Data Vault REST API

Data Vault is the feature of Cloud Compliance that helps to check the “Proof of De-identification”. After the De-identification of any record, Cloud Compliance stores some data in encrypted format in org so if the user wants to check whether the record is already de-identified or not, can use the Data Vault feature. In some use cases, Data Vault features need to be invoked by an external system so Cloud Compliance offers a REST API interface.

This document explains how to invoke “Proof of De-identification” via REST API using a JSON-based callout. The API will return “Proof of De-identification” with some standard and custom fields. Here users can decide on fields that should be stored in the org(in an encrypted format) as a “Proof of De-identification”.

The REST APIs that are developed for this requirement are as follows –

1.  POST Request:

URL

| | | --- | | /services/apexrest/PCCC_DM/DeIdentifyRestService |

Request Body

| | | --- | | { "objectName": "Contact", "fieldName": "Firstname", "fieldValue": "Aniket", "deidentificationMappingName": "Contact De-identification Mapping" } |

 2. Parameters to pass –

• Object Name – Object Name of the record for which the user wants to check “Proof of De-identification”.
• Field Name–  Name of the field which will work as a filter to search a de-identified record in the Data Vault.
• Field Value – The actual field value that the user wants to search by.
• Mapping Name -The mapping name that was used to de-identify the record.

Prerequisites –

1. Create an appropriate de-identification mapping with the “Add to Data Vault” field as true for some fields to de-identify records.

For more details please refer – RTBF/ De-identification Mappings.

Solution Steps

1. To add fields in Data Vault(Proof of De-identification), the user needs to make sure that the ‘Add to Data Vault’ checkbox is checked while adding fields in De-identification mappings for any object.

Note –

• Users can add both the “Erase” and “Obfuscate” fields in the Data Vault as proof of de-identification.
• Users can add as many fields in the Data Vault but can search the “Proof of De-identification” by a single field only. We recommend adding a field which will have a unique value.

!

2. Once the mapping is ready as per the business use case and with the choice of Data Vault fields, the user can de-identify records and further can check “Proof of De-identification” using the Data Vault feature.

3. To check the “Proof of De-identification”, navigate to a REST tool such as Salesforce developer workbench, Postman, Insomnia, etc. (This example uses Salesforce Developer Workbench) 

!

4. Navigate to the ‘REST Explorer’  from the Utility tab  within the workbench and select the “POST” method

!

5. For the “POST” method, enter Cloud Compliance’s REST call URL

| | | --- | | /services/apexrest/PCCC_DM/DeIdentifyRestService |

!

6. Pass the values of Object Name, Field Name, Field Value, and Mapping Name with the following JSON format in the request body

| | | --- | | { "objectName": "Contact", "fieldName": "Email", "fieldValue": "abazley65@exblog.nn", "deidentificationMappingName": "Contact Deidentification Mapping" } |

!

7. Click the “Execute” button to invoke the REST API

!

8. The REST API returns a case id and a success message(hasError: false).

!

9. The detailed raw response is as follows – 

Raw Response

| | | --- | | HTTP / 1.1 200 OK Date: Tue, 01 Dec 2020 07: 35: 35 GMT Strict - Transport - Security: max - age = 31536002; includeSubDomains Public - Key - Pins - Report - Only: pin - sha256 = "9n0izTnSRF+W4W4JTq51avSXkWhQB8duS2bxVLfzXsY="; pin - sha256 = "5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="; pin - sha256 = "njN4rRG+22dNXAi+yb8e3UMypgzPUPHlv4+foULwl1g="; max - age = 86400; includeSubDomains; report - uri = "<a target=" _blank " href=" https: //a.forcesslreports.com/hpkp-report/00Df40000026Esxm" rel="noreferrer noopener">https://a.forcesslreports.com/hpkp-report/00Df40000026Esxm; < p > Expect - CT: max - age = 86400, report - uri = "<a target=" _blank " href=" https: //a.forcesslreports.com/Expect-CT-report/00Df40000026Esxm" rel="noreferrer noopener">https://a.forcesslreports.com/Expect-CT-report/00Df40000026Esxm X - Content - Type - Options: nosniff X - XSS - Protection: 1; mode = block X - Robots - Tag: none X - B3 - TraceId: f21b7714c7dc1ea2 X - B3 - SpanId: f21b7714c7dc1ea2 X - B3 - Sampled: 0 Cache - Control: no - cache, must - revalidate, max - age = 0, no - store, private Set - Cookie: BrowserId = zSVJoTOnEeuSd3fDGfODPQ; domain = . < a target = "_blank" href = "http://salesforce.com/" rel = "noreferrer noopener" > salesforce.com < /a>; path=/; expires = Wed, 01 - Dec - 2021 07: 35: 35 GMT; Max - Age = 31536000 Content - Type: application / octetstream Transfer - Encoding: chunked { "msg": "Record found", "Crypto-type": "Encryption", "showDecryptedData": [{ "Email": "<a target=" _blank " href=" mailto: ABAZLEY65 @EXBLOG.NN " rel=" noreferrer noopener ">ABAZLEY65@EXBLOG.NN</a>", "Home Phone": "256-605-0559", "Last Name": "BAZLEY", "First Name": "ALEX", "SystemModstamp": "2020-12-01 13:05:21", "Created by": "Niketan Newale", "CreatedbyId": "005f4000004gB8CAAU", "Last modified Date": "2020-12-01 13:05:21", "Created Date": "2020-12-01 13:05:21", "Source id": "003f400001aGCasAAG", "Record id": "a005G00000alUVqQAM" }], "hasError": false } |