Skip to main content

Redact Configuration API Reference

The Pangea Redact API helps developers limit the sprawl of sensitive information by performing redaction using defined rules.

Base URL

redact.<csp>.<region>.pangea.cloud

post/v1beta/config
curl -sSLX POST 'https://redact.aws.us.pangea.cloud/v1beta/config' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Get Redact config

POST
https://redact.aws.us.pangea.cloud/v1beta/config

Retrieve a Redact service configuration by its ID.

required parameters

string

ID of a Redact service configuration

object

Pangea standard response schema

string
(default: "1.0.0")

Configuration version

string

ID of a Redact service configuration

string

Human-readable name of the Redact service configuration

string (date-time)

Timestamp of the last update to the configuration, in ISO 8601 format. Assigned automatically by the system.

array<string>
(default: )

List of short rule names (rule identifiers) enabled for this configuration. Each rule specifies what to redact and how.

object

Map of short rule names to redaction settings. Each key is a short rule name (for example, EMAIL_ADDRESS, PERSON), and the corresponding value defines how data matching that rule should be redacted. For example:

{
  "hash": {
    "hash_type": "md5"
  },
  "fpe_alphabet": "numeric",
  "redaction_type": "fpe",
  "partial_masking": {
    "masking_char": "*",
    "masking_type": "unmask",
    "unmasked_from_left": 0,
    "unmasked_from_right": 4
  },
  "redaction_value": "<US_SSN>"
}

Note that in this example, the redaction_type is fpe, so only the fpe_alphabet field is required. Other parameters are included in the rule definition but only take effect if they are relevant to the selected redaction type.

Configuration for the redaction method applied to detected values.

Each rule supports one redaction type, such as masking, replacement, hashing, Format-Preserving Encryption (FPE), or detection-only mode. Additional parameters may be required depending on the selected redaction type.

For more details, see the Redaction Methods documentation.

string

Redaction method to apply for this rule

string

Replacement string to use when redaction_type is replacement

object

Controls how text is masked when redaction_type is partial_masking

string
(default: "unmask")

Defines the masking strategy. Use unmask to specify how many characters to keep visible. Use mask to specify how many to hide.

integer

Number of leading characters to leave unmasked when masking_type is unmask

  • minimum: 0
integer

Number of trailing characters to leave unmasked when masking_type is unmask

  • minimum: 0
integer

Number of leading characters to mask when masking_type is mask

  • minimum: 0
integer

Number of trailing characters to mask when masking_type is mask

  • minimum: 0
array<string>

List of characters that should not be masked (for example, hyphens or periods)

string
(default: "*")

Character to use when masking text

  • minLength: 1

  • maxLength: 1

object, null

Hash configuration when redaction_type is hash

Alphabet used for Format-Preserving Encryption (FPE). Determines the character set for encryption.

string, null

ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

string, null

Tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

  • minLength: 7

  • maxLength: 7

string, null

ID of the Vault service configuration used to create and manage the secrets used in this Redact configuration

string, null

ID of a Vault secret containing the salt value used for hashing. Pangea requires salting to protect against brute-force attacks.

object

Map of custom rule identifiers to rule definitions. Each key is a unique rule ID, and the value is a redaction rule object.

object
string

Name of the entity this rule detects (for example, EMAIL_ADDRESS, US_SSN)

string

Identifier of the ruleset this rule belongs to

number

Threshold score required for the rule to trigger a match

  • minimum: 0.1

  • maximum: 1

array,null<string>

List of context keywords that support positive identification

string

Name for the rule

string

Description of what the rule detects

object
object
string

Display name of the ruleset

string

Description of the ruleset's purpose or scope

array<string>

List of language codes supported by this redaction configuration.

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/create
curl -sSLX POST 'https://redact.aws.us.pangea.cloud/v1beta/config/create' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

This endpoint cannot be called through the documentation site

Create Redact config

POST
https://redact.aws.us.pangea.cloud/v1beta/config/create

Create a new Redact service configuration.

required parameters

string

Human-readable name of the Redact service configuration

string
(default: "2.0.0")

Configuration version. Current version is 2.0.0.

array<string>
(default: )

List of short rule names (rule identifiers) enabled for this configuration. Each rule specifies what to redact and how.

boolean
(default: false)

If true, the rules listed in enabled_rules will always be applied to all Redact calls, regardless of request-specific flags

object

Map of short rule names to redaction settings. Each key is a short rule name (for example, EMAIL_ADDRESS, PERSON), and the corresponding value defines how data matching that rule should be redacted. For example:

{
  "hash": {
    "hash_type": "md5"
  },
  "fpe_alphabet": "numeric",
  "redaction_type": "fpe",
  "partial_masking": {
    "masking_char": "*",
    "masking_type": "unmask",
    "unmasked_from_left": 0,
    "unmasked_from_right": 4
  },
  "redaction_value": "<US_SSN>"
}

Note that in this example, the redaction_type is fpe, so only the fpe_alphabet field is required. Other parameters are included in the rule definition but only take effect if they are relevant to the selected redaction type.

Configuration for the redaction method applied to detected values.

Each rule supports one redaction type, such as masking, replacement, hashing, Format-Preserving Encryption (FPE), or detection-only mode. Additional parameters may be required depending on the selected redaction type.

For more details, see the Redaction Methods documentation.

string

Redaction method to apply for this rule

string

Replacement string to use when redaction_type is replacement

object

Controls how text is masked when redaction_type is partial_masking

string
(default: "unmask")

Defines the masking strategy. Use unmask to specify how many characters to keep visible. Use mask to specify how many to hide.

integer

Number of leading characters to leave unmasked when masking_type is unmask

  • minimum: 0
integer

Number of trailing characters to leave unmasked when masking_type is unmask

  • minimum: 0
integer

Number of leading characters to mask when masking_type is mask

  • minimum: 0
integer

Number of trailing characters to mask when masking_type is mask

  • minimum: 0
array<string>

List of characters that should not be masked (for example, hyphens or periods)

string
(default: "*")

Character to use when masking text

  • minLength: 1

  • maxLength: 1

object, null

Hash configuration when redaction_type is hash

Alphabet used for Format-Preserving Encryption (FPE). Determines the character set for encryption.

string, null

ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

string, null

Tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

  • minLength: 7

  • maxLength: 7

string, null

ID of the Vault service configuration used to create and manage the secrets used in this Redact configuration

string, null

ID of a Vault secret containing the salt value used for hashing. Pangea requires salting to protect against brute-force attacks.

string, null

ID of the Vault secret containing the encryption key used with FF3 algorithms for Format-Preserving Encryption (FPE).

object

Map of custom rule identifiers to their definitions. Each key is a unique rule name, and each value is a redaction rule object that specifies how to detect and process a particular entity.

object
string

Name of the entity this rule detects (for example, EMAIL_ADDRESS, US_SSN)

number

Threshold score required for the rule to trigger a match

  • minimum: 0.1

  • maximum: 1

array,null<string>

List of context keywords that support positive identification

array,null<string>

List of context keywords that suppress matches

string

Name for the rule

string

Description of what the rule detects

object

Map of ruleset identifiers to ruleset definitions. Each key is a unique ruleset name, and each value defines a custom set of redaction rules.

object

Defines a customizable set of redaction rules

string

Display name of the ruleset

string

Description of the ruleset's purpose or scope

array<string>

List of rule identifiers included in this ruleset.

array<string>

List of language codes supported by this redaction configuration.

object

Pangea standard response schema

string
(default: "1.0.0")

Configuration version

string

ID of a Redact service configuration

string

Human-readable name of the Redact service configuration

string (date-time)

Timestamp of the last update to the configuration, in ISO 8601 format. Assigned automatically by the system.

array<string>
(default: )

List of short rule names (rule identifiers) enabled for this configuration. Each rule specifies what to redact and how.

object

Map of short rule names to redaction settings. Each key is a short rule name (for example, EMAIL_ADDRESS, PERSON), and the corresponding value defines how data matching that rule should be redacted. For example:

{
  "hash": {
    "hash_type": "md5"
  },
  "fpe_alphabet": "numeric",
  "redaction_type": "fpe",
  "partial_masking": {
    "masking_char": "*",
    "masking_type": "unmask",
    "unmasked_from_left": 0,
    "unmasked_from_right": 4
  },
  "redaction_value": "<US_SSN>"
}

Note that in this example, the redaction_type is fpe, so only the fpe_alphabet field is required. Other parameters are included in the rule definition but only take effect if they are relevant to the selected redaction type.

Configuration for the redaction method applied to detected values.

Each rule supports one redaction type, such as masking, replacement, hashing, Format-Preserving Encryption (FPE), or detection-only mode. Additional parameters may be required depending on the selected redaction type.

For more details, see the Redaction Methods documentation.

string

Redaction method to apply for this rule

string

Replacement string to use when redaction_type is replacement

object

Controls how text is masked when redaction_type is partial_masking

string
(default: "unmask")

Defines the masking strategy. Use unmask to specify how many characters to keep visible. Use mask to specify how many to hide.

integer

Number of leading characters to leave unmasked when masking_type is unmask

  • minimum: 0
integer

Number of trailing characters to leave unmasked when masking_type is unmask

  • minimum: 0
integer

Number of leading characters to mask when masking_type is mask

  • minimum: 0
integer

Number of trailing characters to mask when masking_type is mask

  • minimum: 0
array<string>

List of characters that should not be masked (for example, hyphens or periods)

string
(default: "*")

Character to use when masking text

  • minLength: 1

  • maxLength: 1

object, null

Hash configuration when redaction_type is hash

Alphabet used for Format-Preserving Encryption (FPE). Determines the character set for encryption.

string, null

ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

string, null

Tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

  • minLength: 7

  • maxLength: 7

string, null

ID of the Vault service configuration used to create and manage the secrets used in this Redact configuration

string, null

ID of a Vault secret containing the salt value used for hashing. Pangea requires salting to protect against brute-force attacks.

object

Map of custom rule identifiers to rule definitions. Each key is a unique rule ID, and the value is a redaction rule object.

object
string

Name of the entity this rule detects (for example, EMAIL_ADDRESS, US_SSN)

string

Identifier of the ruleset this rule belongs to

number

Threshold score required for the rule to trigger a match

  • minimum: 0.1

  • maximum: 1

array,null<string>

List of context keywords that support positive identification

string

Name for the rule

string

Description of what the rule detects

object
object
string

Display name of the ruleset

string

Description of the ruleset's purpose or scope

array<string>

List of language codes supported by this redaction configuration.

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/update
curl -sSLX POST 'https://redact.aws.us.pangea.cloud/v1beta/config/update' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

This endpoint cannot be called through the documentation site

Update Redact config

POST
https://redact.aws.us.pangea.cloud/v1beta/config/update

Update a Redact service configuration.

To update a configuration, first retrieve the current version, apply your changes, and submit the updated configuration to this endpoint.

For a full example using a Project Admin management client, see the Service Configuration APIs documentation.

required parameters

string

ID of a Redact service configuration

string

Human-readable name of the Redact service configuration

string (date-time)

Timestamp of the last update to the configuration, in ISO 8601 format. Assigned automatically by the system.

string
(default: "2.0.0")

Configuration version. Current version is 2.0.0.

array<string>
(default: )

List of short rule names (rule identifiers) enabled for this configuration. Each rule specifies what to redact and how.

boolean
(default: false)

If true, the rules listed in enabled_rules will always be applied to all Redact calls, regardless of request-specific flags

object

Map of short rule names to redaction settings. Each key is a short rule name (for example, EMAIL_ADDRESS, PERSON), and the corresponding value defines how data matching that rule should be redacted. For example:

{
  "hash": {
    "hash_type": "md5"
  },
  "fpe_alphabet": "numeric",
  "redaction_type": "fpe",
  "partial_masking": {
    "masking_char": "*",
    "masking_type": "unmask",
    "unmasked_from_left": 0,
    "unmasked_from_right": 4
  },
  "redaction_value": "<US_SSN>"
}

Note that in this example, the redaction_type is fpe, so only the fpe_alphabet field is required. Other parameters are included in the rule definition but only take effect if they are relevant to the selected redaction type.

Configuration for the redaction method applied to detected values.

Each rule supports one redaction type, such as masking, replacement, hashing, Format-Preserving Encryption (FPE), or detection-only mode. Additional parameters may be required depending on the selected redaction type.

For more details, see the Redaction Methods documentation.

string

Redaction method to apply for this rule

string

Replacement string to use when redaction_type is replacement

object

Controls how text is masked when redaction_type is partial_masking

string
(default: "unmask")

Defines the masking strategy. Use unmask to specify how many characters to keep visible. Use mask to specify how many to hide.

integer

Number of leading characters to leave unmasked when masking_type is unmask

  • minimum: 0
integer

Number of trailing characters to leave unmasked when masking_type is unmask

  • minimum: 0
integer

Number of leading characters to mask when masking_type is mask

  • minimum: 0
integer

Number of trailing characters to mask when masking_type is mask

  • minimum: 0
array<string>

List of characters that should not be masked (for example, hyphens or periods)

string
(default: "*")

Character to use when masking text

  • minLength: 1

  • maxLength: 1

object, null

Hash configuration when redaction_type is hash

Alphabet used for Format-Preserving Encryption (FPE). Determines the character set for encryption.

string, null

ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

string, null

Tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

  • minLength: 7

  • maxLength: 7

string, null

ID of the Vault service configuration used to create and manage the secrets used in this Redact configuration

string, null

ID of a Vault secret containing the salt value used for hashing. Pangea requires salting to protect against brute-force attacks.

string, null

ID of the Vault secret containing the encryption key used with FF3 algorithms for Format-Preserving Encryption (FPE).

object

Map of custom rule identifiers to their definitions. Each key is a unique rule name, and each value is a redaction rule object that specifies how to detect and process a particular entity.

object
string

Name of the entity this rule detects (for example, EMAIL_ADDRESS, US_SSN)

number

Threshold score required for the rule to trigger a match

  • minimum: 0.1

  • maximum: 1

array,null<string>

List of context keywords that support positive identification

array,null<string>

List of context keywords that suppress matches

string

Name for the rule

string

Description of what the rule detects

object

Map of ruleset identifiers to ruleset definitions. Each key is a unique ruleset name, and each value defines a custom set of redaction rules.

object

Defines a customizable set of redaction rules

string

Display name of the ruleset

string

Description of the ruleset's purpose or scope

array<string>

List of rule identifiers included in this ruleset.

array<string>

List of language codes supported by this redaction configuration.

object

Pangea standard response schema

string
(default: "1.0.0")

Configuration version

string

ID of a Redact service configuration

string

Human-readable name of the Redact service configuration

string (date-time)

Timestamp of the last update to the configuration, in ISO 8601 format. Assigned automatically by the system.

array<string>
(default: )

List of short rule names (rule identifiers) enabled for this configuration. Each rule specifies what to redact and how.

object

Map of short rule names to redaction settings. Each key is a short rule name (for example, EMAIL_ADDRESS, PERSON), and the corresponding value defines how data matching that rule should be redacted. For example:

{
  "hash": {
    "hash_type": "md5"
  },
  "fpe_alphabet": "numeric",
  "redaction_type": "fpe",
  "partial_masking": {
    "masking_char": "*",
    "masking_type": "unmask",
    "unmasked_from_left": 0,
    "unmasked_from_right": 4
  },
  "redaction_value": "<US_SSN>"
}

Note that in this example, the redaction_type is fpe, so only the fpe_alphabet field is required. Other parameters are included in the rule definition but only take effect if they are relevant to the selected redaction type.

Configuration for the redaction method applied to detected values.

Each rule supports one redaction type, such as masking, replacement, hashing, Format-Preserving Encryption (FPE), or detection-only mode. Additional parameters may be required depending on the selected redaction type.

For more details, see the Redaction Methods documentation.

string

Redaction method to apply for this rule

string

Replacement string to use when redaction_type is replacement

object

Controls how text is masked when redaction_type is partial_masking

string
(default: "unmask")

Defines the masking strategy. Use unmask to specify how many characters to keep visible. Use mask to specify how many to hide.

integer

Number of leading characters to leave unmasked when masking_type is unmask

  • minimum: 0
integer

Number of trailing characters to leave unmasked when masking_type is unmask

  • minimum: 0
integer

Number of leading characters to mask when masking_type is mask

  • minimum: 0
integer

Number of trailing characters to mask when masking_type is mask

  • minimum: 0
array<string>

List of characters that should not be masked (for example, hyphens or periods)

string
(default: "*")

Character to use when masking text

  • minLength: 1

  • maxLength: 1

object, null

Hash configuration when redaction_type is hash

Alphabet used for Format-Preserving Encryption (FPE). Determines the character set for encryption.

string, null

ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

string, null

Tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

  • minLength: 7

  • maxLength: 7

string, null

ID of the Vault service configuration used to create and manage the secrets used in this Redact configuration

string, null

ID of a Vault secret containing the salt value used for hashing. Pangea requires salting to protect against brute-force attacks.

object

Map of custom rule identifiers to rule definitions. Each key is a unique rule ID, and the value is a redaction rule object.

object
string

Name of the entity this rule detects (for example, EMAIL_ADDRESS, US_SSN)

string

Identifier of the ruleset this rule belongs to

number

Threshold score required for the rule to trigger a match

  • minimum: 0.1

  • maximum: 1

array,null<string>

List of context keywords that support positive identification

string

Name for the rule

string

Description of what the rule detects

object
object
string

Display name of the ruleset

string

Description of the ruleset's purpose or scope

array<string>

List of language codes supported by this redaction configuration.

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/delete
curl -sSLX POST 'https://redact.aws.us.pangea.cloud/v1beta/config/delete' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

This endpoint cannot be called through the documentation site

Delete redact config (Beta)

POST
https://redact.aws.us.pangea.cloud/v1beta/config/delete

required parameters

string

ID of a Redact service configuration

object

Pangea standard response schema

string
(default: "1.0.0")

Configuration version

string

ID of a Redact service configuration

string

Human-readable name of the Redact service configuration

string (date-time)

Timestamp of the last update to the configuration, in ISO 8601 format. Assigned automatically by the system.

array<string>
(default: )

List of short rule names (rule identifiers) enabled for this configuration. Each rule specifies what to redact and how.

object

Map of short rule names to redaction settings. Each key is a short rule name (for example, EMAIL_ADDRESS, PERSON), and the corresponding value defines how data matching that rule should be redacted. For example:

{
  "hash": {
    "hash_type": "md5"
  },
  "fpe_alphabet": "numeric",
  "redaction_type": "fpe",
  "partial_masking": {
    "masking_char": "*",
    "masking_type": "unmask",
    "unmasked_from_left": 0,
    "unmasked_from_right": 4
  },
  "redaction_value": "<US_SSN>"
}

Note that in this example, the redaction_type is fpe, so only the fpe_alphabet field is required. Other parameters are included in the rule definition but only take effect if they are relevant to the selected redaction type.

Configuration for the redaction method applied to detected values.

Each rule supports one redaction type, such as masking, replacement, hashing, Format-Preserving Encryption (FPE), or detection-only mode. Additional parameters may be required depending on the selected redaction type.

For more details, see the Redaction Methods documentation.

string

Redaction method to apply for this rule

string

Replacement string to use when redaction_type is replacement

object

Controls how text is masked when redaction_type is partial_masking

string
(default: "unmask")

Defines the masking strategy. Use unmask to specify how many characters to keep visible. Use mask to specify how many to hide.

integer

Number of leading characters to leave unmasked when masking_type is unmask

  • minimum: 0
integer

Number of trailing characters to leave unmasked when masking_type is unmask

  • minimum: 0
integer

Number of leading characters to mask when masking_type is mask

  • minimum: 0
integer

Number of trailing characters to mask when masking_type is mask

  • minimum: 0
array<string>

List of characters that should not be masked (for example, hyphens or periods)

string
(default: "*")

Character to use when masking text

  • minLength: 1

  • maxLength: 1

object, null

Hash configuration when redaction_type is hash

Alphabet used for Format-Preserving Encryption (FPE). Determines the character set for encryption.

string, null

ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

string, null

Tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

  • minLength: 7

  • maxLength: 7

string, null

ID of the Vault service configuration used to create and manage the secrets used in this Redact configuration

string, null

ID of a Vault secret containing the salt value used for hashing. Pangea requires salting to protect against brute-force attacks.

object

Map of custom rule identifiers to rule definitions. Each key is a unique rule ID, and the value is a redaction rule object.

object
string

Name of the entity this rule detects (for example, EMAIL_ADDRESS, US_SSN)

string

Identifier of the ruleset this rule belongs to

number

Threshold score required for the rule to trigger a match

  • minimum: 0.1

  • maximum: 1

array,null<string>

List of context keywords that support positive identification

string

Name for the rule

string

Description of what the rule detects

object
object
string

Display name of the ruleset

string

Description of the ruleset's purpose or scope

array<string>

List of language codes supported by this redaction configuration.

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/list
curl -sSLX POST 'https://redact.aws.us.pangea.cloud/v1beta/config/list' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

List Redact configs

POST
https://redact.aws.us.pangea.cloud/v1beta/config/list

Retrieve a paginated list of Redact service configurations.

fields

object
string

Only records where id equals this value.

array<string>

Only records where id includes each substring.

Click 'Save' to use the value

array<string>

Only records where id equals one of the provided substrings.

Click 'Save' to use the value

string (date-time)

Only records where created_at equals this value.

string (date-time)

Only records where created_at is greater than this value.

string (date-time)

Only records where created_at is greater than or equal to this value.

string (date-time)

Only records where created_at is less than this value.

string (date-time)

Only records where created_at is less than or equal to this value.

string (date-time)

Only records where updated_at equals this value.

string (date-time)

Only records where updated_at is greater than this value.

string (date-time)

Only records where updated_at is greater than or equal to this value.

string (date-time)

Only records where updated_at is less than this value.

string (date-time)

Only records where updated_at is less than or equal to this value.

string

Reflected value from a previous response to obtain the next page of results.

string

Order results asc(ending) or desc(ending).

string

Which field to order results by.

integer

Maximum results to include in the response.

  • minimum: 1

object

Pangea standard response schema

object
integer

Number of service configs matched by the list request

string

Base64-encoded pagination cursor from the previous response, used to retrieve the next page of results

string
(default: "1.0.0")

Configuration version

string

ID of a Redact service configuration

string

Human-readable name of the Redact service configuration

string (date-time)

Timestamp of the last update to the configuration, in ISO 8601 format. Assigned automatically by the system.

array<string>
(default: )

List of short rule names (rule identifiers) enabled for this configuration. Each rule specifies what to redact and how.

object

Map of short rule names to redaction settings. Each key is a short rule name (for example, EMAIL_ADDRESS, PERSON), and the corresponding value defines how data matching that rule should be redacted. For example:

{
  "hash": {
    "hash_type": "md5"
  },
  "fpe_alphabet": "numeric",
  "redaction_type": "fpe",
  "partial_masking": {
    "masking_char": "*",
    "masking_type": "unmask",
    "unmasked_from_left": 0,
    "unmasked_from_right": 4
  },
  "redaction_value": "<US_SSN>"
}

Note that in this example, the redaction_type is fpe, so only the fpe_alphabet field is required. Other parameters are included in the rule definition but only take effect if they are relevant to the selected redaction type.

Configuration for the redaction method applied to detected values.

Each rule supports one redaction type, such as masking, replacement, hashing, Format-Preserving Encryption (FPE), or detection-only mode. Additional parameters may be required depending on the selected redaction type.

For more details, see the Redaction Methods documentation.

string

Redaction method to apply for this rule

string

Replacement string to use when redaction_type is replacement

object

Controls how text is masked when redaction_type is partial_masking

string
(default: "unmask")

Defines the masking strategy. Use unmask to specify how many characters to keep visible. Use mask to specify how many to hide.

integer

Number of leading characters to leave unmasked when masking_type is unmask

  • minimum: 0
integer

Number of trailing characters to leave unmasked when masking_type is unmask

  • minimum: 0
integer

Number of leading characters to mask when masking_type is mask

  • minimum: 0
integer

Number of trailing characters to mask when masking_type is mask

  • minimum: 0
array<string>

List of characters that should not be masked (for example, hyphens or periods)

string
(default: "*")

Character to use when masking text

  • minLength: 1

  • maxLength: 1

object, null

Hash configuration when redaction_type is hash

Alphabet used for Format-Preserving Encryption (FPE). Determines the character set for encryption.

string, null

ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

string, null

Tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

  • minLength: 7

  • maxLength: 7

string, null

ID of the Vault service configuration used to create and manage the secrets used in this Redact configuration

string, null

ID of a Vault secret containing the salt value used for hashing. Pangea requires salting to protect against brute-force attacks.

object

Map of custom rule identifiers to rule definitions. Each key is a unique rule ID, and the value is a redaction rule object.

object
string

Name of the entity this rule detects (for example, EMAIL_ADDRESS, US_SSN)

string

Identifier of the ruleset this rule belongs to

number

Threshold score required for the rule to trigger a match

  • minimum: 0.1

  • maximum: 1

array,null<string>

List of context keywords that support positive identification

string

Name for the rule

string

Description of what the rule detects

object
object
string

Display name of the ruleset

string

Description of the ruleset's purpose or scope

array<string>

List of language codes supported by this redaction configuration.

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Status Codes
StatusStatus CodeDescription
InvalidFPEKey400

FPE key provided was not valid

RegexTimeout400

A user-provided regex took too long to run

Was this article helpful?

Contact us