-
Notifications
You must be signed in to change notification settings - Fork 3
/
api.yaml
534 lines (479 loc) · 17.2 KB
/
api.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
openapi: '3.0.0'
info:
title: Vault HTTP API
description: |
The VGS Vault HTTP API is used for storing, retrieving, and managing sensitive data (aka Tokenization) within a VGS Vault.
The VGS API is organized around REST. Our API is built with a predictable resource-oriented structure, uses JSON-encoded requests and responses, follows standard HTTP verbs/responses, and uses industry standard authentication.
## What is VGS
Storing sensitive data on your company’s infrastructure often comes with a heavy compliance burden. For instance, storing payments data yourself greatly increases the amount of work needed to become PCI compliant. It also increases your security risk in general. To combat this, companies will minimize the amount of sensitive information they have to handle or store.
VGS provides multiple methods for minimizing the sensitive information that needs to be stored which allows customers to secure any type of data for any use-case.
**Tokenization** is a method that focuses on securing the storage of data. This is the quickest way to get started and is free. [Get started with Tokenization](https://www.verygoodsecurity.com/docs/tokenization/getting-started).
**Zero Data** is a unique method invented by VGS in 2016 that securely stores data like Tokenization, however it also removes the customer’s environment from PCI scope completely providing maximum security, and minimum compliance scope. [Get started with Zero Data](https://www.verygoodsecurity.com/docs/getting-started/before-you-start).
Additionally, for scenarios where neither technology is a complete solution, for instance with legacy systems, VGS provides a compliance product which guarantees customers are able to meet their compliance needs no matter what may happen. [Get started with Control](https://www.verygoodsecurity.com/docs/control).
## Learn about Tokenization
- [Create an Account for Free Tokenization](https://dashboard.verygoodsecurity.com/tokenization)
- [Try a Tokenization Demo](https://www.verygoodsecurity.com/docs/tokenization/getting-started)
- [Install a Tokenization SDK](https://www.verygoodsecurity.com/docs/tokenization/client-libraries)
### Authentication
This API uses `Basic` authentication and is implemented using industry best practices to ensure the security of the connection. Read more about [Identity and Access Management at VGS](https://www.verygoodsecurity.com/docs/vault/the-platform/iam)
Credentials to access the API can be generated on the
[dashboard](https://dashboard.verygoodsecurity.com) by going to the Settings
section of the vault of your choosing.
[Docs » Guides » Access credentials](https://www.verygoodsecurity.com/docs/settings/access-credentials)
## Resource Limits
### Data Limits
This API allows storing data up to 32MB in size.
### Rate Limiting
The API allows up to 3,000 requests per minute. Requests are associated with
the vault, regardless of the access credentials used to authenticate the
request.
Your current rate limit is included as HTTP headers in every API response:
| Header Name | Description |
|-------------------------|----------------------------------------------------------|
| `x-ratelimit-remaining` | The number of requests remaining in the 1-minute window. |
If you exceed the rate limit, the API will reject the request with HTTP
[429 Too Many Requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/429).
### Errors
The API uses standard HTTP status codes to indicate whether the request
succeeded or not.
In case of failure, the response body will be JSON in a predefined format.
For example, trying to create too many aliases at once results in the
following response:
```json
{
"errors": [
{
"status": 400,
"title": "Bad request",
"detail": "Too many values (limit: 20)",
"href": "https://api.sandbox.verygoodvault.com/aliases"
}
]
}
```
version: '1.0.0'
contact:
email: [email protected]
x-logo:
url: images/vgs-logo.png
href: https://www.verygoodsecurity.com
altText: VGS Logo
externalDocs:
description: Find out more about VGS
url: https://www.verygoodsecurity.com/
servers:
- url: https://api.sandbox.verygoodvault.com
description: Sandbox
- url: https://api.live.verygoodvault.com
description: Live
- url: https://api.live-eu-1.verygoodvault.com
description: Live EU
tags:
- name: aliases
x-displayName: Aliases
description: |
Unique IDs that retain all the essential information about the data
without compromising its security.
x-tagGroups:
- name: Data Management
tags:
- aliases
security:
- basicAuth: []
paths:
/aliases:
post:
operationId: createAliases
tags:
- aliases
summary: Create aliases
description: |
Stores multiple values at once & returns their aliases.
Alternatively, this endpoint may be used to associate additional (i.e.
secondary) aliases with the same underlying data as the reference
alias specified in the request body.
**NOTE:** You cannot reference the same alias more than once in a
single request.
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateAliasesRequest'
examples:
A:
summary: Create a new alias
value:
data:
- value: 122105155
classifiers:
- bank-account
format: UUID
storage: PERSISTENT
B:
summary: Reference an existing alias
value:
data:
- alias: tok_sandbox_bhtsCwFUzoJMw9rWUfEV5e
format: RAW_UUID
storage: PERSISTENT
responses:
'201':
description: Created
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/RevealedData'
description: List of stored values along with their aliases.
default:
$ref: '#/components/responses/ApiErrorsResponse'
x-codeSamples:
- lang: Shell
label: cURL
source: |
curl https://api.sandbox.verygoodvault.com/aliases \
-X POST \
-u "$USERNAME:$PASSWORD" \
-H 'Content-Type: application/json' \
-d '{
"data": [
{
"value": "[email protected]",
"classifiers": [
"email_address"
],
"format": "UUID"
"storage": "VOLATILE"
}
]
}'
get:
operationId: revealMultipleAliases
tags:
- aliases
summary: Reveal multiple aliases
description: |
Given a list of aliases, retrieves all associated values stored in the
vault.
**NOTE:** This endpoint may expose sensitive data. Therefore, it is
disabled by default. To enable it, please contact your VGS account
manager or drop us a line at
[[email protected]](mailto:[email protected]).
parameters:
- name: q
in: query
required: true
description: Comma-separated list of aliases to reveal.
example:
- "tok_sandbox_5UpnbMvaihRuRwz5QXwBFw,tok_sandbox_9ToiJHedw1nE1Jfx1qYYgz"
schema:
type: string
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
data:
type: object
additionalProperties:
x-additionalPropertiesName: alias
$ref: '#/components/schemas/RevealedData'
example:
tok_sandbox_5UpnbMvaihRuRwz5QXwBFw:
value: "476673481"
classifiers:
- bank-account
aliases:
- value: tok_sandbox_5UpnbMvaihRuRwz5QXwBFw
format: UUID
created_at: "2019-08-10T11:45:30Z"
storage: VOLATILE
tok_sandbox_9ToiJHedw1nE1Jfx1qYYgz:
value: "750360025"
classifiers:
- bank-account
aliases:
- value: tok_sandbox_9ToiJHedw1nE1Jfx1qYYgz
format: UUID
created_at: "2019-08-10T11:45:30Z"
storage: VOLATILE
default:
$ref: '#/components/responses/ApiErrorsResponse'
x-codeSamples:
- lang: Shell
label: cURL
source: |
curl https://api.sandbox.verygoodvault.com/aliases?q={{alias1}},{{alias2}} \
-u "$USERNAME:$PASSWORD"
/aliases/{alias}:
parameters:
- $ref: '#/components/parameters/alias'
get:
operationId: revealAlias
tags:
- aliases
summary: Reveal single alias
description: |
Retrieves a stored value along with its aliases.
**NOTE:** This endpoint may expose sensitive data. Therefore, it is
disabled by default. To enable it, please contact your VGS account
manager or drop us a line at
[[email protected]](mailto:[email protected]).
parameters:
- $ref: '#/components/parameters/alias'
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/RevealedData'
description: The retrieved value.
minItems: 1
maxItems: 1
default:
$ref: '#/components/responses/ApiErrorsResponse'
x-codeSamples:
- lang: Shell
label: cURL
source: |
curl https://api.sandbox.verygoodvault.com/aliases/{{alias}} \
-u "$USERNAME:$PASSWORD"
put:
operationId: updateAlias
tags:
- aliases
summary: Update data classifiers
description: |
Apply new classifiers to the value that the specified alias is
associated with.
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateAliasRequest'
responses:
'204':
description: No Content
default:
$ref: '#/components/responses/ApiErrorsResponse'
x-codeSamples:
- lang: Shell
label: cURL
source: |
curl https://api.sandbox.verygoodvault.com/aliases/{{alias}} \
-X PUT \
-u "$USERNAME:$PASSWORD" \
-H 'Content-Type: application/json' \
-d '{
"data": {
"classifiers": [
"credit-cards", "PII"
]
}
}'
delete:
operationId: deleteAlias
tags:
- aliases
summary: Delete alias
description: |
Removes a single alias.
parameters:
- $ref: '#/components/parameters/alias'
responses:
'204':
description: No Content
default:
$ref: '#/components/responses/ApiErrorsResponse'
x-codeSamples:
- lang: Shell
label: cURL
source: |
curl https://api.sandbox.verygoodvault.com/aliases/{{alias}} \
-X DELETE \
-u "$USERNAME:$PASSWORD"
components:
# See the following links for details:
# - https://swagger.io/docs/specification/authentication/basic-authentication/
securitySchemes:
basicAuth:
type: http
scheme: basic
description: The default authentication schema.
parameters:
alias:
name: alias
in: path
required: true
description: Alias to operate on.
schema:
type: string
example: tok_sandbox_bhtsCwFUzoJMw9rWUfEV5e
responses:
ApiErrorsResponse:
description: Something went wrong
content:
application/json:
schema:
type: object
properties:
errors:
type: array
items:
$ref: '#/components/schemas/ApiError'
description: List of errors that occurred while processing the request.
minItems: 1
schemas:
ApiError:
type: object
properties:
status:
type: integer
description: HTTP status code.
title:
type: string
description: High-level reason of why the request failed.
detail:
type: string
description: Explanation of what exactly went wrong.
href:
type: string
description: Request URL.
RevealedData:
type: "object"
properties:
value:
type: "string"
description: Decrypted value stored in the vault.
example: 122105155
classifiers:
type: "array"
items:
type: "string"
example: bank-account
description: List of tags the value is classified with.
aliases:
type: "array"
items:
$ref: '#/components/schemas/Alias'
description: List of aliases associated with the value.
created_at:
type: "string"
format: "date-time"
description: Creation time, in UTC.
example: "2019-05-15T12:30:45Z"
storage:
type: string
enum:
- PERSISTENT
- VOLATILE
default: PERSISTENT
description: |
Storage medium to use.
VOLATILE results in data being persisted into an in-memory data store for one hour which is required for PCI compliant storage of card security code data.
Alias:
type: "object"
properties:
alias:
type: "string"
example: tok_sandbox_bhtsCwFUzoJMw9rWUfEV5e
description: Opaque string used to substitute the raw value.
format:
$ref: '#/components/schemas/AliasFormat'
AliasFormat:
type: string
enum:
- FPE_ACC_NUM_T_FOUR
- FPE_ALPHANUMERIC_ACC_NUM_T_FOUR
- FPE_SIX_T_FOUR
- FPE_SSN_T_FOUR
- FPE_T_FOUR
- NUM_LENGTH_PRESERVING
- PFPT
- RAW_UUID
- UUID
description: |
Format of the generated alias string.
See [Alias Formats](#section/Introduction/Alias-Formats) for details.
example: UUID
CreateAliasesRequest:
type: object
properties:
data:
type: array
items:
oneOf:
- $ref: '#/components/schemas/CreateAliasesRequestNew'
- $ref: '#/components/schemas/CreateAliasesRequestReference'
minItems: 1
maxItems: 20
required:
- data
CreateAliasesRequestNew:
type: object
properties:
value:
type: string
description: Raw value to encrypt & store in the vault.
example: 122105155
classifiers:
type: array
items:
type: string
example: bank-account
description: List of tags to classify the value with.
format:
$ref: '#/components/schemas/AliasFormat'
storage:
type: string
enum:
- PERSISTENT
- VOLATILE
default: PERSISTENT
description: |
Storage medium to use.
VOLATILE results in data being persisted into an in-memory data store for one hour which is required for PCI compliant storage of card security code data.
required:
- value
- format
CreateAliasesRequestReference:
type: object
properties:
alias:
type: string
description: Existing alias to use as a reference.
example: tok_sandbox_bhtsCwFUzoJMw9rWUfEV5e
format:
$ref: '#/components/schemas/AliasFormat'
required:
- alias
- format
UpdateAliasRequest:
type: object
properties:
data:
type: object
properties:
classifiers:
type: array
items:
type: string
example: bank-account
description: List of tags to classify the value with.
required:
- classifiers
required:
- data