Data Vault REST API

Data Vault is the feature of Cloud Compliance that helps to check the “Proof of De-identification”. After the De-identification of any record, Cloud Compliance stores some data in encrypted format in org so if the user wants to check whether the record is already de-identified or not, can use the Data Vault feature. In some use cases, Data Vault features need to be invoked by an external system so Cloud Compliance offers a REST API interface.

This document explains how to invoke “Proof of De-identification” via REST API using a JSON-based callout. The API will return “Proof of De-identification” with some standard and custom fields. Here users can decide on fields that should be stored in the org(in an encrypted format) as a “Proof of De-identification”.
 

The REST APIs that are developed for this requirement are as follows – 

1.  POST Request: 

URL

/services/apexrest/PCCC_DM/DeIdentifyRestService

Request Body 

{
“objectName”: “Contact”,
“fieldName”: “Firstname”,
“fieldValue”: “Aniket”,
“deidentificationMappingName”: “Contact De-identification Mapping”
}


 2. Parameters to pass – 

  • Object Name – Object Name of the record for which the user wants to check “Proof of De-identification”.
  • Field Name –  Name of the field which will work as a filter to search a de-identified record in Data Vault.
  • Field Value – The actual field value that the user wants to search by.
  • Mapping Name -Mapping name that was used to de-identify record.

Prerequisites –
 

1. Create an appropriate de-identification mapping with the “Add to Data Vault” field as true for some fields to de-identify records.

For more details please refer – RTBF/ De-identification Mappings.
 

Solution Steps

1. To add fields in Data Vault(Proof of De-identification), the user needs to make sure that the ‘Add to Data Vault’ checkbox is checked while adding fields in De-identification mappings for any object.


Note –

  • Users can add both “Erase” and “Obfuscate” fields in the Data Vault as proof of de-identification.
  • Users can add as many fields in the Data Vault but can search the “Proof of De-identification” by a single field only. We recommend adding the field which will have a unique value.


2. Once the mapping is ready as per the business use case and with the choice of Data Vault fields, the user can de-identify records and further can check “Proof of De-identification” using the Data Vault feature.

3. To check the “Proof of De-identification”, navigate to a REST tool such as Salesforce developer workbench, Postman, Insomnia, etc. (This example uses Salesforce Developer Workbench) https://workbench.developerforce.com/restExplorer.php 

4. Navigate to the ‘REST Explorer’  from the Utility tab  within the workbench and select the “POST” method



5. For the “POST” method, enter Cloud Compliance’s REST call URL

/services/apexrest/PCCC_DM/DeIdentifyRestService

6. Pass the values of Object Name, Field Name, Field Value, and Mapping Name with the following JSON format in the request body 

{
“objectName”: “Contact”,
“fieldName”: “Email”,
“fieldValue”: “abazley65@exblog.nn”,
“deidentificationMappingName”: “Contact Deidentification Mapping”
}

7. Click the “Execute” button to invoke the REST API

8. The REST API returns a case id and a success message(hasError: false).

9. The detailed raw response is as follows – 
 

Raw Response

HTTP / 1.1 200 OK
Date: Tue, 01 Dec 2020 07: 35: 35 GMT
Strict – Transport – Security: max – age = 31536002;
includeSubDomains
Public – Key – Pins – Report – Only: pin – sha256 = “9n0izTnSRF+W4W4JTq51avSXkWhQB8duS2bxVLfzXsY=”;
pin – sha256 = “5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w=”;
pin – sha256 = “njN4rRG+22dNXAi+yb8e3UMypgzPUPHlv4+foULwl1g=”;
max – age = 86400;
includeSubDomains;
report – uri = “<a target=”
_blank ” href=”
https: //a.forcesslreports.com/hpkp-report/00Df40000026Esxm” rel=”noreferrer noopener”>https://a.forcesslreports.com/hpkp-report/00Df40000026Esxm;
<
p > Expect – CT: max – age = 86400, report – uri = “<a target=”
_blank ” href=”
https: //a.forcesslreports.com/Expect-CT-report/00Df40000026Esxm” rel=”noreferrer noopener”>https://a.forcesslreports.com/Expect-CT-report/00Df40000026Esxm
X – Content – Type – Options: nosniff
X – XSS – Protection: 1;
mode = block
X – Robots – Tag: none
X – B3 – TraceId: f21b7714c7dc1ea2
X – B3 – SpanId: f21b7714c7dc1ea2
X – B3 – Sampled: 0
Cache – Control: no – cache, must – revalidate, max – age = 0, no – store, private
Set – Cookie: BrowserId = zSVJoTOnEeuSd3fDGfODPQ;
domain = . < a target = “_blank”
href = “http://salesforce.com/”
rel = “noreferrer noopener” > salesforce.com < /a>; path=/;
expires = Wed, 01 – Dec – 2021 07: 35: 35 GMT;
Max – Age = 31536000
Content – Type: application / octetstream
Transfer – Encoding: chunked {
“msg”: “Record found”,
“Crypto-type”: “Encryption”,
“showDecryptedData”: [{
“Email”: “<a target=”
_blank ” href=”
mailto: ABAZLEY65 @EXBLOG.NN ” rel=”
noreferrer noopener “>ABAZLEY65@EXBLOG.NN</a>”,
“Home Phone”: “256-605-0559”,
“Last Name”: “BAZLEY”,
“First Name”: “ALEX”,
“SystemModstamp”: “2020-12-01 13:05:21”,
“Created by”: “Niketan Newale”,
“CreatedbyId”: “005f4000004gB8CAAU”,
“Last modified Date”: “2020-12-01 13:05:21”,
“Created Date”: “2020-12-01 13:05:21”,
“Source id”: “003f400001aGCasAAG”,
“Record id”: “a005G00000alUVqQAM”
}],
“hasError”: false
}