Data Vault is the feature of Cloud Compliance that helps to check the “Proof of De-identification”. After the De-identification of any record, Cloud Compliance stores some data in encrypted format in org so if the user wants to check whether the record is already de-identified or not, can use the Data Vault feature. In some use cases, Data Vault features need to be invoked by an external system so Cloud Compliance offers a REST API interface.
This document explains how to invoke “Proof of De-identification” via REST API using a JSON-based callout. The API will return “Proof of De-identification” with some standard and custom fields. Here users can decide on fields that should be stored in the org(in an encrypted format) as a “Proof of De-identification”.
The REST APIs that are developed for this requirement are as follows –
1. POST Request:
URL
/services/apexrest/PCCC_DM/DeIdentifyRestService
Request Body
{
"objectName": "Contact",
"fieldName": "Firstname",
"fieldValue": "Aniket",
"deidentificationMappingName": "Contact De-identification Mapping"
}
2. Parameters to pass –
- Object Name – Object Name of the record for which the user wants to check “Proof of De-identification”.
- Field Name – Name of the field which will work as a filter to search a de-identified record in Data Vault.
- Field Value – The actual field value that the user wants to search by.
- Mapping Name -Mapping name that was used to de-identify record.
Prerequisites –
1. Create an appropriate de-identification mapping with the “Add to Data Vault” field as true for some fields to de-identify records.
For more details please refer – RTBF/ De-identification Mappings.
Solution Steps
1. To add fields in Data Vault(Proof of De-identification), the user needs to make sure that the ‘Add to Data Vault’ checkbox is checked while adding fields in De-identification mappings for any object.
Note –
- Users can add both “Erase” and “Obfuscate” fields in the Data Vault as proof of de-identification.
- Users can add as many fields in the Data Vault but can search the “Proof of De-identification” by a single field only. We recommend adding the field which will have a unique value.
2. Once the mapping is ready as per the business use case and with the choice of Data Vault fields, the user can de-identify records and further can check “Proof of De-identification” using the Data Vault feature.
3. To check the “Proof of De-identification”, navigate to a REST tool such as Salesforce developer workbench, Postman, Insomnia, etc. (This example uses Salesforce Developer Workbench) https://workbench.developerforce.com/restExplorer.php
4. Navigate to the ‘REST Explorer’ from the Utility tab within the workbench and select the “POST” method
5. For the “POST” method, enter Cloud Compliance’s REST call URL
/services/apexrest/PCCC_DM/DeIdentifyRestService
6. Pass the values of Object Name, Field Name, Field Value, and Mapping Name with the following JSON format in the request body
{
"objectName": "Contact",
"fieldName": "Email",
"fieldValue": "abazley65@exblog.nn",
"deidentificationMappingName": "Contact Deidentification Mapping"
}
7. Click the “Execute” button to invoke the REST API
8. The REST API returns a case id and a success message(hasError: false).
9. The detailed raw response is as follows –
Raw Response
HTTP / 1.1 200 OK
Date: Tue, 01 Dec 2020 07: 35: 35 GMT
Strict - Transport - Security: max - age = 31536002;
includeSubDomains
Public - Key - Pins - Report - Only: pin - sha256 = "9n0izTnSRF+W4W4JTq51avSXkWhQB8duS2bxVLfzXsY=";
pin - sha256 = "5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w=";
pin - sha256 = "njN4rRG+22dNXAi+yb8e3UMypgzPUPHlv4+foULwl1g=";
max - age = 86400;
includeSubDomains;
report - uri = "<a target="
_blank " href="
https: //a.forcesslreports.com/hpkp-report/00Df40000026Esxm" rel="noreferrer noopener">https://a.forcesslreports.com/hpkp-report/00Df40000026Esxm;
<
p > Expect - CT: max - age = 86400, report - uri = "<a target="
_blank " href="
https: //a.forcesslreports.com/Expect-CT-report/00Df40000026Esxm" rel="noreferrer noopener">https://a.forcesslreports.com/Expect-CT-report/00Df40000026Esxm
X - Content - Type - Options: nosniff
X - XSS - Protection: 1;
mode = block
X - Robots - Tag: none
X - B3 - TraceId: f21b7714c7dc1ea2
X - B3 - SpanId: f21b7714c7dc1ea2
X - B3 - Sampled: 0
Cache - Control: no - cache, must - revalidate, max - age = 0, no - store, private
Set - Cookie: BrowserId = zSVJoTOnEeuSd3fDGfODPQ;
domain = . < a target = "_blank"
href = "http://salesforce.com/"
rel = "noreferrer noopener" > salesforce.com < /a>; path=/;
expires = Wed, 01 - Dec - 2021 07: 35: 35 GMT;
Max - Age = 31536000
Content - Type: application / octetstream
Transfer - Encoding: chunked {
"msg": "Record found",
"Crypto-type": "Encryption",
"showDecryptedData": [{
"Email": "<a target="
_blank " href="
mailto: ABAZLEY65 @EXBLOG.NN " rel="
noreferrer noopener ">ABAZLEY65@EXBLOG.NN</a>",
"Home Phone": "256-605-0559",
"Last Name": "BAZLEY",
"First Name": "ALEX",
"SystemModstamp": "2020-12-01 13:05:21",
"Created by": "Niketan Newale",
"CreatedbyId": "005f4000004gB8CAAU",
"Last modified Date": "2020-12-01 13:05:21",
"Created Date": "2020-12-01 13:05:21",
"Source id": "003f400001aGCasAAG",
"Record id": "a005G00000alUVqQAM"
}],
"hasError": false
}