Skip to content

Masking API Client

This section describes the API client available on the Masking Engine.

Introduction

With the release of API v5 on the Masking Engine, Delphix has opened up the possibility of scripting and automation against the Masking Engine. While this is exciting for us internally at Delphix, we are sure that this will be even more exciting for the consumers of the Masking Engine. This document is intended to be a high-level overview of what to expect with API v5 as well as some helpful links to get you started.

REST

API v5 is a RESTful API. REST stands for REpresentational State Transfer. A REST API will allow you to access and manipulate a textual representation of objects and resources using a predefined set of operations to accomplish various tasks.

JSON

API v5 uses JSON (JavaScript Object Notation) to ingest and return representations of the various objects used throughout various operations. JSON is a standard format and, as such, has many tools available to help with creating and parsing the request and response payloads, respectively.

Here are some UNIX tools that can be used to parse JSON - https://stackoverflow.com/questions/1955505/parsing-json-with-unix-tools. That being said, this is only the tip of the iceberg when it comes to JSON parsing and the reader is encouraged to use their method of choice.

API Client

The various operations and objects used to interact with API v5 are defined in a specification document. This allows us to utilize various tooling to ingest that specification to generate documentation and an API Client, which can be used to generate cURL commands for all operations.

To access the API client on your Masking Engine, go to http://myMaskingEngine.myDomain.com/masking/api-client.

To access the API client documentation without an engine, please refer to the static HTML representations here:

To see how to log into the API client and for some starter recipes, please check out API Cookbook document.

Supported Features

API v5 is in active development but does not currently support all features that are accessible in the GUI. The list of supported features will expand over the course of subsequent releases.

For a full list of supported APIs, the best place to look is the API client on your Masking Engine.

API Calls for Masking Administration

The Delphix Masking Engine supports the following two types of administrative APIs:

  • Analytics APIs

    • These APIs are for including Masking performance information in the support bundle and do not need to be used unless that information is requested.
  • Application Setting APIs

    • Application Setting APIs allow an administrator to change the Delphix Masking Engine settings. Presently there are five categories of settings: analytics settings, LDAP settings, general settings, mask settings and profile settings. Over time, more settings will be added to give users direct control over the product's various settings. Below are the details of currently supported settings.

Application Settings APIs

General Group Settings

Setting Group Setting Name Type Description Default Value
general EnableMonitorRowCount Boolean Controls whether a job displays the total number of rows that are being masked. Setting this to false reduces the startup time of all jobs. true
PasswordTimeSpan Integer [0, ∞) The number of hours a user is locked out for before they can attempt to log in again. 23
PasswordCount Integer [0, ∞) The number of incorrect password attempts before a user is locked out. 3
AllowPasswordResetRequest Boolean When true, users can request a password reset link be sent to the email associated with their account. true
PasswordResetLinkDuration Integer [1, ∞) Controls how many minutes the password reset link is valid for. 5

Algorithm Group Settings

Setting Group Setting Name Type Description Default Value
algorithm DefaultNonConformantDataHandling String {DONT_MASK, FAIL} Default algorithm behavior for Handling of NonConformant Data patterns. DONT_MASK

Database Group Settings

Setting Group Setting Name Type Description Default Value
database DB2zDateFormat String Default Date String format to use for DB2 zOS if the database is not using one of the pre-defined IBM DB2 zOS Date String formats. Default is ISO Date String format. yyyy-MM-dd

LDAP Group Settings

Setting Group Setting Name Type Description Default Value
ldap Enable Boolean Used to enable and disable LDAP authentication false
LdapHost String Host of LDAP server 10.10.10.31
LdapPort Integer [0, ∞) Port of LDAP server 389
LdapBasedn String Base DN of LDAP server DC=tbspune,DC=com
LdapFilter String Filter for LDAP authentication (&(objectClass=person)(sAMAccountName=?))
MsadDomain String MSAD Domain for LDAP authentication AD
LdapTlsEnable Boolean Enable and disable the use of TLS for LDAP connections. false

Warning

In the LDAP group, once the "Enable" setting is set to "true", all users logging in will be authenticated via the LDAP server. Local authentication will no longer work. Before setting this to true set all other LDAP settings correctly and create the necessary LDAP users on the masking engine.

Mask Group Settings

Setting Group Setting Name Type Description Default Value
mask DatabaseCommitSize Integer [1, ∞) Controls how many rows are updated (Batch Update) to the database before the transaction is committed. 10000
DefaultStreams Integer [1, ∞) Default number of streams for a masking job. 1
DefaultUpdateThreads Integer [1, ∞) Default number of database update threads for a masking job. 1
DefaultMaxMemory Integer [1024, ∞) Default maximum memory for masking jobs (in megabytes). 1024
DefaultMinMemory Integer [1024, ∞) Default minimum memory for masking jobs (in megabytes). 1024

Profile Group Settings

Setting Group Setting Name Type Description Default Value
profile EnableDataLevelCount Boolean When enabled, only profile the number of rows specified by DataLevelRows when running data level profiling jobs.

When disabled, profile all rows when running data level profiling jobs.
false
DataLevelRows Integer [1, ∞) The number of rows a data level profiling job samples when profiling a column. This is only used when EnableDataLevelCount is true. 100
DataLevelPercentage Double (0, ∞) Percentage of rows that must match the data level regex to consider this column a match, and thus sensitive. 80.0
IgnoreDatatype String Datatypes that a profiling job should ignore. Columns of these types will not be assigned a domain/algorithm pair. BIT,BOOLEAN,CHAR#1,VARCHAR#1,VARCHAR2#1,NCHAR#1,
NVARCHAR#1,NVARCHAR2#1,BINARY,VARBINARY,IMAGE,
LOB,LONG,BLOB,CLOB,NCLOB,BFILE,RAW,ENUM,BFILE
DefaultStreams Integer [1, ∞) Default number of streams for a profiling job. 1
DefaultMaxMemory Integer [1024, ∞) Default maximum memory for profiling jobs (in megabytes). 1024
DefaultMinMemory Integer [1024, ∞) Default minimum memory for profiling jobs (in megabytes). 1024

Job Group Settings

Setting Group Setting Name Type Description Default Value
job JobLoggingLevel String {Basic, Detailed} Controls the amount of information being logged from a job's output. Warning: the Detailed setting may log sensitive information when errors occur. Although this information can be very valuable when debugging a problem, it should be used with care. Basic