Redact Configuration API Reference

The Pangea Redact API helps developers limit the sprawl of sensitive information by performing redaction using defined rules.

Base URL

redact.<csp>.<region>.pangea.cloud

• Redact Documentation
• OpenAPI Specification

post/v1beta/config

cURL

Code Snippet Language

curl -sSLX POST 'https://redact.aws.us.pangea.cloud/v1beta/config' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

Get Redact config

POST

https://redact.aws.us.pangea.cloud/v1beta/config

Retrieve a Redact service configuration by its ID.

required parameters

id

string

ID of a Redact service configuration

​

Response Fields

Response Schema

object

Pangea standard response schema

result

version

string

(default: "1.0.0")

Configuration version

id

string

ID of a Redact service configuration

name

string

Human-readable name of the Redact service configuration

updated_at

string (date-time)

Timestamp of the last update to the configuration, in ISO 8601 format. Assigned automatically by the system.

enabled_rules

array<string>

(default: )

List of short rule names (rule identifiers) enabled for this configuration. Each rule specifies what to redact and how.

redactions

object

Map of short rule names to redaction settings. Each key is a short rule name (for example, EMAIL_ADDRESS, PERSON), and the corresponding value defines how data matching that rule should be redacted. For example:

{
  "hash": {
    "hash_type": "md5"
  },
  "fpe_alphabet": "numeric",
  "redaction_type": "fpe",
  "partial_masking": {
    "masking_char": "*",
    "masking_type": "unmask",
    "unmasked_from_left": 0,
    "unmasked_from_right": 4
  },
  "redaction_value": "<US_SSN>"
}

Note that in this example, the redaction_type is fpe, so only the fpe_alphabet field is required. Other parameters are included in the rule definition but only take effect if they are relevant to the selected redaction type.

Pattern Property: ^.*$

Configuration for the redaction method applied to detected values.

Each rule supports one redaction type, such as masking, replacement, hashing, Format-Preserving Encryption (FPE), or detection-only mode. Additional parameters may be required depending on the selected redaction type.

For more details, see the Redaction Methods documentation.

redaction_type

string

Redaction method to apply for this rule

redaction_value

string

Replacement string to use when redaction_type is replacement

partial_masking

object

Controls how text is masked when redaction_type is partial_masking

masking_type

string

(default: "unmask")

Defines the masking strategy. Use unmask to specify how many characters to keep visible. Use mask to specify how many to hide.

unmasked_from_left

integer

Number of leading characters to leave unmasked when masking_type is unmask

• minimum: 0

unmasked_from_right

integer

Number of trailing characters to leave unmasked when masking_type is unmask

• minimum: 0

masked_from_left

integer

Number of leading characters to mask when masking_type is mask

• minimum: 0

masked_from_right

integer

Number of trailing characters to mask when masking_type is mask

• minimum: 0

chars_to_ignore

array<string>

List of characters that should not be masked (for example, hyphens or periods)

masking_char

string

(default: "*")

Character to use when masking text

• minLength: 1

• maxLength: 1

hash

object, null

Hash configuration when redaction_type is hash

fpe_alphabet

Alphabet used for Format-Preserving Encryption (FPE). Determines the character set for encryption.

fpe_tweak_vault_secret_id

string, null

ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

fpe_tweak

string, null

Tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

• minLength: 7

• maxLength: 7

vault_service_config_id

string, null

ID of the Vault service configuration used to create and manage the secrets used in this Redact configuration

salt_vault_secret_id

string, null

ID of a Vault secret containing the salt value used for hashing. Pangea requires salting to protect against brute-force attacks.

rules

object

Map of custom rule identifiers to rule definitions. Each key is a unique rule ID, and the value is a redaction rule object.

Pattern Property: ^.*$

object

entity_name

string

Name of the entity this rule detects (for example, EMAIL_ADDRESS, US_SSN)

matchers

ruleset

string

Identifier of the ruleset this rule belongs to

match_threshold

number

Threshold score required for the rule to trigger a match

• minimum: 0.1

• maximum: 1

context_values

array,null<string>

List of context keywords that support positive identification

name

string

Name for the rule

description

string

Description of what the rule detects

rulesets

object

^.*$

object

name

string

Display name of the ruleset

description

string

Description of the ruleset's purpose or scope

supported_languages

array<string>

List of language codes supported by this redaction configuration.

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/create

cURL

Code Snippet Language

curl -sSLX POST 'https://redact.aws.us.pangea.cloud/v1beta/config/create' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

This endpoint cannot be called through the documentation site

Create Redact config

POST

https://redact.aws.us.pangea.cloud/v1beta/config/create

Create a new Redact service configuration.

required parameters

name

string

Human-readable name of the Redact service configuration

optional parameters

version

string

(default: "2.0.0")

Configuration version. Current version is 2.0.0.

enabled_rules

array<string>

(default: )

List of short rule names (rule identifiers) enabled for this configuration. Each rule specifies what to redact and how.

enforce_enabled_rules

boolean

(default: false)

If true, the rules listed in enabled_rules will always be applied to all Redact calls, regardless of request-specific flags

redactions

object

Map of short rule names to redaction settings. Each key is a short rule name (for example, EMAIL_ADDRESS, PERSON), and the corresponding value defines how data matching that rule should be redacted. For example:

{
  "hash": {
    "hash_type": "md5"
  },
  "fpe_alphabet": "numeric",
  "redaction_type": "fpe",
  "partial_masking": {
    "masking_char": "*",
    "masking_type": "unmask",
    "unmasked_from_left": 0,
    "unmasked_from_right": 4
  },
  "redaction_value": "<US_SSN>"
}

Note that in this example, the redaction_type is fpe, so only the fpe_alphabet field is required. Other parameters are included in the rule definition but only take effect if they are relevant to the selected redaction type.

Pattern Property: ^.*$

Configuration for the redaction method applied to detected values.

Each rule supports one redaction type, such as masking, replacement, hashing, Format-Preserving Encryption (FPE), or detection-only mode. Additional parameters may be required depending on the selected redaction type.

For more details, see the Redaction Methods documentation.

redaction_type

string

Redaction method to apply for this rule

redaction_value

string

Replacement string to use when redaction_type is replacement

partial_masking

object

Controls how text is masked when redaction_type is partial_masking

masking_type

string

(default: "unmask")

Defines the masking strategy. Use unmask to specify how many characters to keep visible. Use mask to specify how many to hide.

unmasked_from_left

integer

Number of leading characters to leave unmasked when masking_type is unmask

• minimum: 0

unmasked_from_right

integer

Number of trailing characters to leave unmasked when masking_type is unmask

• minimum: 0

masked_from_left

integer

Number of leading characters to mask when masking_type is mask

• minimum: 0

masked_from_right

integer

Number of trailing characters to mask when masking_type is mask

• minimum: 0

chars_to_ignore

array<string>

List of characters that should not be masked (for example, hyphens or periods)

masking_char

string

(default: "*")

Character to use when masking text

• minLength: 1

• maxLength: 1

hash

object, null

Hash configuration when redaction_type is hash

fpe_alphabet

Alphabet used for Format-Preserving Encryption (FPE). Determines the character set for encryption.

fpe_tweak_vault_secret_id

string, null

ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

fpe_tweak

string, null

Tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

• minLength: 7

• maxLength: 7

vault_service_config_id

string, null

ID of the Vault service configuration used to create and manage the secrets used in this Redact configuration

salt_vault_secret_id

string, null

ID of a Vault secret containing the salt value used for hashing. Pangea requires salting to protect against brute-force attacks.

fpe_vault_secret_id

string, null

ID of the Vault secret containing the encryption key used with FF3 algorithms for Format-Preserving Encryption (FPE).

rules

object

Map of custom rule identifiers to their definitions. Each key is a unique rule name, and each value is a redaction rule object that specifies how to detect and process a particular entity.

Pattern Property: ^.*$

object

entity_name

string

Name of the entity this rule detects (for example, EMAIL_ADDRESS, US_SSN)

matchers

match_threshold

number

Threshold score required for the rule to trigger a match

• minimum: 0.1

• maximum: 1

context_values

array,null<string>

List of context keywords that support positive identification

negative_context_values

array,null<string>

List of context keywords that suppress matches

name

string

Name for the rule

description

string

Description of what the rule detects

rulesets

object

Map of ruleset identifiers to ruleset definitions. Each key is a unique ruleset name, and each value defines a custom set of redaction rules.

^.*$

object

Defines a customizable set of redaction rules

name

string

Display name of the ruleset

description

string

Description of the ruleset's purpose or scope

rules

array<string>

List of rule identifiers included in this ruleset.

supported_languages

array<string>

List of language codes supported by this redaction configuration.

Response Fields

Response Schema

object

Pangea standard response schema

result

version

string

(default: "1.0.0")

Configuration version

id

string

ID of a Redact service configuration

name

string

Human-readable name of the Redact service configuration

updated_at

string (date-time)

Timestamp of the last update to the configuration, in ISO 8601 format. Assigned automatically by the system.

enabled_rules

array<string>

(default: )

List of short rule names (rule identifiers) enabled for this configuration. Each rule specifies what to redact and how.

redactions

object

Map of short rule names to redaction settings. Each key is a short rule name (for example, EMAIL_ADDRESS, PERSON), and the corresponding value defines how data matching that rule should be redacted. For example:

{
  "hash": {
    "hash_type": "md5"
  },
  "fpe_alphabet": "numeric",
  "redaction_type": "fpe",
  "partial_masking": {
    "masking_char": "*",
    "masking_type": "unmask",
    "unmasked_from_left": 0,
    "unmasked_from_right": 4
  },
  "redaction_value": "<US_SSN>"
}

Note that in this example, the redaction_type is fpe, so only the fpe_alphabet field is required. Other parameters are included in the rule definition but only take effect if they are relevant to the selected redaction type.

Pattern Property: ^.*$

Configuration for the redaction method applied to detected values.

Each rule supports one redaction type, such as masking, replacement, hashing, Format-Preserving Encryption (FPE), or detection-only mode. Additional parameters may be required depending on the selected redaction type.

For more details, see the Redaction Methods documentation.

redaction_type

string

Redaction method to apply for this rule

redaction_value

string

Replacement string to use when redaction_type is replacement

partial_masking

object

Controls how text is masked when redaction_type is partial_masking

masking_type

string

(default: "unmask")

Defines the masking strategy. Use unmask to specify how many characters to keep visible. Use mask to specify how many to hide.

unmasked_from_left

integer

Number of leading characters to leave unmasked when masking_type is unmask

• minimum: 0

unmasked_from_right

integer

Number of trailing characters to leave unmasked when masking_type is unmask

• minimum: 0

masked_from_left

integer

Number of leading characters to mask when masking_type is mask

• minimum: 0

masked_from_right

integer

Number of trailing characters to mask when masking_type is mask

• minimum: 0

chars_to_ignore

array<string>

List of characters that should not be masked (for example, hyphens or periods)

masking_char

string

(default: "*")

Character to use when masking text

• minLength: 1

• maxLength: 1

hash

object, null

Hash configuration when redaction_type is hash

fpe_alphabet

Alphabet used for Format-Preserving Encryption (FPE). Determines the character set for encryption.

fpe_tweak_vault_secret_id

string, null

ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

fpe_tweak

string, null

Tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

• minLength: 7

• maxLength: 7

vault_service_config_id

string, null

ID of the Vault service configuration used to create and manage the secrets used in this Redact configuration

salt_vault_secret_id

string, null

ID of a Vault secret containing the salt value used for hashing. Pangea requires salting to protect against brute-force attacks.

rules

object

Map of custom rule identifiers to rule definitions. Each key is a unique rule ID, and the value is a redaction rule object.

Pattern Property: ^.*$

object

entity_name

string

Name of the entity this rule detects (for example, EMAIL_ADDRESS, US_SSN)

matchers

ruleset

string

Identifier of the ruleset this rule belongs to

match_threshold

number

Threshold score required for the rule to trigger a match

• minimum: 0.1

• maximum: 1

context_values

array,null<string>

List of context keywords that support positive identification

name

string

Name for the rule

description

string

Description of what the rule detects

rulesets

object

^.*$

object

name

string

Display name of the ruleset

description

string

Description of the ruleset's purpose or scope

supported_languages

array<string>

List of language codes supported by this redaction configuration.

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/update

cURL

Code Snippet Language

curl -sSLX POST 'https://redact.aws.us.pangea.cloud/v1beta/config/update' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

This endpoint cannot be called through the documentation site

Update Redact config

POST

https://redact.aws.us.pangea.cloud/v1beta/config/update

Update a Redact service configuration.

To update a configuration, first retrieve the current version, apply your changes, and submit the updated configuration to this endpoint.

For a full example using a Project Admin management client, see the Service Configuration APIs documentation.

required parameters

id

string

ID of a Redact service configuration

name

string

Human-readable name of the Redact service configuration

updated_at

string (date-time)

Timestamp of the last update to the configuration, in ISO 8601 format. Assigned automatically by the system.

optional parameters

version

string

(default: "2.0.0")

Configuration version. Current version is 2.0.0.

enabled_rules

array<string>

(default: )

List of short rule names (rule identifiers) enabled for this configuration. Each rule specifies what to redact and how.

enforce_enabled_rules

boolean

(default: false)

If true, the rules listed in enabled_rules will always be applied to all Redact calls, regardless of request-specific flags

redactions

object

Map of short rule names to redaction settings. Each key is a short rule name (for example, EMAIL_ADDRESS, PERSON), and the corresponding value defines how data matching that rule should be redacted. For example:

{
  "hash": {
    "hash_type": "md5"
  },
  "fpe_alphabet": "numeric",
  "redaction_type": "fpe",
  "partial_masking": {
    "masking_char": "*",
    "masking_type": "unmask",
    "unmasked_from_left": 0,
    "unmasked_from_right": 4
  },
  "redaction_value": "<US_SSN>"
}

Note that in this example, the redaction_type is fpe, so only the fpe_alphabet field is required. Other parameters are included in the rule definition but only take effect if they are relevant to the selected redaction type.

Pattern Property: ^.*$

Configuration for the redaction method applied to detected values.

Each rule supports one redaction type, such as masking, replacement, hashing, Format-Preserving Encryption (FPE), or detection-only mode. Additional parameters may be required depending on the selected redaction type.

For more details, see the Redaction Methods documentation.

redaction_type

string

Redaction method to apply for this rule

redaction_value

string

Replacement string to use when redaction_type is replacement

partial_masking

object

Controls how text is masked when redaction_type is partial_masking

masking_type

string

(default: "unmask")

Defines the masking strategy. Use unmask to specify how many characters to keep visible. Use mask to specify how many to hide.

unmasked_from_left

integer

Number of leading characters to leave unmasked when masking_type is unmask

• minimum: 0

unmasked_from_right

integer

Number of trailing characters to leave unmasked when masking_type is unmask

• minimum: 0

masked_from_left

integer

Number of leading characters to mask when masking_type is mask

• minimum: 0

masked_from_right

integer

Number of trailing characters to mask when masking_type is mask

• minimum: 0

chars_to_ignore

array<string>

List of characters that should not be masked (for example, hyphens or periods)

masking_char

string

(default: "*")

Character to use when masking text

• minLength: 1

• maxLength: 1

hash

object, null

Hash configuration when redaction_type is hash

fpe_alphabet

Alphabet used for Format-Preserving Encryption (FPE). Determines the character set for encryption.

fpe_tweak_vault_secret_id

string, null

ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

fpe_tweak

string, null

Tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

• minLength: 7

• maxLength: 7

vault_service_config_id

string, null

ID of the Vault service configuration used to create and manage the secrets used in this Redact configuration

salt_vault_secret_id

string, null

ID of a Vault secret containing the salt value used for hashing. Pangea requires salting to protect against brute-force attacks.

fpe_vault_secret_id

string, null

ID of the Vault secret containing the encryption key used with FF3 algorithms for Format-Preserving Encryption (FPE).

rules

object

Map of custom rule identifiers to their definitions. Each key is a unique rule name, and each value is a redaction rule object that specifies how to detect and process a particular entity.

Pattern Property: ^.*$

object

entity_name

string

Name of the entity this rule detects (for example, EMAIL_ADDRESS, US_SSN)

matchers

match_threshold

number

Threshold score required for the rule to trigger a match

• minimum: 0.1

• maximum: 1

context_values

array,null<string>

List of context keywords that support positive identification

negative_context_values

array,null<string>

List of context keywords that suppress matches

name

string

Name for the rule

description

string

Description of what the rule detects

rulesets

object

Map of ruleset identifiers to ruleset definitions. Each key is a unique ruleset name, and each value defines a custom set of redaction rules.

^.*$

object

Defines a customizable set of redaction rules

name

string

Display name of the ruleset

description

string

Description of the ruleset's purpose or scope

rules

array<string>

List of rule identifiers included in this ruleset.

supported_languages

array<string>

List of language codes supported by this redaction configuration.

Response Fields

Response Schema

object

Pangea standard response schema

result

version

string

(default: "1.0.0")

Configuration version

id

string

ID of a Redact service configuration

name

string

Human-readable name of the Redact service configuration

updated_at

string (date-time)

Timestamp of the last update to the configuration, in ISO 8601 format. Assigned automatically by the system.

enabled_rules

array<string>

(default: )

List of short rule names (rule identifiers) enabled for this configuration. Each rule specifies what to redact and how.

redactions

object

Map of short rule names to redaction settings. Each key is a short rule name (for example, EMAIL_ADDRESS, PERSON), and the corresponding value defines how data matching that rule should be redacted. For example:

{
  "hash": {
    "hash_type": "md5"
  },
  "fpe_alphabet": "numeric",
  "redaction_type": "fpe",
  "partial_masking": {
    "masking_char": "*",
    "masking_type": "unmask",
    "unmasked_from_left": 0,
    "unmasked_from_right": 4
  },
  "redaction_value": "<US_SSN>"
}

Note that in this example, the redaction_type is fpe, so only the fpe_alphabet field is required. Other parameters are included in the rule definition but only take effect if they are relevant to the selected redaction type.

Pattern Property: ^.*$

Configuration for the redaction method applied to detected values.

Each rule supports one redaction type, such as masking, replacement, hashing, Format-Preserving Encryption (FPE), or detection-only mode. Additional parameters may be required depending on the selected redaction type.

For more details, see the Redaction Methods documentation.

redaction_type

string

Redaction method to apply for this rule

redaction_value

string

Replacement string to use when redaction_type is replacement

partial_masking

object

Controls how text is masked when redaction_type is partial_masking

masking_type

string

(default: "unmask")

Defines the masking strategy. Use unmask to specify how many characters to keep visible. Use mask to specify how many to hide.

unmasked_from_left

integer

Number of leading characters to leave unmasked when masking_type is unmask

• minimum: 0

unmasked_from_right

integer

Number of trailing characters to leave unmasked when masking_type is unmask

• minimum: 0

masked_from_left

integer

Number of leading characters to mask when masking_type is mask

• minimum: 0

masked_from_right

integer

Number of trailing characters to mask when masking_type is mask

• minimum: 0

chars_to_ignore

array<string>

List of characters that should not be masked (for example, hyphens or periods)

masking_char

string

(default: "*")

Character to use when masking text

• minLength: 1

• maxLength: 1

hash

object, null

Hash configuration when redaction_type is hash

fpe_alphabet

Alphabet used for Format-Preserving Encryption (FPE). Determines the character set for encryption.

fpe_tweak_vault_secret_id

string, null

ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

fpe_tweak

string, null

Tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

• minLength: 7

• maxLength: 7

vault_service_config_id

string, null

ID of the Vault service configuration used to create and manage the secrets used in this Redact configuration

salt_vault_secret_id

string, null

ID of a Vault secret containing the salt value used for hashing. Pangea requires salting to protect against brute-force attacks.

rules

object

Map of custom rule identifiers to rule definitions. Each key is a unique rule ID, and the value is a redaction rule object.

Pattern Property: ^.*$

object

entity_name

string

Name of the entity this rule detects (for example, EMAIL_ADDRESS, US_SSN)

matchers

ruleset

string

Identifier of the ruleset this rule belongs to

match_threshold

number

Threshold score required for the rule to trigger a match

• minimum: 0.1

• maximum: 1

context_values

array,null<string>

List of context keywords that support positive identification

name

string

Name for the rule

description

string

Description of what the rule detects

rulesets

object

^.*$

object

name

string

Display name of the ruleset

description

string

Description of the ruleset's purpose or scope

supported_languages

array<string>

List of language codes supported by this redaction configuration.

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/delete

cURL

Code Snippet Language

curl -sSLX POST 'https://redact.aws.us.pangea.cloud/v1beta/config/delete' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

This endpoint cannot be called through the documentation site

Delete redact config (Beta)

POST

https://redact.aws.us.pangea.cloud/v1beta/config/delete

required parameters

id

string

ID of a Redact service configuration

Response Fields

Response Schema

object

Pangea standard response schema

result

version

string

(default: "1.0.0")

Configuration version

id

string

ID of a Redact service configuration

name

string

Human-readable name of the Redact service configuration

updated_at

string (date-time)

Timestamp of the last update to the configuration, in ISO 8601 format. Assigned automatically by the system.

enabled_rules

array<string>

(default: )

List of short rule names (rule identifiers) enabled for this configuration. Each rule specifies what to redact and how.

redactions

object

Map of short rule names to redaction settings. Each key is a short rule name (for example, EMAIL_ADDRESS, PERSON), and the corresponding value defines how data matching that rule should be redacted. For example:

{
  "hash": {
    "hash_type": "md5"
  },
  "fpe_alphabet": "numeric",
  "redaction_type": "fpe",
  "partial_masking": {
    "masking_char": "*",
    "masking_type": "unmask",
    "unmasked_from_left": 0,
    "unmasked_from_right": 4
  },
  "redaction_value": "<US_SSN>"
}

Note that in this example, the redaction_type is fpe, so only the fpe_alphabet field is required. Other parameters are included in the rule definition but only take effect if they are relevant to the selected redaction type.

Pattern Property: ^.*$

Configuration for the redaction method applied to detected values.

Each rule supports one redaction type, such as masking, replacement, hashing, Format-Preserving Encryption (FPE), or detection-only mode. Additional parameters may be required depending on the selected redaction type.

For more details, see the Redaction Methods documentation.

redaction_type

string

Redaction method to apply for this rule

redaction_value

string

Replacement string to use when redaction_type is replacement

partial_masking

object

Controls how text is masked when redaction_type is partial_masking

masking_type

string

(default: "unmask")

Defines the masking strategy. Use unmask to specify how many characters to keep visible. Use mask to specify how many to hide.

unmasked_from_left

integer

Number of leading characters to leave unmasked when masking_type is unmask

• minimum: 0

unmasked_from_right

integer

Number of trailing characters to leave unmasked when masking_type is unmask

• minimum: 0

masked_from_left

integer

Number of leading characters to mask when masking_type is mask

• minimum: 0

masked_from_right

integer

Number of trailing characters to mask when masking_type is mask

• minimum: 0

chars_to_ignore

array<string>

List of characters that should not be masked (for example, hyphens or periods)

masking_char

string

(default: "*")

Character to use when masking text

• minLength: 1

• maxLength: 1

hash

object, null

Hash configuration when redaction_type is hash

fpe_alphabet

Alphabet used for Format-Preserving Encryption (FPE). Determines the character set for encryption.

fpe_tweak_vault_secret_id

string, null

ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

fpe_tweak

string, null

Tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

• minLength: 7

• maxLength: 7

vault_service_config_id

string, null

ID of the Vault service configuration used to create and manage the secrets used in this Redact configuration

salt_vault_secret_id

string, null

ID of a Vault secret containing the salt value used for hashing. Pangea requires salting to protect against brute-force attacks.

rules

object

Map of custom rule identifiers to rule definitions. Each key is a unique rule ID, and the value is a redaction rule object.

Pattern Property: ^.*$

object

entity_name

string

Name of the entity this rule detects (for example, EMAIL_ADDRESS, US_SSN)

matchers

ruleset

string

Identifier of the ruleset this rule belongs to

match_threshold

number

Threshold score required for the rule to trigger a match

• minimum: 0.1

• maximum: 1

context_values

array,null<string>

List of context keywords that support positive identification

name

string

Name for the rule

description

string

Description of what the rule detects

rulesets

object

^.*$

object

name

string

Display name of the ruleset

description

string

Description of the ruleset's purpose or scope

supported_languages

array<string>

List of language codes supported by this redaction configuration.

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/list

cURL

Code Snippet Language

curl -sSLX POST 'https://redact.aws.us.pangea.cloud/v1beta/config/list' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

List Redact configs

POST

https://redact.aws.us.pangea.cloud/v1beta/config/list

Retrieve a paginated list of Redact service configurations.

fields

filter

object

id

string

Only records where id equals this value.

id

id

id__contains

array<string>

Only records where id includes each substring.

Click 'Save' to use the value

id__in

array<string>

Only records where id equals one of the provided substrings.

Click 'Save' to use the value

created_at

string (date-time)

Only records where created_at equals this value.

created_at

created_at

created_at__gt

string (date-time)

Only records where created_at is greater than this value.

created_at__gt

created_at__gt

created_at__gte

string (date-time)

Only records where created_at is greater than or equal to this value.

created_at__gte

created_at__gte

created_at__lt

string (date-time)

Only records where created_at is less than this value.

created_at__lt

created_at__lt

created_at__lte

string (date-time)

Only records where created_at is less than or equal to this value.

created_at__lte

created_at__lte

updated_at

string (date-time)

Only records where updated_at equals this value.

updated_at

updated_at

updated_at__gt

string (date-time)

Only records where updated_at is greater than this value.

updated_at__gt

updated_at__gt

updated_at__gte

string (date-time)

Only records where updated_at is greater than or equal to this value.

updated_at__gte

updated_at__gte

updated_at__lt

string (date-time)

Only records where updated_at is less than this value.

updated_at__lt

updated_at__lt

updated_at__lte

string (date-time)

Only records where updated_at is less than or equal to this value.

updated_at__lte

updated_at__lte

last

string

Reflected value from a previous response to obtain the next page of results.

last

last

order

string

Order results asc(ending) or desc(ending).

order

​

order

order_by

string

Which field to order results by.

order_by

​

order_by

size

integer

Maximum results to include in the response.

• minimum: 1

size

size

Response Fields

Response Schema

object

Pangea standard response schema

result

object

count

integer

Number of service configs matched by the list request

last

string

Base64-encoded pagination cursor from the previous response, used to retrieve the next page of results

items

version

string

(default: "1.0.0")

Configuration version

id

string

ID of a Redact service configuration

name

string

Human-readable name of the Redact service configuration

updated_at

string (date-time)

Timestamp of the last update to the configuration, in ISO 8601 format. Assigned automatically by the system.

enabled_rules

array<string>

(default: )

List of short rule names (rule identifiers) enabled for this configuration. Each rule specifies what to redact and how.

redactions

object

Map of short rule names to redaction settings. Each key is a short rule name (for example, EMAIL_ADDRESS, PERSON), and the corresponding value defines how data matching that rule should be redacted. For example:

{
  "hash": {
    "hash_type": "md5"
  },
  "fpe_alphabet": "numeric",
  "redaction_type": "fpe",
  "partial_masking": {
    "masking_char": "*",
    "masking_type": "unmask",
    "unmasked_from_left": 0,
    "unmasked_from_right": 4
  },
  "redaction_value": "<US_SSN>"
}

Note that in this example, the redaction_type is fpe, so only the fpe_alphabet field is required. Other parameters are included in the rule definition but only take effect if they are relevant to the selected redaction type.

Pattern Property: ^.*$

Configuration for the redaction method applied to detected values.

Each rule supports one redaction type, such as masking, replacement, hashing, Format-Preserving Encryption (FPE), or detection-only mode. Additional parameters may be required depending on the selected redaction type.

For more details, see the Redaction Methods documentation.

redaction_type

string

Redaction method to apply for this rule

redaction_value

string

Replacement string to use when redaction_type is replacement

partial_masking

object

Controls how text is masked when redaction_type is partial_masking

masking_type

string

(default: "unmask")

Defines the masking strategy. Use unmask to specify how many characters to keep visible. Use mask to specify how many to hide.

unmasked_from_left

integer

Number of leading characters to leave unmasked when masking_type is unmask

• minimum: 0

unmasked_from_right

integer

Number of trailing characters to leave unmasked when masking_type is unmask

• minimum: 0

masked_from_left

integer

Number of leading characters to mask when masking_type is mask

• minimum: 0

masked_from_right

integer

Number of trailing characters to mask when masking_type is mask

• minimum: 0

chars_to_ignore

array<string>

List of characters that should not be masked (for example, hyphens or periods)

masking_char

string

(default: "*")

Character to use when masking text

• minLength: 1

• maxLength: 1

hash

object, null

Hash configuration when redaction_type is hash

fpe_alphabet

Alphabet used for Format-Preserving Encryption (FPE). Determines the character set for encryption.

fpe_tweak_vault_secret_id

string, null

ID of a Vault secret containing the tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

fpe_tweak

string, null

Tweak value used for Format-Preserving Encryption (FPE). Enables deterministic encryption, ensuring that identical inputs produce consistent encrypted outputs.

• minLength: 7

• maxLength: 7

vault_service_config_id

string, null

ID of the Vault service configuration used to create and manage the secrets used in this Redact configuration

salt_vault_secret_id

string, null

ID of a Vault secret containing the salt value used for hashing. Pangea requires salting to protect against brute-force attacks.

rules

object

Map of custom rule identifiers to rule definitions. Each key is a unique rule ID, and the value is a redaction rule object.

Pattern Property: ^.*$

object

entity_name

string

Name of the entity this rule detects (for example, EMAIL_ADDRESS, US_SSN)

matchers

ruleset

string

Identifier of the ruleset this rule belongs to

match_threshold

number

Threshold score required for the rule to trigger a match

• minimum: 0.1

• maximum: 1

context_values

array,null<string>

List of context keywords that support positive identification

name

string

Name for the rule

description

string

Description of what the rule detects

rulesets

object

^.*$

object

name

string

Display name of the ruleset

description

string

Description of the ruleset's purpose or scope

supported_languages

array<string>

List of language codes supported by this redaction configuration.

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Status Codes

Status	Status Code	Description
InvalidFPEKey	400	FPE key provided was not valid
RegexTimeout	400	A user-provided regex took too long to run

Was this article helpful?

Contact us