skyflow-node
Version:
Skyflow SDK for Node.js
1,437 lines (1,193 loc) • 117 kB
Markdown
# Skyflow Node.js SDK
SDK for the Skyflow Data Privacy Vault.
[](https://github.com/skyflowapi/skyflow-node/actions)
[](https://www.npmjs.com/package/skyflow-node)
[](https://github.com/skyflowapi/skyflow-node/blob/main/LICENSE)
## Table of contents
- [Skyflow Node.js SDK](#skyflow-nodejs-sdk)
- [Table of contents](#table-of-contents)
- [Overview](#overview)
- [Install](#installation)
- [Requirements](#requirements)
- [Import / Require](#import--require)
- [Require](#require)
- [ES modules](#es-modules)
- [All imports](#all-imports)
- [Migrate from v1 to v2](#migrate-from-v1-to-v2)
- [Authentication options](#authentication-options)
- [Initializing the client](#initializing-the-client)
- [Request & response structure](#request--response-structure)
- [Request options](#request-options)
- [Error structure](#error-structure)
- [Quickstart](#quickstart)
- [Authenticate](#authenticate)
- [Initialize the client](#initialize-the-client)
- [Insert data into the vault](#insert-data-into-the-vault)
- [Vault](#vault)
- [Insert data into the vault](#insert-data-into-the-vault)
- [Detokenize](#detokenize)
- [Tokenize](#tokenize)
- [Get](#get)
- [Get by skyflow IDs](#get-by-skyflow-ids)
- [Get tokens](#get-tokens)
- [Get by column name and column values](#get-by-column-name-and-column-values)
- [Redaction types](#redaction-types)
- [Update](#update)
- [Delete](#delete)
- [Invoke Connection](#invoke-a-connection)
- [Query](#query)
- [Detect](#detect)
- [Deidentify Text](#deidentify-text)
- [Reidentify Text](#reidentify-text)
- [Deidentify File](#deidentify-file)
- [Get Run](#get-run)
- [Connections](#connections)
- [Invoke a connection](#invoke-a-connection)
- [Authenticate with bearer tokens](#authenticate-with-bearer-tokens)
- [Generate a bearer token](#generate-a-bearer-token)
- [Generate bearer tokens with context](#generate-bearer-tokens-with-context)
- [Generate scoped bearer tokens](#generate-scoped-bearer-tokens)
- [Generate signed data tokens](#generate-signed-data-tokens)
- [Bearer token expiry edge case](#bearer-token-expiry-edge-case)
- [Logging](#logging)
- [Reporting a vulnerability](#reporting-a-vulnerability)
# Overview
- Authenticate using a Skyflow service account and generate bearer tokens for secure access.
- Perform Vault API operations such as inserting, retrieving, and tokenizing sensitive data with ease.
- Invoke connections to third-party APIs without directly handling sensitive data, ensuring compliance and data protection.
# Install
#### Requirements
- Node 12.22.12 and above
```sh
npm install skyflow-node
```
#### Import / Require
Depending on your project setup, you may use either the `require` method (common in Node.js projects) or the `import` statement (common in projects using ES modules).
##### Require
```typescript
const { Skyflow } = require('skyflow-node');
```
##### ES modules
```typescript
import { Skyflow } from 'skyflow-node';
```
##### All imports
```typescript
import {
Skyflow, // Vault client
isExpired, // JWT auth helpers
LogLevel, // logging options
} from 'skyflow-node'
```
## Migrate from V1 to V2
This guide outlines the steps required to migrate the Node SDK from version 1 (V1) to version 2 (V2).
---
### Authentication Options
In V2, multiple authentication options have been introduced. You can now provide credentials in the following ways:
- **API Key**
- **Environment Variable** (`SKYFLOW_CREDENTIALS`) (**Recommended**)
- **Path to Credentials JSON File**
- **Stringified JSON of Credentials**
- **Bearer Token**
These options allow you to choose the authentication method that best suits your use case.
#### V1 (Old): Passing the auth function below as a parameter to the getBearerToken key.
```javascript
// sample function to retrieve a bearer token from an environment variable
// customize this according to your environment and security posture
const auth = function () {
return new Promise((resolve, reject) => {
resolve(process.env.VAULT_BEARER_TOKEN);
});
};
```
#### V2 (New): Passing one of the following:
```javascript
// Option 1: API Key (Recommended)
const credentials = { apiKey: "<YOUR_API_KEY>" };
// Option 2: Environment Variables (Recommended)
// Set SKYFLOW_CREDENTIALS in your environment
// Option 3: Credentials File
const credentials = { path: "<YOUR_CREDENTIALS_FILE_PATH>" }; // Replace with the path to credentials file
// Option 4: Stringified JSON
const credentials = { credentialsString: JSON.stringify(process.env.SKYFLOW_CREDENTIALS) };
// Option 5: Bearer Token
const credentials = { token: "<YOUR_BEARER_TOKEN>" };
```
### Notes:
- Use only ONLY authentication method.
- API Key or Environment Variables are recommended for production use.
- Secure storage of credentials is essential.
- For overriding behavior and priority order of credentials, please refer to [Initialize the client](#initialize-the-client) section in [Quickstart](#quickstart).
---
### Initializing the client
V2 introduces TypeScript support and multi-vault support, allowing you to configure multiple vaults during client initialization.
In V2, the log level is tied to each individual client instance.
During client initialization, you can pass the following parameters:
- **`vaultId`** and **`clusterId`**: These values are derived from the vault ID & vault URL.
- **`env`**: Specify the environment (e.g., SANDBOX or PROD).
- **`credentials`**: The necessary authentication credentials.
#### V1 (Old)
```javascript
// Initialize the Skyflow Vault client
const vault = Skyflow.init({
// Id of the vault that the client should connect to.
vaultID: 'string',
// URL of the vault that the client should connect to.
vaultURL: 'string',
// Helper function generates a Skyflow bearer token.
getBearerToken: auth,
});
```
#### V2 (New)
```javascript
// Step 1: Configure Bearer Token Credentials
const credentials: Credentials = { apiKey: '<YOUR_API_KEY>' };
// Step 2: Configure Vault
const primaryVaultConfig: VaultConfig = {
vaultId: '<YOUR_VAULT>', // Primary vault
clusterId: '<YOUR_CLUSTER>', // ID from your vault URL e.g., https://{clusterId}.vault.skyflowapis.com
env: Env.PROD, // Deployment environment (PROD by default)
credentials: credentials, // Authentication method
};
// Step 3: Configure Skyflow Client
const skyflowConfig: SkyflowConfig = {
vaultConfigs: [primaryVaultConfig],
skyflowCredentials: credentials, // Skyflow credentials will be used if no individual credentials are passed
logLevel: LogLevel.INFO, // Recommended to use LogLevel.ERROR in production environment.
};
// Initialize Skyflow Client
const skyflowClient: Skyflow = new Skyflow(skyflowConfig);
```
### Key Changes:
- `vaultURL` replaced with `clusterId`.
- Added environment specification (`env`).
- Instance-specific log levels.
- TypeScript support with type definitions
---
### Request & Response Structure
In V2, with the introduction of TypeScript support, you can now pass an **InsertRequest** of type **InsertRequest**. This request need
- **`tableName`**: The name of the table.
- **`insertData`**: An array of objects containing the data to be inserted
The response will be of type InsertResponse, which contains insertedFields and errors.
#### V1 (Old) - Request Building
```javascript
const result = skyflow.insert({
records: [
{
fields: {
card_number: '411111111111111',
expiry_date: '11/22',
fullname: 'firstNameTest',
},
table: 'cards',
},
],
});
```
#### V2 (New) - Request Building
```typescript
// Prepare Insertion Data
const insertData: Record<string, unknown>[] = [
{ card_number: '4111111111111112' } // Example sensitive data
];
// Create Insert Request
const insertReq: InsertRequest = new InsertRequest(
'<SENSITIVE_DATA_TABLE>', // Replace with your actual table name
insertData
);
// Perform Secure Insertion
const response: InsertResponse = await skyflowClient
.vault("<VAULT_ID>")
.insert(insertReq);
```
#### V1 (Old) - Response Structure
```json
{
"records": [
{
"table": "cards",
"fields": {
"card_number": "f37186-e7e2-466f-91e5-48e2bcbc1",
"expiry_date": "1989cb56-63a-4482-adf-1f74cd1a5"
}
}
]
}
```
#### V2 (New) - Response Structure
```javascript
InsertResponse(
insertedFields : [
{
skyflowId : "ID1",
"<FIELD_NAME1>": "<TOKEN1>", // removed tokens key
"<FIELD_NAME2>": "<TOKEN2>"
},
{
skyflowId : "ID2",
"<FIELD_NAME3>": "<TOKEN3>",
"<FIELD_NAME4>": "<TOKEN4>"
}
],
errors: null
);
```
---
### Request Options
In V2, we have introduced inbuilt **InsertOptions** classes. These allow you to use setters to configure options instead of passing a plain object with key-value pairs.
#### V1 (Old)
```javascript
const options = {
tokens: true,
// other options
};
```
#### V2 (New)
```javascript
const insertOptions: InsertOptions = new InsertOptions();
insertOptions.setReturnTokens(true); // Optional: Get tokens for inserted data
insertOptions.setContinueOnError(true); // Optional: Continue on partial errors
```
---
### Error Structure
In V2, we have enriched the error details to provide better debugging capabilities.
The error response now includes:
- **`http_status`**: The HTTP status code. .
- **`grpc_code`**: The gRPC code associated with the error.
- **`details & message`**: A detailed description of the error.
- **`request_ID`**: A unique request identifier for easier debugging.
#### V1 (Old) - Error Structure
```javascript
{
code: string | number,
description: string
}
```
#### V2 (New) - Error Structure
```javascript
{
http_status?: string | number | null,
grpc_code?: string | number | null,
http_code: string | number | null,
message: string,
request_ID?: string | null,
details?: Array<string> | null,
}
```
## Quickstart
Get started quickly with the essential steps: authenticate, initialize the client, and perform a basic vault operation. This section provides a minimal setup to help you integrate the SDK efficiently.
### Authenticate
You can use an API key to authenticate and authorize requests to an API. For authenticating via bearer tokens and different supported bearer token types, refer to the [Authenticate with bearer tokens](#authenticate-with-bearer-tokens) section.
```javascript
// create a new credentials object
const credentials = { apiKey: "<YOUR_API_KEY>" }; //add your API key in credentials
```
### Initialize the client
To get started, you must first initialize the skyflow client. While initializing the skyflow client, you can specify different types of credentials.
1. **API keys**
A unique identifier used to authenticate and authorize requests to an API.
2. **Bearer tokens**
A temporary access token used to authenticate API requests, typically included in the
Authorization header.
3. **Service account credentials file path**
The file path pointing to a JSON file containing credentials for a service account, used
for secure API access.
4. **Service account credentials string**
JSON-formatted string containing service account credentials, often used as an alternative to a file for programmatic authentication.
Note: Only one type of credential can be used at a time. If multiple credentials are provided, the last one added will take precedence.
```javascript
import {
Credentials,
Env,
LogLevel,
Skyflow,
VaultConfig,
SkyflowConfig,
} from 'skyflow-node';
/*
Example program to initialize the Skyflow client with various configurations.
The Skyflow client facilitates secure interactions with the Skyflow vault,
such as securely managing sensitive data.
*/
// Step 1: Define the primary credentials for authentication.
// Note: Only one type of credential can be used at a time. You can choose between:
// - API key
// - Bearer token
// - A credentials string (JSON-formatted)
// - A file path to a credentials file.
// Initialize primary credentials using a Bearer token for authentication.
const primaryCredentials: Credentials = { /////////////////
token: '<BEARER_TOKEN>', // Replace <BEARER_TOKEN> with your actual authentication token.
};
// Step 2: Configure the primary vault details.
// VaultConfig stores all necessary details to connect to a specific Skyflow vault.
const primaryVaultConfig: VaultConfig = {
vaultId: '<PRIMARY_VAULT_ID>', // Replace with your primary vaulID
clusterId: '<CLUSTER_ID>', // Replace with the cluster ID (partthe vault URL, e.g., https://{clusterId}.vault.skyflowapis.com).
env: Env.PROD, // Set the environment (PRSANDBOX, STAGE, DEV).
credentials: primaryCredentials // Attach the primcredentials to this vault configuration.
};
// Step 3: Create credentials as a JSON object (if a Bearer Token is not provided).
// Demonstrates an alternate approach to authenticate with Skyflow using a credentials object.
const skyflowCredentials: object = {
clientID: '<YOUR_CLIENT_ID>', // Replace with your Client ID.
clientName: '<YOUR_CLIENT_NAME>', // Replace with your Client Name.
tokenURI: '<YOUR_TOKEN_URI>', // Replace with the Token URI.
keyID: '<YOUR_KEY_ID>', // Replace with your Key ID.
privateKey: '<YOUR_PRIVATE_KEY>' // Replace with your Private Key.
}
// Step 4: Convert the JSON object to a string and use it as credentials.
// This approach allows the use of dynamically generated or pre-configured credentials.
const credentialsString: JSON.stringify(skyflowCredentials), // Converts JSON object to string for use as credentials.
// Step 5: Define secondary credentials (API key-based authentication as an example).
// Demonstrates a different type of authentication mechanism for Skyflow vaults.
const secondaryCredentials: Credentials = {
apiKey: '<API_KEY>', // Replace with your API Key for authentication.
}
// Step 6: Configure the secondary vault details.
// A secondary vault configuration can be used for operations involving multiple vaults.
const secondaryVaultConfig: VaultConfig = {
vaultId: '<SECONDARY_VAULT_ID>', // Replace with your secondary vault's ID.
clusterId: '<CLUSTER_ID>', // Replace with the corresponding cluster ID.
env: Env.PROD, // Set the environment for this vault.
credentials: secondaryCredentials // Attach the secondary credentials to this configuration.
}
// Step 7: Define tertiary credentials using a path to a credentials JSON file.
// This method demonstrates an alternative authentication method.
const tertiaryCredentials: Credentials = {
path: '<YOUR_CREDENTIALS_FILE_PATH>' // Replace with the path to your credentials file.
}
// Step 8: Configure the tertiary vault details.
const tertiaryVaultConfig: VaultConfig = {
vaultId: '<TERTIARY_VAULT_ID>', // Replace with the tertiary vault ID.
clusterId: '<CLUSTER_ID>', // Replace with the corresponding cluster ID.
env: Env.PROD, // Set the environment for this vault.
credentials: tertiaryCredentials // Attach the tertiary credentials.
}
// Step 9: Build and initialize the Skyflow client after creating Skyflow Config
// Skyflow client is configured with multiple vaults and credentials.
const skyflowConfig: SkyflowConfig = {
vaultConfigs: [primaryVaultConfig, secondaryVaultConfig, tertiaryVaultConfig], // Add the primary, secondary and tertiary vault configurations.
skyflowCredentials: skyflowCredentials, // Add JSON-formatted credentials if applicable.
logLevel: LogLevel.INFO // Recommended to use LogLevel.ERROR in production environment.
};
// Step 10: Initialize Skyflow Client
const skyflowClient: Skyflow = new Skyflow(skyflowConfig);
// The Skyflow client is now fully initialized.
// Use the `skyflowClient` object to perform secure operations such as:
// - Inserting data
// - Retrieving data
// - Deleting data
// within the configured Skyflow vaults.
```
Notes
- If both Skyflow common credentials and individual credentials at the configuration level are specified, the individual credentials at the configuration level will take precedence.
- If neither Skyflow common credentials nor individual configuration-level credentials are provided, the SDK attempts to retrieve credentials from the ```SKYFLOW_CREDENTIALS``` environment variable.
- All Vault operations require a client instance.
### Insert data into the vault
To insert data into your vault, use the `insert` method. The `InsertRequest` class creates an insert request, which includes the values to be inserted as a list of records. Below is a simple example to get started. For advanced options, check out [Insert data into the vault](#insert-data-into-the-vault-1) section.
```javascript
import {
InsertOptions,
InsertRequest,
SkyflowError,
InsertResponse
} from 'skyflow-node';
/*
* This example demonstrates how to insert sensitive data (e.g., cardinformation) into a Skyflow vault using the Skyflow client.
*
* 1. Initializes the Skyflow client.
* 2. Prepares a record with sensitive data (e.g., card number and cardholdername).
* 3. Creates an insert request for inserting the data into the Skyflow vault.
* 4. Prints the response of the insert operation.
*/
try{
// Step 1: Initialize data to be inserted into the Skyflow vault
const insertData: Record<string, unknown>[] = [
{
card_number: '4111111111111112', // Replace with actual card number (sensitive data)
cardholder_name: 'John Doe', // Replace with actual cardholder name (sensitive data)
}
];
// Step 2: Create Insert Request
const insertReq: InsertRequest = new InsertRequest(
'table1', // Specify the table in the vault where the data will inserted
insertData, // Attach the data (records) to be inserted
);
// Step 3: Configure Insertion Options
const insertOptions: InsertOptions = new InsertOptions();
insertOptions.setReturnTokens(true); // Optional: Specify if tokens should be returned upon successful insertion
insertOptions.setContinueOnError(true); // Optional: Continue on partial errors
// Step 4: Perform the insert operation using the Skyflow client
const insertResponse: InsertResponse = await skyflowClient
.vault(primaryVaultConfig.vaultId)
.insert(insertReq, insertOptions);
// Step 5: Print the response from the insert operation
console.log('Insert response: ', insertResponse);
} catch(error) {
// Step 6: Comprehensive Error Handling
if (error instanceof SkyflowError) {
console.error('Skyflow Specific Error:', {
code: error.error?.http_code,
message: error.message,
details: error.error?.details
});
} else {
console.error('Unexpected Error:', error);
}
}
```
Skyflow returns tokens for the record that was just inserted.
```javascript
InsertResponse {
insertedFields: {
skyflowId: 'a8f3ed5d-55eb-4f32-bf7e-2dbf4b9d9097',
card_number: '5484-7829-1702-9110',
cardholder_name: 'b2308e2a-c1f5-469b-97b7-1f193159399b'
},
errors: null
}
```
---
## Vault
The [Vault](https://github.com/skyflowapi/skyflow-node/tree/v2/src/vault) performs operations on the vault such as inserting records, detokenizing tokens, retrieving tokens for list of `skyflow_id`'s and to invoke the Connection.
### Insert data into the vault
Apart from using the `insert` method to insert data into your vault covered in [Quickstart](#quickstart), you can also pass options to `insert` method, such as returning tokenized data, upserting records, or continuing the operation in case of errors.
#### Construct an insert request
```typescript
import {
InsertOptions,
InsertRequest,
SkyflowError,
InsertResponse
} from 'skyflow-node';
// Example program to demonstrate inserting data into a Skyflow vault,
// along with corresponding InsertRequest schema.
try {
// Initialize Skyflow client
// Step 1: Prepare the data to be inserted into the Skyflow vault
const insertData: Record<string, unknown>[] = [
{
<FIELD_NAME_1>: '<VALUE_1>', // Replace with actual fielname and value
<FIELD_NAME_2>: '<VALUE_2>', // Replace with actual fielname and value
},
{
<FIELD_NAME_1>: '<VALUE_1>', // Replace with actual fielname and value
<FIELD_NAME_2>: '<VALUE_2>', // Replace with actual fielname and value
},
]
// Step 2: Build an InsertRequest object with the table name and the data to insert
const insertReq: InsertRequest = new InsertRequest(
'table1', // Specify the table in the vault where the data will be inserted
insertData, // Attach the data (records) to be inserted
);
// Step 3: Perform the insert operation using the Skyflow client
const insertResponse: InsertResponse = await skyflowClient
.vault('<VAULT_ID>')
.insert(insertReq, insertOptions);
// Replace <VAULT_ID> with your actual vault ID
// Step 4: Print the response from the insert operation
console.log('Insert response: ', insertResponse);
} catch(error) {
// Step 5: Comprehensive Error Handling
if (error instanceof SkyflowError) {
console.error('Skyflow Specific Error:', {
code: error.error?.http_code,
message: error.message,
details: error.error?.details
});
} else {
console.error('Unexpected Error:', error);
}
}
```
#### Insert call example with `continueOnError` option
The `continueOnError` flag is a boolean that determines whether insert operation should proceed despite encountering partial errors. Set to `true` to allow the process to continue even if some errors occur.
```typescript
import {
InsertOptions,
InsertRequest,
SkyflowError,
InsertResponse
} from 'skyflow-node';
/*
This example demonstrates how to insert sensitive data (e.g., card information) into a Skyflow vault using the Skyflow client.
1. Initializes the Skyflow client.
2. Prepares a record with sensitive data (e.g., card number and cardholder name).
3. Creates an insert request for inserting the data into the Skyflow vault.
4. Specifies options to continue on error and return tokens.
5. Prints the response of the insert operation.
*/
try {
// Initialize Skyflow client
// Step 1: Initialize a list to hold the data records to be inserted into the vault
const insertData: Record<string, unknown>[] = [
// Step 2: Create the first record with card number and cardholder name
{
card_number: '4111111111111111', // Replace with actual card number (sensitive data)
cardholder_name: 'John Doe', // Replace with actual cardholder name (sensitive data)
},
//Step 3: Create the second record with card number and cardholder name
{
card_numbe: '4111111111111111', // Replace with actual card number (sensitive data)
cardholder_name: 'John Doe', // Replace with actual cardholder name (sensitive data)
}
];
// Step 4: Create Insert Request
const insertReq: InsertRequest = new InsertRequest(
'table1', // Specify the table in the vault where the data will inserted
insertData, // Attach the data (records) to be inserted
);
// Step 5: Configure Insertion Options
const insertOptions: InsertOptions = new InsertOptions();
insertOptions.setReturnTokens(true); // Optional: Specify if tokens should be returned upon successful insertion
insertOptions.setContinueOnError(true); // Optional: Specify to continue inserting records even if an error occurs for some records partial errors
// Step 6: Perform the insert operation using the Skyflow client
const insertResponse: InsertResponse = await skyflowClient
.vault('9f27764a10f7946fe56b3258e117')
.insert(insertReq, insertOptions);
// Replace the vault ID "9f27764a10f7946fe56b3258e117" with your actual Skyflow vault ID
// Step 7: Print the response from the insert operation
console.log('Insert response: ', insertResponse);
} catch(error) {
// Step 8: Comprehensive Error Handling
if (error instanceof SkyflowError) {
console.error('Skyflow Specific Error:', {
code: error.error?.http_code,
message: error.message,
details: error.error?.details
});
} else {
console.error('Unexpected Error:', error);
}
}
```
Sample Response
```typescript
InsertResponse {
insertedFields: {
[
{
card_number: '5484-7829-1702-9110',
requestIndex: 0,
skyflowId: '9fac9201-7b8a-4446-93f8-5244e1213bd1',
cardholder_name: 'b2308e2a-c1f5-469b-97b7-1f193159399'
}
],
errors: [
{
requestIndex: 1,
error: 'Insert failed. Column card_numbe is invalid. Specify a valid column.'
}
]
}
}
```
**Insert call example with `upsert` option**
An upsert operation checks for a record based on a unique column's value. If a match exists, the record is updated; otherwise, a new record is inserted.
```typescript
import {
InsertOptions,
InsertRequest,
SkyflowError,
InsertResponse
} from 'skyflow-node';
/*
This example demonstrates how to insert sensitive data (e.g., card information) into a Skyflow vault using the Skyflow client.
1. Initializes the Skyflow client.
2. Prepares a record with sensitive data (e.g., card number and cardholder name).
3. Creates an insert request for inserting the data into the Skyflow vault.
4. Specifies the field (cardholder_name) for upsert operations.
5. Prints the response of the insert operation.
*/
try {
// Initialize Skyflow client
// Step 1: Initialize a list to hold the data records for the insert/upsert operation
const insertData: Record<string, unknown>[] = [
// Step 2: Create a record with the field 'cardholder_name' to insert or upsert
{
cardholder_name: 'John Doe', // Replace with actual cardholder name
}
]
// Step 3: Create Insert Request
const insertReq: InsertRequest = new InsertRequest(
'table1', // Specify the table in the vault where the data will be inserted
insertData, // Attach the data (records) to be inserted
);
// Step 4: Set upsert column by configuring the insertion options
const insertOptions: InsertOptions = new InsertOptions();
insertOptions.setReturnTokens(true); // Optional: Specify if tokens should be returned upon successful insertion
insertOptions.setUpsertColumn('cardholder_name');
// Step 5: Perform the insert/upsert operation using the Skyflow client
const insertResponse: InsertResponse = await skyflowClient
.vault(primaryVaultConfig.vaultId)
.insert(insertReq, insertOptions);
// Step 6: Print the response from the insert operation
console.log('Insert response: ', insertResponse);
} catch(error) {
// Step 7: Comprehensive Error Handling
if (error instanceof SkyflowError) {
console.error('Skyflow Specific Error:', {
code: error.error?.http_code,
message: error.message,
details: error.error?.details
});
} else {
console.error('Unexpected Error:', error);
}
}
```
Skyflow returns tokens, with `upsert` support, for the record you just inserted.
```typescript
InsertResponse {
insertedFields: [
{
skyflowId: "9fac9201-7b8a-4446-93f8-5244e1213bd1",
cardholder_name: "73ce45ce-20fd-490e-9310-c1d4f603ee83"
}
],
errors: null
}
```
### Detokenize
To retrieve tokens from your vault, use the `detokenize` method. The `DetokenizeRequest` class requires a list of detokenization data as input. Additionally, you can provide optional parameters, such as the redaction type and the option to continue on error.
#### Construct a detokenize request
```typescript
import {
DetokenizeOptions,
DetokenizeRequest,
DetokenizeResponse,
DetokenizeData,
SkyflowError,
} from 'skyflow-node';
/*
This example demonstrates how to detokenize sensitive data from tokens stored in a Skyflow vault, along with corresponding DetokenizeRequest schema.
*/
try {
// Step 1: Prepare Detokenization Data
const detokenizeData: DetokenizeData[] = [
{
token: "token1", // Token to be detokenized
redactionType: RedactionType.PLAIN_TEXT, // Redaction type
},
{
token: "token2", // Token to be detokenized
redactionType: RedactionType.PLAIN_TEXT, // Redaction type
},
];
// Step 2: Create the DetokenizeRequest object with the tokens data
const detokenizeRequest: DetokenizeRequest = new DetokenizeRequest(
detokenizeData
);
// Step 3: Configure Detokenize Options
const detokenizeOptions: DetokenizeOptions = new DetokenizeOptions();
detokenizeOptions.setContinueOnError(true); // Continue processing on errors
detokenizeOptions.setDownloadURL(false); // Disable download URL generation
// Step 4: Perform Detokenization
const response: DetokenizeResponse = await skyflowClient
.vault(primaryVaultConfig.vaultId)
.detokenize(detokenizeRequest, detokenizeOptions);
// Handle Successful Response
console.log('Detokenization response:', response);
} catch(error) {
// Comprehensive Error Handling
if (error instanceof SkyflowError) {
console.error('Skyflow Specific Error:', {
code: error.error?.http_code,
message: error.message,
details: error.error?.details,
});
} else {
console.error('Unexpected Error:', error);
}
}
```
Notes:
- `redactionType` defaults to `RedactionType.PLAIN_TEXT`.
- `continueOnError` default valus is `False`.
#### An [example](https://github.com/skyflowapi/skyflow-node/blob/v2/samples/vault-api/detokenzie-records.ts) of a detokenize call
```typescript
import {
DetokenizeOptions,
DetokenizeRequest,
DetokenizeResponse,
DetokenizeData,
SkyflowError,
} from 'skyflow-node';
/*
1. Initializes the Skyflow client.
2. Creates a list of tokens (e.g., credit card tokens) that represent the sensitive data.
3. Builds a detokenization request using the provided tokens and specifies how the redacted data should be returned.
4. Calls the Skyflow vault to detokenize the tokens and retrieves the detokenized data.
5. Prints the detokenization response, which contains the detokenized values or errors.
*/
try {
// Step 1: Prepare Detokenization Data
const detokenizeData: DetokenizeData[] = [
{
token: "9738-1683-0486-1480", // Replace with your actual token value
redactionType: RedactionType.PLAIN_TEXT, // Redaction type
},
{
token: "6184-6357-8409-6668", // Replace with your actual token value
redactionType: RedactionType.PLAIN_TEXT, // Redaction type
},
];
// Step 2: Create the DetokenizeRequest object with the tokens data
const detokenizeRequest: DetokenizeRequest = new DetokenizeRequest(
detokenizeData
);
// Step 3: Configure Detokenize Options
const detokenizeOptions: DetokenizeOptions = new DetokenizeOptions();
detokenizeOptions.setContinueOnError(false); // Stop the process if any token cannot be detokenized
// Step 4: Perform Detokenization
const response: DetokenizeResponse = await skyflowClient
.vault(primaryVaultConfig.vaultId)
.detokenize(detokenizeRequest, detokenizeOptions);
// Handle Successful Response
console.log('Detokenization response:', response);
} catch(error) {
// Comprehensive Error Handling
if (error instanceof SkyflowError) {
console.error('Skyflow Specific Error:', {
code: error.error?.http_code,
message: error.message,
details: error.error?.details,
});
} else {
console.error('Unexpected Error:', error);
}
}
```
Sample response:
```typescript
DetokenizeResponse {
detokenizedFields: [
{token: '9738-1683-0486-1480', value: '4111111111111115', type: 'STRING'},
{token: '6184-6357-8409-6668', value: '4111111111111119', type: 'STRING'},
],
errors: null
}
```
#### An example of a detokenize call with `continueOnError` option:
```typescript
import {
DetokenizeOptions,
DetokenizeRequest,
DetokenizeResponse,
DetokenizeData,
SkyflowError,
} from 'skyflow-node';
/*
1. Initializes the Skyflow client.
2. Creates a list of tokens (e.g., credit card tokens) that represent the sensitive data.
3. Builds a detokenization request using the provided tokens and specifies how the redacted data should be returned.
4. Calls the Skyflow vault to detokenize the tokens and retrieves the detokenized data.
5. Prints the detokenization response, which contains the detokenized values or errors.
*/
try {
// Step 1: Prepare Detokenization Data
const detokenizeData: DetokenizeData[] = [
{
token: "9738-1683-0486-1480", // Replace with your actual token value
redactionType: RedactionType.PLAIN_TEXT, // Redaction type
},
{
token: "6184-6357-8409-6668", // Replace with your actual token value
redactionType: RedactionType.PLAIN_TEXT, // Redaction type
},
{
token: "4914-9088-2814-3840", // Replace with your actual token value
redactionType: RedactionType.PLAIN_TEXT, // Redaction type
},
];
// Step 2: Create the DetokenizeRequest object with the tokens and redaction type
const detokenizeRequest: DetokenizeRequest = new DetokenizeRequest(
detokenizeData,
redactionType
);
// Step 3: Configure Detokenize Options
const detokenizeOptions: DetokenizeOptions = new DetokenizeOptions();
detokenizeOptions.setContinueOnError(true); // Continue even if some tokens cannot be detokenized
// Step 5: Perform Detokenization
const response: DetokenizeResponse = await skyflowClient
.vault(primaryVaultConfig.vaultId)
.detokenize(detokenizeRequest, detokenizeOptions);
// Handle Successful Response
console.log('Detokenization response:', response);
} catch(error) {
// Comprehensive Error Handling
if (error instanceof SkyflowError) {
console.error('Skyflow Specific Error:', {
code: error.error?.http_code,
message: error.message,
details: error.error?.details,
});
} else {
console.error('Unexpected Error:', error);
}
}
```
Sample response:
```typescript
DetokenizeResponse {
detokenizedFields: [
{token: '9738-1683-0486-1480', value: '4111111111111115', type: 'STRING'},
{token: '6184-6357-8409-6668', value: '4111111111111119', type: 'STRING'}
],
errors: [
{
token: '4914-9088-2814-3840',
error: 'Token Not Found'
}
]
}
```
### Tokenize
Tokenization replaces sensitive data with unique identifier tokens. This approach protects sensitive information by securely storing the original data while allowing the use of tokens within your application.
To tokenize data, use the `tokenize` method. The `TokenizeRequest` class creates a tokenize request. In this request, you specify the values parameter, which is a list of column values objects. Each column value contains two properties: `value` and `columnGroup`.
#### Construct a tokenize request
```typescript
import {
TokenizeRequest,
TokenizeResponse,
SkyflowError,
TokenizeRequestType
} from 'skyflow-node';
try {
// Initialize Skyflow Client
// Step 1: Prepare Tokenization Data
const columnvalues: Array<TokenizeRequestType> = [
{ value: "<VALUE_1>", columnGroup: "<COLUMN_GROUP_1>" }, // Replace <VALUE_1> and <COLUMN_GROUP_1> with actual data
{ value: "<VALUE_2>", columnGroup: "<COLUMN_GROUP_2>" } // Replace <VALUE_2> and <COLUMN_GROUP_2> with actual data
];
// Step 2: Build the TokenizeRequest with the column value2
const tokenReq: TokenizeRequest = new TokenizeRequest(columnvalues);
// Step 3: Call the Skyflow vault to tokenize the sensitive data
const response: TokenizeResponse = await skyflowClient
.vault("<VAULT_ID>")
.tokenize(tokenReq);
// Replace <VAULT_ID> with your actual Skyflow vault ID
// Step 4: Print the tokenization response, which contains the generated tokens or errors
console.log('Tokenization Result:', response);
} catch(error) {
// Step 5: Handle any errors that occur during the tokenization process
if (error instanceof SkyflowError) {
console.error('Skyflow Specific Error:', {
code: error.error?.http_code,
message: error.message,
details: error.error?.details,
});
} else {
console.error('Unexpected Error:', error);
}
}
```
#### An [example](https://github.com/skyflowapi/skyflow-node/blob/v2/samples/vault-api/tokenize-records.ts) of Tokenize call
```typescript
import {
TokenizeRequest,
TokenizeResponse,
SkyflowError,
TokenizeRequestType
} from 'skyflow-node';
/*
This example demonstrates how to tokenize sensitive data (e.g., credit card information) using the Skyflow client.
1. Initializes the Skyflow client.
2. Creates a column value for sensitive data (e.g., credit card number).
3. Builds a tokenize request with the column value to be tokenized.
4. Sends the request to the Skyflow vault for tokenization.
5. Prints the tokenization response, which includes the token or errors.
*/
try {
// Initialize Skyflow Client
// Step 1: Prepare Tokenization Data
const columnvalues: Array<TokenizeRequestType> = [
{ value: "4111111111111111", columnGroup: "card_number_cg" }
];
// Step 2: Build the TokenizeRequest with the column value2
const tokenReq: TokenizeRequest = new TokenizeRequest(columnvalues);
// Step 3: Call the Skyflow vault to tokenize the sensitive data
const response: TokenizeResponse = await skyflowClient
.vault(primaryVaultConfig.vaultId)
.tokenize(tokenReq);
// Replace primaryVaultConfig.vaultId with your actual Skyflow vault ID
// Step 4: Print the tokenization response, which contains the generated tokens or errors
console.log('Tokenization Result:', response);
} catch(error) {
if (error instanceof SkyflowError) {
console.error('Skyflow Specific Error:', {
code: error.error?.http_code,
message: error.message,
details: error.error?.details,
});
} else {
console.error('Unexpected Error:', error);
}
}
```
Sample response:
```typescript
TokenizeResponse {
tokens: [
{
token: '5479-4229-4622-1393'
}
],
errors: null
}
```
### Get
To retrieve data using Skyflow IDs or unique column values, use the get method. The `GetRequest` class creates a get request, where you specify parameters such as the table name, redaction type, Skyflow IDs, column names, column values. If you specify Skyflow IDs, you can't use column names and column values, and the inverse is true—if you specify column names and column values, you can't use Skyflow IDs. And `GetOptions` class creates a get options object through which you specify whether to return tokens or not.
#### Construct a get request
```typescript
import {
GetOptions,
GetRequest,
GetColumnRequest,
SkyflowError,
GetResponse
} from 'skyflow-node';
try {
// Initialize Skyflow client
// Step 1: Initialize a list of Skyflow IDs to retrieve records (replace with actual Skyflow IDs)
const getIds: Array<string> = ['<SKYFLOW_ID1>', '<SKYFLOW_ID1>'];
// Step 2: Create a GetRequest to retrieve records by Skyflow ID
const getRequest: GetRequest = new GetRequest(
'table1', // Replace with your actual table name
getIds
);
// Step 3: Configure Get Options and specify not to return tokens
const getOptions: GetOptions = new GetOptions();
getOptions.setReturnTokens(false); // Optional: Set to false to avoid returning tokens
// Step 4: Send the request to the Skyflow vault and retrieve the records
const getResponse: GetResponse = await skyflowClient
.vault('<VAULT_ID>')
.get(getRequest, getOptions);
// Replace <VAULT_ID> with your actual Skyflow vault ID
console.log('Data retrieval successful:', getResponse);
// Step 5: Create another GetRequest to retrieve records by Skyflow ID with tokenized values
const getTokensRequest: GetRequest = new GetRequest(
'table1', // Replace with your actual table name
getIds
);
// Step 6: Configure Get Options and specify to return tokens
const getOptions: GetOptions = new GetOptions();
getOptions.setReturnTokens(true); // Optional: Set to True to return tokenized values
// Step 7: Send the request to the Skyflow vault and retrieve the tokenized records
const getTokensResponse: GetResponse = await skyflowClient
.vault('<VAULT_ID>')
.get(getRequest, getOptions);
// Replace <VAULT_ID> with your actual Skyflow vault ID
console.log('Data retrieval successful:', getTokensResponse);
// Prepare Column-Based Retrieval Data
const columnValues: Array<string> = [
'<COLUMN_VALUE_1>', // Example Unique Column value 1
'<COLUMN_VALUE_2>', // Example Unique Column value 2
];
const tableName: string = 'table-name'; // Replace with your actual table name
const columnName: string = 'column-name'; // Column name configured as unique in the schema
const getRequest: GetColumnRequest = new GetColumnRequest(
tableName,
columnName,
columnValues // Column values of the records to return
);
// Step 8: Configure Get Options and specify to return tokens
const getOptions: GetOptions = new GetOptions();
getOptions.setReturnTokens(true); // Optional: Set to True to return tokenized values
// Send the request to the Skyflow vault and retrieve the filtered records
const response: GetResponse = await skyflowClient
.vault(primaryVaultConfig.vaultId)
.get(getRequest, getOptions);
console.log('Column-based retrieval successful:', response);
} catch(error) {
// Handle any errors that occur during the retrieval process
if (error instanceof SkyflowError) {
console.error('Skyflow Specific Error:', {
code: error.error?.http_code,
message: error.message,
details: error.error?.details,
});
} else {
console.error('Unexpected Error:', error);
}
}
```
#### Get by skyflow IDs
Retrieve specific records using skyflow `ids`. Ideal for fetching exact records when IDs are known.
```typescript
import {
GetOptions,
GetRequest,
SkyflowError,
GetResponse,
RedactionType
} from 'skyflow-node';
/*
This example demonstrates how to retrieve data from the Skyflow vault using a list of Skyflow IDs.
1. Initializes the Skyflow client with a given vault ID.
2. Creates a request to retrieve records based on Skyflow IDs.
3. Specifies that the response should not return tokens.
4. Uses plain text redaction type for the retrieved records.
5. Prints the response to display the retrieved records.
*/
try {
// Initialize Skyflow client
// Step 1: Initialize a list of Skyflow IDs to retrieve records (replace with actual Skyflow IDs)
const getIds: Array<string> = ['a581d205-1969-4350-acbe-a2a13eb871a6', '5ff887c3-b334-4294-9acc-70e78ae5164a'];
// Step 2: Create a GetRequest to retrieve records by Skyflow ID
const getRequest: GetRequest = new GetRequest(
'table1', // Replace with your actual table name
getIds
);
// Step 3: Configure Get Options and specify not to return tokens and redaction type
const getOptions: GetOptions = new GetOptions();
getOptions.setReturnTokens(false); // Optional: Set to false to avoid returning tokens
getOptions.setRedactionType(RedactionType.PLAIN_TEXT);
// Step 4: Send the request to the Skyflow vault and retrieve the records
const getResponse: GetResponse = await skyflowClient
.vault(primaryVaultConfif.vaultId)
.get(getRequest, getOptions);
// Replace <VAULT_ID> with your actual Skyflow vault ID
console.log('Data retrieval successful:', getResponse);
} catch(error) {
// Step 5: Handle any errors that occur during the retrieval process
if (error instanceof SkyflowError) {
console.error('Skyflow Specific Error:', {
code: error.error?.http_code,
message: error.message,
details: error.error?.details,
});
} else {
console.error('Unexpected Error:', error);
}
}
```
Sample response:
```typescript
GetResponse {
data: [
{
card_number: '4555555555555553',
email: 'john.doe@gmail.com',
name: 'john doe',
skyflow_id: 'a581d205-1969-4350-acbe-a2a13eb871a6'
},
{
card_number: '4555555555555559',
email: 'jane.doe@gmail.com',
name: 'jane doe',
skyflow_id: '5ff887c3-b334-4294-9acc-70e78ae5164a'
}
],
errors: null
}
```
#### Get tokens
Return tokens for records. Ideal for securely processing sensitive data while maintaining data privacy.
#### An [example](https://github.com/skyflowapi/skyflow-node/blob/v2/samples/vault-api/get-records.ts) of get call to retrieve tokens using Skyflow IDs:
```typescript
import {
GetOptions,
GetRequest,
SkyflowError,
GetResponse,
RedactionType
} from 'skyflow-node';
/*
This example demonstrates how to retrieve data from the Skyflow vault and return tokens along with the records.
1. Initializes the Skyflow client with a given vault ID.
2. Creates a request to retrieve records based on Skyflow IDs and ensures tokens are returned.
3. Prints the response to display the retrieved records along with the tokens.
*/
try {
// Initialize Skyflow client
// Step 1: Initialize a list of Skyflow IDs to retrieve records (replace with actual Skyflow IDs)
const getIds: Array<string> = ['a581d205-1969-4350-acbe-a2a13eb871a6', '5ff887c3-b334-4294-9acc-70e78ae5164a'];
// Step 2: Create a GetRequest to retrieve records by Skyflow ID
const getRequest: GetRequest = new GetRequest(
'table1', // Replace with your actual table name
getIds
);
// Step 3: Configure Get Options and specify not to return tokens and redaction type
const getOptions: GetOptions = new GetOptions();
getOptions.setReturnTokens(false); // Optional: Set to true to get tokens
// Step 4: Send the request to the Skyflow vault and retrieve the records
const getResponse: GetResponse = await skyflowClient
.vault(primaryVaultConfif.vaultId)
.get(getRequest, getOptions);
// Replace <VAULT_ID> with your actual Skyflow vault ID
console.log('Data retrieval successful:', getResponse);
} catch(error) {
// Step 5: Handle any errors that occur during the retrieval process
if (error instanceof SkyflowError) {
console.error('Skyflow Specific Error:', {
code: error.error?.http_code,
message: error.message,
details: error.error?.details,
});
} else {
console.error('Unexpected Error:', error);
}
}
```
Sample response:
```typescript
GetResponse {
data: [
{
card_number: '3998-2139-0328-0697',
email: 'c9a6c9555060@82c092e7.bd52',
name: '82c092e7-74c0-4e60-bd52-c9a6c9555060',
skyflow_id: 'a581d205-1969-4350-acbe-a2a13eb871a6'
},
{
card_number: '3562-0140-8820-7499',
email: '6174366e2bc6@59f82e89.93fc',
name: '59f82e89-138e-4f9b-93fc-6174366e2bc6',
skyflow_id: '5ff887c3-b334-4294-9acc-70e78ae5164a'
}
],
errors: null
}
```
#### Get by column name and column values
Retrieve records by unique column values. Ideal for querying data without knowing Skyflow IDs, using alternate unique identifiers.
#### An [example](https://github.com/skyflowapi/skyflow-node/blob/v2/samples/vault-api/get-column-values.ts) of get call to retrieve data using column name and column values:
```typescript
import {
GetOptions,
GetRequest,
SkyflowError,
GetResponse,
RedactionType,
GetColumnRequest
} from 'skyflow-node';
/*
This example demonstrates how to retrieve data from the Skyflow vault based on column values.
1. Initializes the Skyflow client with a given vault ID.
2. Creates a request to retrieve records based on specific column values (e.g., email addresses).
3. Prints the response to display the retrieved records after redacting sensitive data based on the specified redaction type.
*/
try {
// Initialize Skyflow client
// Step 1: Initialize a list of column values (email addresses in this case)
const columnValues: Array<string> = [
'john.doe@gmail.com', // Example email address
'jane.doe@gmail.com' , // Example email address
];
const tableName: string = 'table1'; // Replace with your actual table name
const columnName: string = 'email'; // Column name configured as unique in the schema
// Step 2: Create a GetRequest to retrieve records based on column values
const getRequest: GetColumnRequest = new GetColumnRequest(
tableName,
columnName,
columnValues // Column values of the records to return
);
// Step 3: Configure Get Options and specify redaction type
const getOptions: GetOptions = new GetOptions();
getOptions.setRedactionType(RedactionType.PLAIN_TEXT); // Optional: Set the redaction type (e.g., PLAIN_TEXT)
// Step 4: Send the request to the Skyflow vault and retrieve the filtered records
const response: GetResponse = await skyflowClient
.vault(primaryVaultConfig.vaultId)
.get(getRequest, getOptions);