Creating Obfuscations
Create obfuscation configurations to define how Shield masks sensitive data.
Endpoint
Creates a new obfuscation configuration with data type masking rules and optional contextual filters.
Authentication
Requires API Key with Policy Definition permission.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name |
string | Yes | Obfuscation name (1-64 chars) |
description |
string | No | Description (0-128 chars) |
datatypes |
array | Yes | Array of data type configurations |
filters |
array | No | Contextual filtering rules |
Data Type Configuration
| Field | Type | Description |
|---|---|---|
type |
string | Data type identifier (UPPERCASE, e.g., US_SSN, CREDIT_CARD) |
maskFormatId |
string | Mask format identifier (UPPERCASE, e.g., FULLY_OBFUSCATED, LEAVE_LAST_FOUR) |
storeOriginalValue |
boolean | Store original for de-obfuscation |
whitelist |
string[] | Values to exclude from masking |
Filter Configuration
| Field | Type | Description |
|---|---|---|
type |
string | Field name to filter on |
filterType |
integer | Filter type (0=sibling, 1=parent, etc.) |
filterParentLevel |
integer | Parent level for parent filters |
isWhitelist |
boolean | Whitelist or blacklist behavior |
condition |
object | Condition object (see Filter Conditions) |
Response
Returns the created obfuscation object with an id field:
Response Format
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "Mask PII",
"description": "Obfuscate all PII data types",
"datatypes": [
{
"type": "US_SSN",
"maskFormatId": "FULLY_OBFUSCATED",
"storeOriginalValue": true,
"whitelist": ["000-00-0000"]
}
],
"filters": [],
"createdAt": 1704067200,
"updatedAt": 1704067200
}
Examples
Create Basic Obfuscation
Replace SSN values with asterisks.
# Get mask format and data type IDs
MASKFORMATS=$(curl -s -X GET "https://your-shield-host:8080/api/maskformats" \
-H "Authorization: Bearer YOUR_API_KEY")
DATATYPES=$(curl -s -X GET "https://your-shield-host:8080/api/datatypes" \
-H "Authorization: Bearer YOUR_API_KEY")
MASK_ID=$(echo $MASKFORMATS | jq -r '.items[] | select(.name=="Asterisk") | .id')
SSN_ID=$(echo $DATATYPES | jq -r '.items[] | select(.type=="ssn") | .id')
curl -X POST "https://your-shield-host:8080/api/obfuscations" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d "{
\"name\": \"Mask SSN\",
\"description\": \"Replace SSN with asterisks\",
\"datatypes\": [
{
\"type\": \"$SSN_ID\",
\"maskFormatId\": \"$MASK_ID\",
\"storeOriginalValue\": true,
\"whitelist\": []
}
]
}"
import requests
BASE_URL = "https://your-shield-host:8080"
HEADERS = {"Authorization": "Bearer YOUR_API_KEY"}
# Get mask format and data type IDs
mask_formats = requests.get(f"{BASE_URL}/api/maskformats", headers=HEADERS).json()
datatypes = requests.get(f"{BASE_URL}/api/datatypes", headers=HEADERS).json()
asterisk_mask_id = next(m["id"] for m in mask_formats["items"] if m["name"] == "Asterisk")
ssn_id = next(d["id"] for d in datatypes["items"] if d["type"] == "ssn")
obfuscation = {
"name": "Mask SSN",
"description": "Replace SSN with asterisks",
"datatypes": [
{
"type": ssn_id,
"maskFormatId": asterisk_mask_id,
"storeOriginalValue": True,
"whitelist": []
}
]
}
response = requests.post(f"{BASE_URL}/api/obfuscations", headers=HEADERS, json=obfuscation)
print(f"Created obfuscation: {response.json()['id']}")
const axios = require('axios');
const BASE_URL = 'https://your-shield-host:8080';
const HEADERS = { 'Authorization': 'Bearer YOUR_API_KEY' };
// Get mask format and data type IDs
const maskFormats = await axios.get(`${BASE_URL}/api/maskformats`, { headers: HEADERS });
const datatypes = await axios.get(`${BASE_URL}/api/datatypes`, { headers: HEADERS });
const asteriskMaskId = maskFormats.data.items.find(m => m.name === 'Asterisk').id;
const ssnId = datatypes.data.items.find(d => d.type === 'ssn').id;
const obfuscation = {
name: 'Mask SSN',
description: 'Replace SSN with asterisks',
datatypes: [
{
type: ssnId,
maskFormatId: asteriskMaskId,
storeOriginalValue: true,
whitelist: []
}
]
};
const response = await axios.post(`${BASE_URL}/api/obfuscations`, obfuscation, { headers: HEADERS });
console.log(`Created obfuscation: ${response.data.id}`);
Create Obfuscation with Whitelist
Mask all SSNs except test values.
curl -X POST "https://your-shield-host:8080/api/obfuscations" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Mask Non-Test SSNs",
"datatypes": [
{
"type": "US_SSN",
"maskFormatId": "FULLY_OBFUSCATED",
"storeOriginalValue": false,
"whitelist": [
"000-00-0000",
"999-99-9999"
]
}
]
}'
import requests
BASE_URL = "https://your-shield-host:8080"
HEADERS = {"Authorization": "Bearer YOUR_API_KEY"}
obfuscation = {
"name": "Mask Non-Test SSNs",
"datatypes": [
{
"type": "US_SSN",
"maskFormatId": "FULLY_OBFUSCATED",
"storeOriginalValue": False,
"whitelist": [
"000-00-0000", # Test SSN
"999-99-9999" # Another test value
]
}
]
}
response = requests.post(f"{BASE_URL}/api/obfuscations", headers=HEADERS, json=obfuscation)
print(f"Created obfuscation: {response.json()['id']}")
const axios = require('axios');
const BASE_URL = 'https://your-shield-host:8080';
const HEADERS = { 'Authorization': 'Bearer YOUR_API_KEY' };
const obfuscation = {
name: 'Mask Non-Test SSNs',
datatypes: [
{
type: 'US_SSN',
maskFormatId: 'FULLY_OBFUSCATED',
storeOriginalValue: false,
whitelist: [
'000-00-0000', // Test SSN
'999-99-9999' // Another test value
]
}
]
};
const response = await axios.post(`${BASE_URL}/api/obfuscations`, obfuscation, { headers: HEADERS });
console.log(`Created obfuscation: ${response.data.id}`);
Create Conditional Obfuscation
Only mask SSN if a transaction amount exceeds $10,000.
curl -X POST "https://your-shield-host:8080/api/obfuscations" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Mask High-Value Transactions",
"description": "Only mask SSN if amount > $10,000",
"datatypes": [
{
"type": "US_SSN",
"maskFormatId": "FULLY_OBFUSCATED",
"storeOriginalValue": true,
"whitelist": []
}
],
"filters": [
{
"type": "amount",
"filterType": 1,
"filterParentLevel": 0,
"isWhitelist": false,
"condition": {
"numberCondition": {
"operator": "greaterThan",
"value": 10000.00
}
}
}
]
}'
import requests
BASE_URL = "https://your-shield-host:8080"
HEADERS = {"Authorization": "Bearer YOUR_API_KEY"}
obfuscation = {
"name": "Mask High-Value Transactions",
"description": "Only mask SSN if amount > $10,000",
"datatypes": [
{
"type": "US_SSN",
"maskFormatId": "FULLY_OBFUSCATED",
"storeOriginalValue": True,
"whitelist": []
}
],
"filters": [
{
"type": "amount",
"filterType": 1, # Parent filter
"filterParentLevel": 0,
"isWhitelist": False,
"condition": {
"numberCondition": {
"operator": "greaterThan",
"value": 10000.00
}
}
}
]
}
response = requests.post(f"{BASE_URL}/api/obfuscations", headers=HEADERS, json=obfuscation)
print(f"Created obfuscation: {response.json()['id']}")
const axios = require('axios');
const BASE_URL = 'https://your-shield-host:8080';
const HEADERS = { 'Authorization': 'Bearer YOUR_API_KEY' };
const obfuscation = {
name: 'Mask High-Value Transactions',
description: 'Only mask SSN if amount > $10,000',
datatypes: [
{
type: 'US_SSN',
maskFormatId: 'FULLY_OBFUSCATED',
storeOriginalValue: true,
whitelist: []
}
],
filters: [
{
type: 'amount',
filterType: 1, // Parent filter
filterParentLevel: 0,
isWhitelist: false,
condition: {
numberCondition: {
operator: 'greaterThan',
value: 10000.00
}
}
}
]
};
const response = await axios.post(`${BASE_URL}/api/obfuscations`, obfuscation, { headers: HEADERS });
console.log(`Created obfuscation: ${response.data.id}`);
Error Responses
| Status Code | Description | Solution |
|---|---|---|
400 |
Invalid request body | Check field validation requirements |
401 |
Invalid or expired API key | Verify authentication |
403 |
Insufficient permissions | Key needs Policy Definition permission |
409 |
Obfuscation name already exists | Use a unique name or update the existing obfuscation |
Related Topics
- List Obfuscations - Query all obfuscations
- Update Obfuscations - Modify existing obfuscations
- Filter Conditions - Detailed filter documentation
- Data Types API - Define data types to obfuscate