to the API, that data point will be protected the same way, i.e. “New York” will always be tokenized to “xYs fpsE”, etc. The API allows for data retrieval to its original form, i.e. data unprotection.  

Note that the Protegrity API Playground supports functionality testing only and should only be used with synthetic data. Performance has been limited by design (see the Usage & Limitations section). Please get in touch with the Sales team if you would like to inquire about the full Protegrity offering.

 

Getting Started

Before you can start using Protegrity API Playground, you need to register using the form on the top of this page. Once successful, you will receive an email from us with your unique API Key and the temporary password.  Registered already? Delve into our documentation to learn more about the API Playground capabilities. Download our pre-configured Postman Collection below to get a jump start with the API.

Download Postman Collection (vers. 1.5 – 18/10/2024)

Key Concepts

Data Security

A process of data de-identification that removes sensitivity from the original data in order to render it worthless in unauthorized hands. Data Security is commonly implemented through tokenization, encryption, FPE, hashing, and masking.   

Tokenization

Data tokenization is a reversible method of data protection. In tokenization, sensitive data is substituted with a randomly generated surrogate value known as a token. Generated token may be configured to be format, length, and language-preserving. Additional controls, such as adhering to a date range or passing the Luhn check are available. Tokenization is the most popular data protection method among Protegrity’s clients. Learn more about Protegrity Vaultless Tokenization. 

Encryption

Encryption is an alternative method of reversible data protection. It uses mathematical algorithms and cryptographic keys to change data into “binary ciphertext,” rendering the encrypted data unreadable and unusable. To access the original data, a user needs to present an encryption key, which reverses the encryption process and unlocks the data. 

External IV Coming Soon

A user-defined input added to a tokenization request used to differentiate generated tokens from the same initial value.  

Usage & Limitations

To ensure fair use of the API service, we enforce rate limits on API requests. 

These limits are: 

  • Request Rate: 50 per second 
  • Burst: up to 100 
  • Quota: 10,000 requests per user 
  • Max. Payload size: 1MB

Headers

Every request should carry the following headers:
x-api-key (required)
Your unique API Key. Received after a successful sign-up.

Authorization (required)
A JWT token for the session. Obtained by running the Login and Change Password endpoints.

Content-Type (required)
Set to application/json.

Authentication

Protegrity API Playground uses an API Key and a JWT token for request authorization. You will receive your unique API Key as part of the registration process. This section documents how to obtain a JWT token.

To confirm and activate your account you need to first set a new password, using the credentials received via email. The video below describes this process.

Demonstration of the account activation and login

 

Login

METHOD: POST

https://api.playground.protegrity.com/v1/login

Log in to the service using your API Key and password and obtain a JWT token for request authentication. A JWT token is valid for 24 hours. Rerun the endpoint to request a new token.

Note: If you are logging in for the first time, start with the Set Password endpoint.

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/auth \
--header 'Content-Type: application/json' \
--data-raw '{
"email": "<USER_EMAIL>",
"password": "<USER_PASSWORD>"
}'

SAMPLE RESPONSE

{
"statusCode": 201,
"message": "Login successful",
"jwt_token":"eyJraWQiOiI4T2pkOXlCWnlhMGYyVnZxRmRTblowN1ZnUEp6SHpTWFY5XC9xWXhvVTJWMD0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI4NDU4ZDQ2OC02MDIxLTcwMzktMTYzZi0zZGU4ZDZjMGE1ODgiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5hbWF6b25hd3MuY29t"
}

 

Set Password

METHOD: POST

https://api.playground.protegrity.com/v1/auth/change-password

Set your password and obtain a JWT token for request authentication. This is a dedicated endpoint for the users creating their password for the first time and requires the temporary password provided during the registration.

Note: Your new password should be at least 8 characters long, include a special character, a lowercase letter, an uppercase letter, and a number. 

curl --location 'https://api.playground.protegrity.com/v1/auth/change-password \
--header 'Content-Type: application/json' \
--data-raw '{
"email": "<USER_EMAIL>",
"temp_password": "<TEMP_PASSWORD>",
"new_password": "<NEW_PASSWORD>"
}'

SAMPLE RESPONSE

{
"statusCode": 201,
"message": "Password change successful",
"jwt_token":"eyJraWQiOiI4T2pkOXlCWnlhMGYyVnZxRmRTblowN1ZnUEp6SHpTWFY5XC9xWXhvVTJWMD0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI4NDU4ZDQ2OC02MDIxLTcwMzktMTYzZi0zZGU4ZDZjMGE1ODgiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5hbWF6b25hd3MuY29t"
}

 

Change Password

METHOD: POST

https://api.playground.protegrity.com/v1/auth/change-password

Change your password.

Note: Your new password should be at least 8 characters long, include a special character, a lowercase letter, an uppercase letter, and a number. 

curl --location 'https://api.playground.protegrity.com/v1/auth/change-password \
--header 'Content-Type: application/json' \
--data-raw '{
"email": "<USER_EMAIL>",
"old_password": "<OLD_PASSWORD>",
"new_password": "<NEW_PASSWORD>"
}'

SAMPLE RESPONSE

{
"statusCode": 201,
"message": "Password change successful"
}

Data Protection Endpoints


Protegrity API Playground exposes a curated selection of endpoints for data protection: you can use them to secure any PII and PCI information. The predefined endpoints include names, addresses, numbers, Credit Card Numbers, Social Security Numbers, and more. Format, length and language preservation are supported.

Available endpoints:

This collection is a subset of Protegrity functions available in the full version of the product.

Demonstration of a protect operation

 

Name (PII)

METHOD: POST

https://api.playground.protegrity.com/v1/name

Protect or unprotect a person’s name. The received token is not length-preserving.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

dictionary (optional)
Specify the Unicode domain of the input and output values. Option en covers all characters within the Basic Latin block of the Unicode standard (range U+0000..U+007F). Options de and fr extend that coverage to include German and French characters, respectively.  Accepts: [ en | de | fr ]. Defaults to en.

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/name' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["Joe Bloggs", "Jim Handson"],
"options": {
"dictionary": "latin"
}
}'

SAMPLE RESPONSE

{
[
"Txf DkmhjB",
"QXe AaXTZfb"
]
}

 

Address (PII)

METHOD: POST

https://api.playground.protegrity.com/v1/address

Protect or unprotect an address. The received token is not length-preserving.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

dictionary (optional)
Specify the Unicode domain of the input and output values. Option en covers all characters within the Basic Latin block of the Unicode standard (range U+0000..U+007F). Options de and fr extend that coverage to include German and French characters, respectively.  Accepts: [ en | de | fr ]. Defaults to en.

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/address' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["77 Boulevard Saint-Jacques", "46 avenue de la Grande Armée"],
"options": {
"dictionary": "fr"
}
}'

SAMPLE RESPONSE

{
[
"3u CG5itJTNu KJStq-galulig",
"Gr AY5iAK k1 n8 LvIx74 ewBék"
]
}

 

City (PII)

METHOD: POST

https://api.playground.protegrity.com/v1/city

Protect or unprotect a town or city. The received token is not length-preserving.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

dictionary (optional)
Specify the Unicode domain of the input and output values. Option en covers all characters within the Basic Latin block of the Unicode standard (range U+0000..U+007F). Options de and fr extend that coverage to include German and French characters, respectively.  Accepts: [ en | de | fr ]. Defaults to en.

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/city' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["Berlin", "München"],
"options": {
"dictionary": "de"
}
}'

SAMPLE RESPONSE

{
[
"hjsöIO",
"YAßiaoP"
]
}

 

Postcode (PII)

METHOD: POST

https://api.playground.protegrity.com/v1/postcode

Protect or unprotect a postal code with digits and chatacters. The received token is case-, length-, and position-preserving but may create invalid postal codes (e.g., restricted letters).

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

dictionary (optional)
Specify the Unicode domain of the input and output values. Option en covers all characters within the Basic Latin block of the Unicode standard (range U+0000..U+007F). Options de and fr extend that coverage to include German and French characters, respectively.  Accepts: [ en | de | fr ]. Defaults to en.

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/postcode' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["WX90GA", "SW700"]
}'

SAMPLE RESPONSE

{
[
"AD12TT",
"II867"
]
}

 

Zipcode (PII)

METHOD: POST

https://api.playground.protegrity.com/v1/zipcode

Protect or unprotect a postal code with digits only. The received token is length-preserving. The method may produce leading zeroes and invalid zipcodes (e.g., restricted digits).

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

dictionary (optional)
Specify the Unicode domain of the input and output values. Option en covers all characters within the Basic Latin block of the Unicode standard (range U+0000..U+007F). Options de and fr extend that coverage to include German and French characters, respectively.  Accepts: [ en | de | fr ]. Defaults to en.

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/zipcode' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["29017", "28100"]
}'

SAMPLE RESPONSE

{
[
"00891",
"67996"
]
}

 

Phone (PII)

METHOD: POST

https://api.playground.protegrity.com/v1/phone

Protect or unprotect a phone number. The received token is length-preserving. May return leading zeroes.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/phone' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["63098109","120-99-02-10"]
}
}'

SAMPLE RESPONSE

{
[
"81176289",
"425-44-65-10"
]
}

 

Email (PII)

METHOD: POST

https://api.playground.protegrity.com/v1/email

Protect or unprotect an email address. The received token is not length-preserving. The domain is returned in the clear.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/email' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["ava.mcconnor@acme.corp","wren@business.com"]
}
}'

SAMPLE RESPONSE

{
[
"d3E.ui2sOks@acme.corp",
"6KOe@business.com"
]
}

 

Date of Birth (PII)

METHOD: POST

https://api.playground.protegrity.com/v1/dob

Protect or unprotect a date of birth. The endpoint accepts partial DOB protection, i.e., leaving the year value in the clear. Supported date format: YYYY/MM/DD. Supported delimiters: /, ., and -.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

year (optional)

Set to true to leave the year in the clear. Must be set to true when unprotecting the string tokenized using this option.  Accepts: [ true | false ]. Defaults to false.

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/dob' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["1980/12/10", "1965/01/27"],
"options": {
"year": "true"
}
}'

SAMPLE RESPONSE

{
[
"1980/03/24",
"1965/08/11"
]
}

 

National Insurance Number (PII)

METHOD: POST

https://api.playground.protegrity.com/v1/nin

Protect or unprotect a National Insurance Number (UK). The returned NIN is case-, length- and position-preserving, i.e., generated letters and numbers will adhere to their original position. Note that some NIN logic, i.e. restricted letters, is not preserved.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/nin' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["QQ123456A","KT902281F"]
}
}'

SAMPLE RESPONSE

{
[
"CD196371K",
"OO918451S"
]
}

 

Social Security Number (PII)

METHOD: POST

https://api.playground.protegrity.com/v1/ssn

Protect or unprotect a Social Security Number (US). The returned SSN is length- and format-preserving. Note that some SSN logic, i.e. restricted numbers within digit groups, is not preserved.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/ssn' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["782-01-2930","291-44-5983"]
}
}'

SAMPLE RESPONSE

{
[
"399-03-3685",
"389-71-6451"
]
}

 

Credit Card Number (PCI DSS)

METHOD: POST

https://api.playground.protegrity.com/v1/ccn

Protect or unprotect a Credit Card Number. The returned CCN is not length-preserving. The endpoint accepts partial CCN protection, i.e. leaving the 8-digit BIN in the clear.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

bin (optional)
Set to true to leave the 8-digit BIN number in the clear. Must be set to true when unprotecting the string tokenized using this option. Accepts: [ true | false ]. Defaults to false.

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/ccn' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["4321567898765432","2376876534560987"],
"options": {
"bin": false
}
}'

SAMPLE RESPONSE

{
[
"0449999816792240",
"6683962881463918"
]
}

 

Passport (PII)

METHOD: POST

https://api.playground.protegrity.com/v1/passport

Protect or unprotect a passport number. The returned passport number is case-, length- and position-preserving (i.e., generated letters and numbers will adhere to their original position). Note that some passport logic, i.e. restricted letters, is not preserved.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/passport' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["FA039020112","CBR90110244"]
}'

SAMPLE RESPONSE

{
[
"IN890183422",
"GFR67102933"
]
}

 

IBAN (PII)

METHOD: POST

https://api.playground.protegrity.com/v1/iban

Protect or unprotect an Internation Banking Account Number. The returned IBAN is case-, length- and position-preserving. Note that some IBAN logic, i.e., producing valid country codes or a checksum validation, is not supported. The endpoint accepts partial IBAN protection, i.e., leaving the letters in the clear.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

alpha (optional)
Set to true to leave the letters in the clear. Must be set to clear when unprotecting the string tokenized using this option. Accepts: [ true | false ]. Defaults to false.

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/iban' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["NO8330001234567","QA54QNBA000000000000693123456"],
"options": {
"alpha": true
}
}'

SAMPLE RESPONSE

{
[
"NO0980006979071",
"QA13QNBA128618782491645358717"
]
}

 

String

METHOD: POST

https://api.playground.protegrity.com/v1/string

Protect or unprotect a string. Maximum length of the string is 128 characters. The returned string is not length-preserving neither case-preserving.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/string' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["hello","world"]
}
}'

SAMPLE RESPONSE

{
[
"UkosA",
"okPPwa"
]
}

 

Number

METHOD: POST

https://api.playground.protegrity.com/v1/number

Protect or unprotect a number. The returned number is length-preserving. The endpoint might generate numbers with leading zeros.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/number' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["123654","987654"]
}
}'

SAMPLE RESPONSE

{
[
"034539",
"101012"
]
}

 

Text

METHOD: POST

https://api.playground.protegrity.com/v1/text

Protect or unprotect sample text using encryption. Received text must be hex encoded. The returned value is hex encoded. There is no limitation on the text’s length however payload limits apply.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/text' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["48656c6c6f20576f726c640a"]
}
}'

SAMPLE RESPONSE

{
[
"E616C7B0762E28A32E0FABF4BC403C8D"
]
}

 

Datetime

METHOD: POST

https://api.playground.protegrity.com/v1/datetime

Protect or unprotect a datetime string The endpoint accepts partial timestamp protection, i.e., leaving the year value in the clear. Supported formats: YYYY/MM/DD and YYYY/MM/DD HH:MM:SS. Supported delimiters: /, -, .; space or T are supported between date and time.

ATTRIBUTES

operation (required)
Specify if to protect or unprotect data. Accepts: [ protect | unprotect ]

year (optional)

Set to true to leave the year in the clear. Must be set to true when unprotecting the string tokenized using this option.  Accepts: [ true | false ]. Defaults to false.

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/datetime' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '{
"operation": "protect",
"data": ["1980/12/10 14:12:01", "1965/01/27"],
"options": {
"year": "true"
}
}'

SAMPLE RESPONSE

{
[
"1980/03/24 03:19:45",
"1965/08/11"
]
}

 

Multi-type

METHOD: POST

https://api.playground.protegrity.com/v1/multi

Protect or unprotect various attributes within a payload. Please refer to the specific payload type descriptions to see available options.

SAMPLE REQUEST

curl --location 'https://api.playground.protegrity.com/v1/multi' \
--header 'x-api-key: <API_Key>' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_TOKEN>' \
--data '[
{
"type": "address",
"operation": "protect",
"data": ["Place 8 Rue Nicolau"],
"options":{
"dictionary": "fr"
}
},
{
"type": "zipcode",
"operation": "protect",
"data": ["7500"]
}
]'

SAMPLE RESPONSE

[
[
"AÿÊal û êkU œ5cùy0a7y"
],
[
"85134"
]
]