Masking API client

This section describes the API client available on the Masking Engine.

Introduction

With the release of API v5 on the Masking Engine, Delphix has opened up the possibility of scripting and automation against the Masking Engine. While this is exciting for us internally at Delphix, we are sure that this will be even more exciting for the consumers of the Masking Engine. This document is intended to be a high-level overview of what to expect with API v5 as well as some helpful links to get you started.

REST

API v5 is a RESTful API. REST stands for REpresentational State Transfer. A REST API will allow you to access and manipulate a textual representation of objects and resources using a predefined set of operations to accomplish various tasks.

JSON

API v5 uses JSON (JavaScript Object Notation) to ingest and return representations of the various objects used throughout various operations. JSON is a standard format and, as such, has many tools available to help with creating and parsing the request and response payloads, respectively.

Here are some UNIX tools that can be used to parse JSON - https://stackoverflow.com/questions/1955505/parsing-json-with-unix-tools. That being said, this is only the tip of the iceberg when it comes to JSON parsing and the reader is encouraged to use their method of choice.

API client

The various operations and objects used to interact with API v5 are defined in a specification document. This allows us to utilize various tooling to ingest that specification to generate documentation and an API Client, which can be used to generate cURL commands for all operations. To see how to log into the API client and for some starter recipes, please check out API Cookbook document.

To access the API client on your Masking Engine, go to http://myMaskingEngine.myDomain.com/masking/api-client.

To access the API client documentation without an engine, please refer to the static HTML representations here:

Masking API 5.1.10 Documentation (Version 6.0.10.0).html

Masking API 5.1.11 Documentation (Version 6.0.11.0).html

Masking API 5.1.12 Documentation (Version 6.0.12.0).html

Masking API 5.1.13 Documentation (Version 6.0.13.0).html

Masking API 5.1.14 Documentation (Version 6.0.14.0).html

Masking API 5.1.15 Documentation (Version 6.0.15.0).html

Masking API 5.1.16 Documentation (Version 6.0.16.0).html

Masking API 5.1.17 Documentation (Version 6.0.17.0).html

Masking API 5.1.18 Documentation (Version 7.0.0.0).html

Masking API 5.1.19 Documentation (Version 8.0.0.0).html

Masking API 5.1.20 Documentation (Version 9.0.0.0).html

Masking API 5.1.21 Documentation (Version 10.0.0.0).html

Masking API 5.1.22 Documentation (Version 11.0.0.0).html

Masking API 5.1.23 Documentation (Version 12.0.0.0).html

Masking API 5.1.24 Documentation (Version 13.0.0.0).html

Masking API 5.1.25 Documentation (Version 14.0.0.0).html

Masking API 5.1.26 Documentation (Version 15.0.0.0).html

Masking API 5.1.27 Documentation (Version 16.0.0.0).html

Masking API 5.1.28 Documentation (Version 17.0.0.0).html

Masking API 5.1.29 Documentation (Version 18.0.0.0).html

Masking API 5.1.30 Documentation (Version 19.0.0.0).html

Masking API 5.1.31 Documentation (Version 20.0.0.0).html

Masking API 5.1.32 Documentation (Version 21.0.0.0).html

Supported features

API v5 is in active development but does not currently support all features that are accessible in the GUI. The list of supported features will expand over the course of subsequent releases.

For a full list of supported APIs, the best place to look is the API client on your Masking Engine.

API calls for masking administration

The Delphix Masking Engine supports the following two types of administrative APIs:

Analytics APIs
- These APIs are for including Masking performance information in the support bundle and do not need to be used unless that information is requested.
Application Setting APIs
- Application Setting APIs allow an administrator to change the Delphix Masking Engine settings. Presently there are five categories of settings: analytics settings, LDAP settings, general settings, mask settings and profile settings. Over time, more settings will be added to give users direct control over the product's various settings. Below are the details of currently supported settings.

Application settings APIs

General group settings

Setting Group	Setting Name	Type	Description	Default Value
general	EnableMonitorRowCount	Boolean	Controls whether a job displays the total number of rows that are being masked. Setting this to false reduces the startup time of all jobs.	true
	PasswordTimeSpan	Integer [0, ∞)	The number of hours a user is locked out for before they can attempt to log in again.	23
	PasswordCount	Integer [0, ∞)	The number of incorrect password attempts before a user is locked out.	3
	AllowPasswordResetRequest	Boolean	When true, users can request a password reset link be sent to the email associated with their account.	true
	PasswordResetLinkDuration	Integer [1, ∞)	Controls how many minutes the password reset link is valid for.	5
	NumSimulJobsAllowed	Integer [0, ∞)	Max number of jobs allowed to run simultaneously. Setting this number to zero will lead to a dynamically calculated limit based on the number of available CPU cores.	7
	DefaultApiVersion	String	Used to set default API Version. If the version is omitted from the base path of the request's URL, but wishes to be treated using a specific masking API version that is not the latest version, set the DefaultApiVersion application setting. If the DefaultApiVersion is not set and the version is omitted from the URL, the latest version of the API on that engine will be used. Sample API Version format is like v5.1.5 etc.	Blank
	DataRetentionInterval	Integer [-1, ∞)	The length of time that specific historical data is retained. This setting value is in integer days. Certain log files and internal processing data are retained in case problem diagnosis is needed. Since we cannot keep this data indefinitely, this setting is the length of time that old data is retained. Data older than this will be purged on a periodic basis. Special Values -1 : disable this pruning method 0 : each cleanup removes all files	60
	DataRetentionMaxDirectorySize	Integer [-1, 100]	The percentage of disk space allowed for all logfiles located in specific directories. This setting value is in integer percent. For log files written to disk, the DataRetentionInterval setting (above) ensures that we keep these job log files for only a specific period of time. This setting avoids problems where significant activity in a short time might overwhelm avaiable disk space,. This setting is a backstop to the DataRetentionInterval setting which is intended to be the primary driver for managing retention. Special Values -1 : disable this pruning method 0 : each cleanup removes all files	10

NumSimulJobsAllowed setting should be set based on engine configuration. It is risky to run many jobs at once in an environment where you have scheduled more jobs than the system has memory for. When the system runs out of memory all jobs will fail.

Algorithm group settings

Setting Group	Setting Name	Type	Description	Default Value
algorithm	DefaultNonConformantDataHandling	String {DONT_MASK, FAIL}	Default algorithm behavior for Handling of Non-conformant Data patterns.	DONT_MASK

Database group settings

Setting Group	Setting Name	Type	Description	Default Value
database	DB2zDateFormat	String	Default Date String format to use for DB2 zOS if the database is not using one of the pre-defined IBM DB2 zOS Date String formats. Default is ISO Date String format.	yyyy-MM-dd

LDAP group settings

Setting Group	Setting Name	Type	Description	Default Value
ldap	Enable	Boolean	Used to enable and disable LDAP authentication	false
	LdapHost	String	Host of LDAP server	10.10.10.31
	LdapPort	Integer [0, ∞)	Port of LDAP server	389
	LdapBasedn	String	Base DN of LDAP server	DC=tbspune,DC=com
	LdapFilter	String	Filter for LDAP authentication	(&(objectClass=person)(sAMAccountName=?))
	MsadDomain	String	MSAD Domain for LDAP authentication	AD
	LdapTlsEnable	Boolean	Enable and disable the use of TLS for LDAP connections.	false

In the LDAP group, once the "Enable" setting is set to "true", all users logging in will be authenticated via the LDAP server. Local authentication will no longer work. Before setting this to true set all other LDAP settings correctly and create the necessary LDAP users on the masking engine.

Mask group settings

Setting Group	Setting Name	Type	Description	Default Value
mask	DatabaseCommitSize	Integer [1, ∞)	Controls how many rows are updated (Batch Update) to the database before the transaction is committed.	10000
	DefaultStreams	Integer [1, ∞)	Default number of streams for a masking job.	1
	DefaultUpdateThreads	Integer [1, ∞)	Default number of database update threads for a masking job.	1
	DefaultMaxMemory	Integer [1024, ∞)	Default maximum memory for masking jobs (in megabytes).	1024
	DefaultMinMemory	Integer [1024, ∞)	Default minimum memory for masking jobs (in megabytes).	1024
	CharStreamingBufferLimitRate	Integer [1, 50]	Used for calculating maximum allowed buffer size for Character streaming parsers to buffer data. Only used in JSON file and Document store type masking.	25

Profile group settings

These settings apply only to the legacy profiler, not the ASDD profiler, unless specifically noted in the setting description.

Setting Group	Setting Name	Type	Description	Default Value
profile	EnableDataLevelCount	Boolean	When enabled (true), the masking engine counts the number of rows in the profiled table. If the number of rows are less than or equal to DataLevelRows, then it uses the number of rows as the sample size. Otherwise, it uses DataLevelRows. When disabled (false), the masking engine uses DataLevelRows.	false
	DataLevelRows	Integer [1, ∞)	The number of rows a data level profiling job samples when profiling a column. The DataLevelRows will only take into account if EnableDataLevelCount is false. EnableDataLevelCount is true and number of rows is greater than DataLevelRows.	100
	DataLevelPercentage	Double (0, ∞)	Percentage of rows that must match the data level regex to consider this column a match, and thus sensitive.	80.0
	IgnoreDatatype	String	Datatypes that a profiling job should ignore. Columns of these types will not be assigned a domain/algorithm pair.	BIT,BOOLEAN,CHAR#1,VARCHAR#1,VARCHAR2#1,NCHAR#1, NVARCHAR#1,NVARCHAR2#1,BINARY,VARBINARY,IMAGE, LOB,LONG,BLOB,CLOB,NCLOB,BFILE,RAW,ENUM,BFILE
	DefaultStreams	Integer [1, ∞)	Default number of streams for a profiling job.	1
	DefaultMaxMemory	Integer [1024, ∞)	Default maximum memory for profiling jobs (in megabytes).	1024
	DefaultMinMemory	Integer [1024, ∞)	Default minimum memory for profiling jobs (in megabytes).	1024
	OptimizationLevel	Integer [0, 9)	Optimization level for the profiling job which is defined as below, 0: No optimizations are performed. 1: JavaScript runs in interpreted mode. 9: Performs the most optimization with faster script execution, but compiles slower. 1-9: All optimizations are performed.	-1
	DefaultMultiphiAlgorithm	String	Default Multiple PHI masking algorithm which will be used when the Multiple Profiler Expression will be true for profile job. This value is used by both the legacy and ASDD profilers.	NullValueLookup

ASDD group settings

Setting Group	Setting Name	Type	Description	Default Value
ASDD	DefaultMaximumColumnSize	Integer [1, 65536]	The maximum length of the column value to profile. Any value beyond that is truncated to this length for ASDD profiling and the remaining part is ignored.	1024
	DefaultTableSampleRows	Integer [1, ∞)	The number of database rows for the ASDD profiler to sample for each table.	1000
	DefaultAssignmentThreshold	Integer [1, 100]	The confidence threshold that must be met or exceeded for the ASDD profiler to make a domain and algorithm assignment.	1
	DefaultJobExecutionStreams	Integer [1, ∞)	The number of streams to use by default for new ASDD profiler jobs	1
	DefaultNullFilterThreshold	Integer [0, 100]	The percentage of column values that must be null or empty to trigger an additional query to retrieve more column values.	75

Job group settings

Setting Group	Setting Name	Type	Description	Default Value
job	JobLoggingLevel	String {Basic, Detailed}	Controls the amount of information being logged from a job's output. Warning: the Detailed setting may log sensitive information when errors occur. Although this information can be very valuable when debugging a problem, it should be used with care.	Basic

CSP group CSP settings

Setting Group	Setting Name	Type	Description	Default Value
csp	CspFrameAncestorsDomain	String	Defines valid sources for embedding the resource using "frame", "iframe", "object", "embed", or "applet". To whitelist domains for frame-ancestors, add space-separated URLs in the CspFrameAncestorsDomain.
csp	CspFormActionDomain	String	Defines valid sources that can be used as an HTML "form" action. To whitelist domains for form-action, add space-separated URLs in the CspFormActionDomain.
csp	CspScriptSrcDomain	String	Defines valid sources of JavaScript. To whitelist domains for script-src, add space-separated URLs in the CspScriptSrcDomain.
csp	StrictCspEnabled	Boolean	CSP setting should be enable via application setting based flag. This will provide more control to customer over CSP policy.	False