Manage Sensitive Data Discovery (SDD)
Sensitive data discovery (SDD) API reference guide
Workflow
Create an identifier
To run this identifier against your data, ensure it is added to a framework.
POST
/sdd/classifier
Create an identifier.
Payload parameters
name
string
Unique, request-friendly identifier name. Must be uppercase letters or numbers.
Yes
displayName
string
Unique, human-readable identifier name.
Yes
description
string
The identifier description.
Yes
type
string
The type of identifier: regex
, dictionary
, columnNameRegex
, or builtIn
.
Yes
config
object
The configuration of the identifier, which includes config.values
, config.caseSensitive
, config.regex
, config.columnNameRegex
, and config.tags
. The config object must include one of the following: config.regex
, config.columnNameRegex
, or config.values
.
Yes
config.tags
array[string]
The default resulting tags to apply when the identifier is matched; they must begin with Discovered .
.
No
config.regex
string
A case-insensitive regular expression to match against column values.
No
config.columnNameRegex
string
A case-insensitive regular expression to match against column names.
No
config.values
array[string]
The list of words included in the dictionary to match against column values.
No
config.caseSensitive
boolean
Indicates whether or not values
are case sensitive. Defaults to false
.
No
config.minConfidence
integer
Apply tags when the identifier match is at least this percentage. Not supported for native SDD. Must be between 0 and 1.
Yes
Response parameters
createdBy
array
Includes details about the user who created the identifier, such as their profile id
, name
, and email
.
name
string
Unique, request-friendly identifier name.
displayName
string
Unique, human-readable identifier name.
description
string
The identifier description.
type
string
The type of identifier: regex
, dictionary
, columnNameRegex
, or builtIn
.
config
object
The configuration of the identifier, which includes config.values
, config.caseSensitive
, config.regex
, config.columnNameRegex
, and config.tags
.
config.tags
array[string]
The default resulting tags to apply to the data source when the identifier is matched.
config.columnNameRegex
string
A case-insensitive regular expression to match against column names.
config.regex
string
A case-insensitive regular expression to match against column values.
config.values
array[string]
The list of words included in the dictionary to match against column values.
config.caseSensitive
boolean
Indicates whether or not values
are case sensitive.
config.minConfidence
integer
Apply tags when the identifier match is at least this percentage. Not supported for native SDD.
createdAt
date
When the identifier was created.
updatedAt
date
When the identifier was last updated.
Request example
The following request creates an identifier, saved in example-payload.json
.
Payload examples
Response example
Create an identification framework
POST
/sdd/template
Create an identification framework.
Payload parameters
name
string
Unique, request-friendly framework name. Must be uppercase letters or numbers.
Yes
displayName
string
Unique, human-readable framework name.
Yes
description
string
The framework description.
Yes
classifiers
array
The identifiers to include in the framework and any additional overrides for those identifiers.
Yes
classifiers.name
string
The name of the identifier to include in the framework.
Yes
classifiers.overrides
array
The overrides to modify the identifier for this framework.
No
classifiers.overrides.tags
array
The resulting tags to apply when the identifier is matched. These tags will override the identifier's default tags and must begin with Discovered .
.
No
Response parameters
id
integer
The unique ID of the framework.
createdBy
array
Includes details about the user who created the framework, such as their profile id
, name
, and email
.
name
string
Unique, request-friendly framework name.
displayName
string
Unique, human-readable framework name.
description
string
The framework description.
classifiers
array
The identifiers in the framework and any overrides for those identifiers.
createdAt
date
When the framework was created.
updatedAt
date
When the framework was last updated.
Request example
The following request creates an identification framework that contains 2 identifiers, saved in example-payload.json
.
Payload example
Response example
Search for identifiers or identification frameworks
GET
sdd/classifier
GET
sdd/template
GET
sdd/classifier/{classifierName}
GET
sdd/template/{templateName}
GET
sdd/template/global
List or search for identifiers
GET
/sdd/classifier
List or search identifiers.
Query parameters
sortField
string
The field to sort the search results: id
, name
, displayName
, type
, createdAt
, or updatedAt
.
No
sortOrder
string
Denotes whether to sort the results in ascending (asc
) or descending (desc
) order. Default is asc
.
No
offSet
integer
Use in combination with limit
to fetch pages.
No
limit
integer
Limits the number of results displayed per page.
No
type
array[string]
Searches based on identifier type: regex
, dictionary
, builtIn
, or columnNameRegex
.
No
searchText
string
A partial, case-insensitive search on name.
No
Response parameters
count
integer
The number of identifiers found matching the search criteria.
createdBy
array
Includes details about the user who created the identifier, such as their profile id
, name
, and email
.
name
string
Unique, request-friendly identifier name.
displayName
string
Unique, human-readable identifier name.
description
string
The identifier description.
type
string
The type of identifier: regex
, dictionary
, columnNameRegex
, or builtIn
.
config
object
The configuration of the identifier, which includes config.values
, config.caseSensitive
, config.regex
, config.columnNameRegex
, and config.tags
.
config.tags
array[string]
The default resulting tags to apply when the identifier is matched.
config.columnNameRegex
string
A case-insensitive regular expression to optionally match against column names.
config.regex
string
A case-insensitive regular expression to match against column values.
config.values
array[string]
The list of words included in the dictionary to match against column values.
config.caseSensitive
boolean
Indicates whether or not values
are case sensitive.
createdAt
date
When the identifier was created.
updatedAt
date
When the identifier was last updated.
Request example
The following request lists 5 identifiers.
Response example
List or search for identification frameworks
GET
/sdd/template
List or search identification frameworks.
Query parameters
sortField
string
The field to sort the search results: id
, name
, displayName
, type
, createdAt
, or updatedAt
.
No
sortOrder
string
Denotes whether to sort the results in ascending (asc
) or descending (desc
) order. Default is asc
.
No
offSet
integer
Use in combination with limit
to fetch pages.
No
limit
integer
Limits the number of results displayed per page.
No
classifiers
array[string]
Filters framework results to those containing the specified identifiers.
No
searchText
string
A partial, case-insensitive search on the framework name.
No
Response parameters
count
integer
The number of identification frameworks found matching the search criteria.
id
integer
The unique ID of the framework.
createdBy
array
Includes details about the user who created the framework, such as their profile id
, name
, and email
.
name
string
Unique, request-friendly framework name.
displayName
string
Unique, human-readable framework name.
description
string
The framework description.
classifiers
array
The identifiers in the framework and any overrides for those identifiers.
createdAt
date
When the framework was created.
updatedAt
date
When the framework was last updated.
Request example
The following request lists all identification frameworks.
Response example
View an identifier by name
GET
/sdd/classifier/{classifierName}
Get an identifier by name.
Query parameters
classifierName
string
The name of the identifier.
Yes
Response parameters
id
integer
The unique ID of the identifier.
createdBy
array
Includes details about the user who created the identifier, such as their profile id
, name
, and email
.
name
string
Unique, request-friendly identifier name.
displayName
string
Unique, human-readable identifier name.
description
string
The identifier description.
type
string
The type of identifier: regex
, dictionary
, columnNameRegex
, or builtIn
.
config
object
The configuration of the identifier, which includes config.values
, config.caseSensitive
, config.regex
, config.columnNameRegex
, and config.tags
.
config.tags
array[string]
The name of the resulting tags to apply to the data source.
config.columnNameRegex
string
A case-insensitive regular expression to optionally match against column names.
config.regex
string
A case-insensitive regular expression to match against column values.
config.values
array[string]
The list of words included in the dictionary to match against column values.
config.caseSensitive
boolean
Indicates whether or not values
are case sensitive.
createdAt
date
When the identifier was created.
updatedAt
date
When the identifier was last updated.
Request example
This request gets the identifier named MY_REGEX_IDENTIFIER
.
Response example
View an identification framework by name
GET
/sdd/template/{templateName}
Get an identification framework by name.
Query parameters
templateName
string
The name of the identification framework.
Yes
Response parameters
id
integer
The unique ID of the framework.
createdBy
array
Includes details about the user who created the framework, such as their profile id
, name
, and email
.
name
string
Unique, request-friendly framework name.
displayName
string
Unique, human-readable framework name.
description
string
The framework description.
classifiers
array
The identifiers in the framework and any overrides for those identifiers.
createdAt
date
When the framework was created.
updatedAt
date
When the framework was last updated.
Request example
This request gets the identification framework named MY_FIRST_FRAMEWORK
.
Response example
View the current global framework
GET
/sdd/template/global
View the current global framework.
Response parameters
id
integer
The unique ID of the framework.
name
string
Unique, request-friendly framework name.
displayName
string
Unique, human-readable framework name.
description
string
The framework description.
classifiers
array
The identifiers in the framework and any overrides for those identifiers.
createdBy
array
Includes details about the user who created the framework, such as their profile id
, name
, and email
.
createdAt
date
When the framework was created.
updatedAt
date
When the framework was last updated.
Request example
This request gets the current global framework information.
Response example
Apply identification frameworks to data sources
PUT
/sdd/template/apply
Apply an identification framework to a set of data sources.
Payload parameters
template
string
The name of the identification framework to apply to the data sources. null
to clear current framework, and the data source will use the global framework.
Yes
sources
string
The name of the data sources to apply the framework to.
Yes
Response parameters
success
boolean
When true
, the request was successful.
Request example
This request applies the MY_FIRST_FRAMEWORK
framework to the Public Case
data source.
Payload example
Response example
Run SDD on data sources
POST
/sdd/run
Run SDD on specified data sources.
Payload parameters
sources
string
The name of the data sources to apply the identification framework to.
Yes
all
boolean
If true
, SDD will run on all Immuta data sources.
No
wait
integer
The number of seconds to wait for the SDD jobs to finish. The value -1
will wait until the jobs complete. Default is -1
.
No
dryRun
boolean
When true
, SDD will not update the tags on the data source(s). Instead of applying tags, SDD returns the tags that would be applied to the data source. This allows users to evaluate whether or not identifiers or frameworks are applying tags correctly without updating the data source. Default is false
.
No
template
string
If passed, Immuta will run SDD with this framework instead of the applied framework on the data source(s). Passing template
when dryRun
is false
will cause an error.
No
Response parameters
id
string
The unique identifier of the job.
state
string
The job state. Statuses include created
, retry
, active
, completed
, expired
, cancelled
, or failed
.
output
array[string]
Information about the tags applied on the data source, including diff
(added
and removed
tags) and the current state of allTags
on all columns in the data sources.
Request example: Run SDD on a single data source
This request runs SDD on the data source Public Case
.
Payload example
Response example
Request example: Run SDD on all data sources
This request runs SDD on all your data sources.
Payload example
Response example
Request example: Test run SDD on all data sources
This request runs SDD on the Medical Claims data source with the PII_REVISION
framework, but will not tag any columns if matches are found.
Payload example
Response example
Update identifiers or identification frameworks
PUT
/sdd/classifier/{classifierName}
POST
sdd/classifier/template/{templateName}/clone
PUT
/sdd/template/{templateName}
Update an identifier
PUT
/sdd/classifier/{classifierName}
Update an identifier. Partial updates are not supported.
Query parameters
classifierName
string
The name of the identifier to update.
Yes
Payload parameters
name
string
Unique, request-friendly identifier name. Must be uppercase letters or numbers.
Yes
displayName
string
Unique, human-readable identifier name.
Yes
description
string
The identifier description.
Yes
type
string
The type of identifier: regex
, dictionary
, columnNameRegex
, or builtIn
.
Yes
config
object
The configuration of the identifier, which includes config.values
, config.caseSensitive
, config.regex
, config.columnNameRegex
, and config.tags
. The config object must contain one of the following: config.regex
, config.columnNameRegex
, or config.values
.
Yes
config.tags
array[string]
The default resulting tags to apply when the identifier is matched; they must begin with Discovered .
.
No
config.regex
string
A case-insensitive regular expression to match against column values.
No
config.columnNameRegex
string
A case-insensitive regular expression to match against column names.
No
config.values
array[string]
The list of words included in the dictionary to match against column values.
No
config.caseSensitive
boolean
Indicates whether or not values
are case sensitive. Defaults to false
.
No
config.minConfidence
integer
Apply tags when the identifier match is at least this percentage. Not supported for native SDD. Must be between 0 and 1.
Yes
Response parameters
createdBy
array
Includes details about the user who created the identifier, such as their profile id
, name
, and email
.
name
string
Unique, request-friendly identifier name.
displayName
string
Unique, human-readable identifier name.
description
string
The identifier description.
type
string
The type of identifier: regex
, dictionary
, columnNameRegex
, or builtIn
.
config
object
The configuration of the identifier, which includes config.values
, config.caseSensitive
, config.regex
, config.columnNameRegex
, and config.tags
.
config.tags
array[string]
The default resulting tags to apply to the data source when the identifier is matched.
config.columnNameRegex
string
A case-insensitive regular expression to match against column names.
config.regex
string
A case-insensitive regular expression to match against column values.
config.values
array[string]
The list of words included in the dictionary to match against column values.
config.caseSensitive
boolean
Indicates whether or not values
are case sensitive.
createdAt
date
When the identifier was created.
updatedAt
date
When the identifier was last updated.
Request example
The following request updates the name and description of the MY_REGEX_IDENTIFIER
identifier.
Payload example
Response example
Clone an identification framework
POST
/sdd/template/{templateName}/clone
Clone an identification framework.
Query parameters
templateName
string
The name of the identification framework to clone.
Yes
Payload parameters
name
string
Unique, request-friendly framework name for the cloned framework.
Yes
displayName
string
Unique, human-readable framework name for the cloned framework.
Yes
description
string
The cloned framework description.
No
Response parameters
id
integer
The unique ID of the framework.
createdBy
array
Includes details about the user who created the framework, such as their profile id
, name
, and email
.
name
string
Unique, request-friendly framework name.
displayName
string
Unique, human-readable framework name.
description
string
The framework description.
classifiers
array
The identifiers in the framework and any overrides for those identifiers.
createdAt
date
When the framework was created.
updatedAt
date
When the framework was last updated.
Request example
This request clones the MY_FIRST_FRAMEWORK
identification framework.
Payload example
Response example
Update an identification framework
PUT
/sdd/template/{templateName}
Update an identification framework.
Query parameters
templateName
string
The name of the identification framework to update.
Yes
Payload parameters
name
string
Unique, request-friendly framework name. Must be uppercase letters or numbers.
Yes
displayName
string
Unique, human-readable framework name.
Yes
description
string
The framework description.
Yes
classifiers
array
The identifiers to include in the framework and any additional overrides for those identifiers.
Yes
classifiers.name
string
The name of the identifier to include in the framework.
Yes
classifiers.overrides
array
The overrides to modify the identifier for this framework.
No
classifiers.overrides.tags
array
The resulting tags to apply when the identifier is matched. These tags will override the identifier's default tags and must begin with Discovered .
.
No
Response parameters
id
integer
The unique ID of the framework.
createdBy
array
Includes details about the user who created the framework, such as their profile id
, name
, and email
.
name
string
Unique, request-friendly framework name.
displayName
string
Unique, human-readable framework name.
description
string
The framework description.
classifiers
array
The identifiers in the framework and any overrides for those identifiers.
createdAt
date
When the framework was created.
updatedAt
date
When the framework was last updated.
Request example
The following request updates the name of, description of, and identifiers in the MY_FIRST_FRAMEWORK
identification framework.
Payload example
Response example
Delete identifiers or identification frameworks
DELETE
/sdd/classifier/{classifierName}
DELETE
/sdd/template/{templateName}
Delete an identifier
DELETE
/sdd/classifier/{classifierName}
Delete an identifier.
Query parameters
classifierName
string
The name of the identifier to delete.
Yes
Response parameters
createdBy
array
Includes details about the user who created the identifier, such as their profile id
, name
, and email
.
name
string
Unique, request-friendly identifier name.
displayName
string
Unique, human-readable identifier name.
description
string
The identifier description.
type
string
The type of identifier: regex
, dictionary
, columnNameRegex
, or builtIn
.
config
object
The configuration of the identifier, which includes config.values
, config.caseSensitive
, config.regex
, config.columnNameRegex
, and config.tags
.
config.tags
array[string]
The default resulting tags to apply to the data source when the identifier is matched.
config.columnNameRegex
string
A case-insensitive regular expression to match against column names.
config.regex
string
A case-insensitive regular expression to match against column values.
config.values
array[string]
The list of words included in the dictionary to match against column values.
config.caseSensitive
boolean
Indicates whether or not values
are case sensitive.
createdAt
date
When the identifier was created.
updatedAt
date
When the identifier was last updated.
Request example
The following request deletes the REGULAR_EXPRESSION
identifier.
Response example
Delete an identification framework
DELETE
/sdd/template/{templateName}
Delete an identification framework.
Query parameters
templateName
string
The name of the identification framework to delete.
Yes
Response parameters
id
integer
The unique ID of the framework.
createdBy
array
Includes details about the user who created the framework, such as their profile id
, name
, and email
.
name
string
Unique, request-friendly framework name.
displayName
string
Unique, human-readable framework name.
description
string
The framework description.
classifiers
array
The identifiers in the framework and any overrides for those identifiers.
createdAt
date
When the framework was created.
updatedAt
date
When the framework was last updated.
Request example
The following request deletes the HEALTH_DATA
identification framework.
Response example
Last updated