API Reference
HTTP endpoints for tokenize, detokenize, and health.
All endpoints accept and return JSON. Authentication uses a Bearer token (your API key) in the Authorization header.
POST /api/v1/tokenize
Convert sensitive values into format-preserving tokens. Authentication uses Bearer token (your API key) in the Authorization header.
bash · terminal
1curl -sS -X POST "http://localhost:8080/api/v1/tokenize" \2-H "Content-Type: application/json" \3-d '{4"data": {5"email": "user@example.com",6"name": "user example"7}8}'
Response — 200 OK:
json · terminal
{"data":{"email":"qfhw@reviudq.cnr_stx","Name":"vpqhbmudaon_stx"},"Request_id":"e1a94539-8ae9-4538-8329-999d27765a19"}
| Status | Reason | Body |
|---|---|---|
| 400 | Invalid value or unsupported type | {"error":"invalid_type","message":"..."} |
| 401 | Missing or invalid API key | {"error":"unauthorized"} |
| 429 | Rate limit exceeded | {"error":"rate_limit","retry_after":1} |
| 500 | Internal error (DB, license) | {"error":"internal_error","message":"..."} |
POST /api/v1/detokenize
Reverse a token back to its original plaintext value. Call only from trusted services.
bash · terminal
1curl -sS -X POST "http://localhost:8080/api/v1/detokenize" \2-H "Content-Type: application/json" \3-d '{4"data": {5"email": "qfhw@reviudq.cnr_stx",6"name": "vpqh bmudaon_stx"7}8}'
Response — 200 OK:
json · terminal
{"data":{"email":"user@example.com","name":"user example"},"Status":"success","Request_id":"322ce6bd-d400-473b-b523-cdbf689172bb"}
Detokenize is a trust boundary
Any service with the API key can detokenize every token. Restrict detokenize-capable services to those that genuinely need plaintext.
GET /health
Health check endpoint. No authentication required. Use for Kubernetes liveness and readiness probes.
json · terminal
{"status":"ok","timestamp":"2026-05-15T10:30:00Z","postgres":"ok","version":"1.0.4"}