For organizations handling sensitive data, finding a secure and efficient way to test data protection solutions is crucial. The Protegrity API Playground offers a straightforward way to test Protegrity’s data protection features. The Playground grants you 10,000 API requests after registration to use as you see fit: protecting names, addresses, credit card numbers – or any other data your organization considers secure. This guide will walk you through the setup process and show you how to call our API.
Choose your language & IDE.
The best way to start with the Playground is to use our preconfigured Postman collection: import it into Postman, and you are good to go. This is what we will be using in this tutorial.
Registration
To register with Protegrity API Playground, fill out the form on our landing page. The information you provide is collected for user management and analytics. It is protected with Protegrity’s tokenization, ensuring that only authorized team members can view it in clear text. We are drinking our own champagne – it would be unwise not to!
Once registered, you will receive an email from us. It will include your unique API key and password. You will need them to authenticate with the Playground.
Login
Login to the Playground is required to start interacting with the Playground. Pass your email and password to the /login endpoint. On a successful login, you will receive a JWT Token. The token, alongside your API Key will be used to authorize the API requests to the Playground going forward.
The JWT Token expires every 24 hours. To renew it, go to the /loginendpoint, and we will issue a new one.
Environment Setup
Consider saving your JWT Token and the API Key as environment variables for convenience. If you use our preconfigured Postman collection, you can store them in the variables section. This will ensure that they are sent alongside every request and save you some tedious work of providing them with every call.
Now that’s done you’re all set! Let the API Playground be your oyster.
Data Protection Endpoints
Protegrity API Playground exposes a curated selection of endpoints for data protection: you can use them to secure any PII, PCI, or otherwise sensitive information. The predefined endpoints include names, addresses, zip codes, credit card numbers, social security numbers, and more.
Protegrity’s Vaultless Tokenization is renowned for its high configurability. The Playground lets you experiment with some of its flagship capabilities: length-, language-, position-, and case-preservation. This means that if you pass French strings to the API, you will receive a token that carries French characters. Numeric zip codes are length-preserving, meaning that a 5-digit input will produce a 5-digit output. Postcodes, i.e., codes that mix digits and characters, are even more advanced: you will keep their original length, position, and case in the received token. This is a very different approach to encryption, where the cyphertext resulting from the cryptographic function does not match the input domain and requires the developer to change the application to accommodate it.
A full list of available endpoints and their properties is available on the Documentation Page. Let’s play around with some of them to give you an idea of what the Playground can offer.
Testing the API
We have hand-picked some protection endpoints that are representative of what you can expect from the Playground – and Protegrity’s platform.
Protecting Names
Most of our clients choose to protect their customers’ names. Let’s construct a request to the /name endpoint to secure the name of the King of England: Charles Mountbatten-Windsor.
The operation should be set to protect: this is how you will instruct the API what to do.
Paste the King’s name in the data and send the request.
And poof! The King is no longer a known person (in your records). Note that the /name endpoint does not support any text feature preservation (length, case, or position), as there is rarely any business case to do so. You will also notice that something interesting has happened: the separator within the King’s surname was not removed. This is because this tokenization element only acts on letters. Everything else is returned as-is.
You can now pass the protected string into the request and switch the operation to unprotect. This will return the King’s name.
The /name endpoint offers language preservation for German and French characters. To switch it on, provide a dictionary as an option and set it to your preferred language.
Protecting Date of Birth
Date of birth is another attribute commonly considered as PII. If you provide it with a date, it will return its secured version in that same format. You can also decide to leave the year in the clear. Often, an entire date of birth is considered a sensitive attribute, however a year on its own is acceptable to be left in the clear.
Here’s a sample request issued to /dob endpoint that demonstrates this feature:
Protecting Credit Card Numbers
Leaving your customer’s credit card numbers unprotected is a sure way to anger auditors, lose customer trust, and get into trouble. CCN is the core piece of data to secure – if you’re unsure what should be your priority, this is it.
When calling the /ccn endpoint, you can decide to protect the entire credit card string or leave the 8-digit BIN in the clear:
Protecting multi-type payloads
Now that you have a good grasp of how our API Playground works, you can take it up a notch and protect (and unprotect) multiple data types at once. To do that, use the /multi endpoint. Specify the operation type, the data type, and options for each data point. Refer to the description of each data type (endpoint) to see all options available.
Here’s an example protection request of an address in Paris:
The API Playground is an evergreen project – we are rolling out updates and new features every couple of months.
The Protegrity API Playground offers a practical and essential entry point to test, evaluate, and refine data protection strategies within a secure environment, allowing teams to see if Protegrity is the right fit for their data privacy needs. Register today to start safeguarding your sensitive data: one API request at a time.