API Reference
The Nullafi Shield API provides programmatic access to configure policies, extract activity data, and perform real-time data scanning and obfuscation.
Overview
The API is organized around REST principles, uses JSON for request/response bodies, and returns standard HTTP response codes. All API requests require authentication via API Keys (Bearer tokens).
Base URL
Interactive Documentation
For interactive API exploration and testing, Shield includes built-in Swagger documentation:
Authentication
All API requests must include an API Key as a Bearer token in the Authorization header:
Learn how to generate and manage API Keys.
Access from Admin Console: Configuration → API Keys → API Documentation
API Categories
Policy Management
Configure and manage Shield's data protection policies:
- Applications - Define applications and URL filters for traffic routing
- Rules - Create detection and obfuscation rules with user/group filtering
- Data Types - Manage built-in and custom data type definitions
- Obfuscations - Configure masking behaviors and formats
- Alerts - Set up notifications for policy violations
Data Access
Extract and analyze activity data:
- Activities API - Query and export activity logs with advanced filtering
- GET /api/activities - Query activities with filters
- POST /api/activities/convertsearch - Build query filters
- GET /api/activities/csv - Export to CSV format
Data Processing
Real-time scanning and masking:
- Data Scanning - Scan and obfuscate content via API
Key Concepts
API Keys
API Keys provide authentication and authorization for API access. Each key can have specific permissions:
- Policy Definition - Create/modify apps, rules, data types, obfuscations, alerts
- Data Scanning - Use
/api/scanendpoints for content processing - Data Access - Query activity logs and configuration (all keys have read access)
Keys can be configured with expiration dates and should be rotated regularly. See Authentication Overview for details.
Permissions Model
API operations require specific permission levels:
| Permission | Access |
|---|---|
| Any Valid Key | Read apps, rules, data types, activities |
| Policy Definition | Create/update/delete policy resources (apps, rules, etc.) |
| Data Scanning | Use /api/scan and /api/scan-dynamic endpoints |
Pagination
List endpoints support pagination via query parameters:
| Parameter | Description | Default |
|---|---|---|
skip |
Number of records to skip | 0 |
take |
Number of records to return | Varies by endpoint |
sortBy |
Sort specification (e.g., "name asc") |
Endpoint-specific |
Error Handling
The API uses standard HTTP status codes and returns errors in JSON format:
Common status codes:
| Code | Meaning |
|---|---|
200 |
Success |
400 |
Bad Request - Invalid parameters or request body |
401 |
Unauthorized - Invalid or expired API key |
403 |
Forbidden - Insufficient permissions |
404 |
Not Found - Resource doesn't exist |
500 |
Internal Server Error - Contact container administrator to check the logs |
Support
- Support Email: support@nullafi.com
- Swagger UI:
https://<shield-host>/swagger/index.html
For questions about specific endpoints, refer to the detailed documentation for each API category.