Data Vault is the feature of Cloud Compliance that helps to check the “Proof of De-identification”. After the De-identification of any record, Cloud Compliance stores some data in encrypted format in org so if the user wants to check whether the record is already de-identified or not, can use the Data Vault feature. In some use cases, Data Vault features need to be invoked by an external system so Cloud Compliance offers a REST API interface.
This document explains how to invoke “Proof of De-identification” via REST API using a JSON-based callout. The API will return “Proof of De-identification” with some standard and custom fields. Here users can decide on fields that should be stored in the org(in an encrypted format) as a “Proof of De-identification”.
The REST APIs that are developed for this requirement are as follows –
1. POST Request:
URL
| /services/apexrest/PCCC_DM/DeIdentifyRestService |
Request Body
| { “objectName”: “Contact”, “fieldName”: “Firstname”, “fieldValue”: “Aniket”, “deidentificationMappingName”: “Contact De-identification Mapping” } |
2. Parameters to pass –
- Object Name – Object Name of the record for which the user wants to check “Proof of De-identification”.
- Field Name – Name of the field which will work as a filter to search a de-identified record in Data Vault.
- Field Value – The actual field value that the user wants to search by.
- Mapping Name -Mapping name that was used to de-identify record.
Prerequisites –
1. Create an appropriate de-identification mapping with the “Add to Data Vault” field as true for some fields to de-identify records.
For more details please refer – RTBF/ De-identification Mappings.
Solution Steps
1. To add fields in Data Vault(Proof of De-identification), the user needs to make sure that the ‘Add to Data Vault’ checkbox is checked while adding fields in De-identification mappings for any object.
Note –
- Users can add both “Erase” and “Obfuscate” fields in the Data Vault as proof of de-identification.
- Users can add as many fields in the Data Vault but can search the “Proof of De-identification” by a single field only. We recommend adding the field which will have a unique value.
2. Once the mapping is ready as per the business use case and with the choice of Data Vault fields, the user can de-identify records and further can check “Proof of De-identification” using the Data Vault feature.
3. To check the “Proof of De-identification”, navigate to a REST tool such as Salesforce developer workbench, Postman, Insomnia, etc. (This example uses Salesforce Developer Workbench) https://workbench.developerforce.com/restExplorer.php
4. Navigate to the ‘REST Explorer’ from the Utility tab within the workbench and select the “POST” method
5. For the “POST” method, enter Cloud Compliance’s REST call URL
| /services/apexrest/PCCC_DM/DeIdentifyRestService |
6. Pass the values of Object Name, Field Name, Field Value, and Mapping Name with the following JSON format in the request body
| { “objectName”: “Contact”, “fieldName”: “Email”, “fieldValue”: “abazley65@exblog.nn”, “deidentificationMappingName”: “Contact Deidentification Mapping” } |
7. Click the “Execute” button to invoke the REST API
8. The REST API returns a case id and a success message(hasError: false).
9. The detailed raw response is as follows –
Raw Response
| HTTP / 1.1 200 OK Date: Tue, 01 Dec 2020 07: 35: 35 GMT Strict – Transport – Security: max – age = 31536002; includeSubDomains Public – Key – Pins – Report – Only: pin – sha256 = “9n0izTnSRF+W4W4JTq51avSXkWhQB8duS2bxVLfzXsY=”; pin – sha256 = “5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w=”; pin – sha256 = “njN4rRG+22dNXAi+yb8e3UMypgzPUPHlv4+foULwl1g=”; max – age = 86400; includeSubDomains; report – uri = “<a target=” _blank ” href=” https: //a.forcesslreports.com/hpkp-report/00Df40000026Esxm” rel=”noreferrer noopener”>https://a.forcesslreports.com/hpkp-report/00Df40000026Esxm; < p > Expect – CT: max – age = 86400, report – uri = “<a target=” _blank ” href=” https: //a.forcesslreports.com/Expect-CT-report/00Df40000026Esxm” rel=”noreferrer noopener”>https://a.forcesslreports.com/Expect-CT-report/00Df40000026Esxm X – Content – Type – Options: nosniff X – XSS – Protection: 1; mode = block X – Robots – Tag: none X – B3 – TraceId: f21b7714c7dc1ea2 X – B3 – SpanId: f21b7714c7dc1ea2 X – B3 – Sampled: 0 Cache – Control: no – cache, must – revalidate, max – age = 0, no – store, private Set – Cookie: BrowserId = zSVJoTOnEeuSd3fDGfODPQ; domain = . < a target = “_blank” href = “http://salesforce.com/” rel = “noreferrer noopener” > salesforce.com < /a>; path=/; expires = Wed, 01 – Dec – 2021 07: 35: 35 GMT; Max – Age = 31536000 Content – Type: application / octetstream Transfer – Encoding: chunked { “msg”: “Record found”, “Crypto-type”: “Encryption”, “showDecryptedData”: [{ “Email”: “<a target=” _blank ” href=” mailto: ABAZLEY65 @EXBLOG.NN ” rel=” noreferrer noopener “>ABAZLEY65@EXBLOG.NN</a>”, “Home Phone”: “256-605-0559”, “Last Name”: “BAZLEY”, “First Name”: “ALEX”, “SystemModstamp”: “2020-12-01 13:05:21”, “Created by”: “Niketan Newale”, “CreatedbyId”: “005f4000004gB8CAAU”, “Last modified Date”: “2020-12-01 13:05:21”, “Created Date”: “2020-12-01 13:05:21”, “Source id”: “003f400001aGCasAAG”, “Record id”: “a005G00000alUVqQAM” }], “hasError”: false } |
