Data Types API

The Data Types API allows you to manage sensitive data type definitions, including both built-in types (SSN, credit cards, etc.) and custom regex-based types.

---

Overview

Data Types define patterns for detecting sensitive information:

• Built-in types: SSN, credit cards, phone numbers, email addresses, etc.
• Custom types: User-defined regex patterns for proprietary data formats
• Group types: Logical groupings of multiple data types
• Subtypes: Variations of a data type (e.g., Visa, MasterCard under Credit Card)

Data types are referenced by Obfuscations to specify which data to mask.

---

Authentication

Requires API Key with:

• Read access: GET operations (all keys)
• Admin permission: POST, PUT, PATCH, DELETE operations

---

Available Endpoints

The Data Types API provides the following endpoints:

Core Operations

• POST /api/datatypes - Create a custom data type
• GET /api/datatypes - List all data types with pagination
• GET /api/datatypes/:type - Get a specific data type by type identifier
• PUT /api/datatypes/:type - Update a data type
• PATCH /api/datatypes/:type - Partially update a data type
• DELETE /api/datatypes/:type - Delete a custom data type

Additional Operations

• PUT /api/datatypes/:type/disable - Enable or disable a data type

---

Key Concepts

Type Identifier Naming Convention

Important: The type field must use UPPERCASE letters with underscores for word separation:

• ✅ Correct: EMPLOYEE_ID, API_KEY, CREDIT_CARD
• ❌ Incorrect: employee_id, apiKey, credit-card

This identifier is used in API URLs (e.g., /api/datatypes/EMPLOYEE_ID) and must be unique across all data types.

Built-In vs Custom Types

Shield includes 48 built-in data types covering:

• Identity & Government IDs: US_SSN, CANADIAN_SIN, US_ITIN, US_ATIN, US_EIN, US_DRIVERS_LICENSE, PASSPORT, VIN
• Financial: CREDIT_CARD, IBAN, SWIFT_CODE
• Contact & Network: EMAIL_ADDRESS, PHONE_NUMBER, URL, IP, MAC_ADDRESS, DOMAIN
• Cloud Credentials: AWS_SECRET, AZURE_SECRET, GOOGLE_CLOUD_SECRET
• Latin American Phone Numbers: 12 country-specific phone number types
• CRM-Specific: 16 HubSpot and Salesforce field types

Built-in types cannot be modified or deleted. See the complete list in Data Types Reference.

Custom data types allow you to define organization-specific patterns using the type identifiers shown above.

Regex Data Types

Regex-based data types use regular expressions to match patterns in text:

{
  "type": "EMPLOYEE_ID",
  "name": "Employee ID",
  "isGroupDataType": false,
  "regexes": [
    {
      "regex": "EMP-[0-9]{6}",
      "valueGroupIndex": 0
    }
  ]
}

Group Data Types

Group data types combine multiple existing types into a logical unit:

{
  "type": "financial_pii",
  "name": "Financial PII",
  "isGroupDataType": true,
  "dataTypes": ["ssn-uuid", "credit-card-uuid", "bank-account-uuid"]
}

---

Common Use Cases

Detect Custom Identifiers

Create data types for proprietary formats like internal customer IDs, product codes, or API keys.

Group Related Types

Combine multiple PII types into a single group for easier policy management.

Format-Specific Detection

Use the json, html, and xml fields to detect data only in specific content types.

---

Best Practices

• Name clearly - Use descriptive names that indicate the data type
• Document patterns - Explain the format in the description field
• Test with real data - Verify patterns match expected values
• Group related types - Use group data types for easier management
• Version control patterns - Keep regex patterns in version control

---

Related Topics

• Create Data Type - Create custom data types
• Disable Data Types - Temporarily disable detection
• Obfuscations API - Configure masking for these data types
• Rules API - Apply detection rules using these types