API Reference

HTTP endpoints for tokenize, detokenize, and health.

All endpoints accept and return JSON. Authentication uses a Bearer token (your API key) in the Authorization header.

POST /api/v1/tokenize

Convert sensitive values into format-preserving tokens. Authentication uses Bearer token (your API key) in the Authorization header.

bash · terminal
1curl -sS -X POST "http://localhost:8080/api/v1/tokenize" \
2 -H "Content-Type: application/json" \
3 -d '{
4 "data": {
5 "email": "user@example.com",
6 "name": "user example"
7 }
8}'

Response — 200 OK:

json · terminal
{"data":{"email":"qfhw@reviudq.cnr_stx","Name":"vpqhbmudaon_stx"},"Request_id":"e1a94539-8ae9-4538-8329-999d27765a19"}
StatusReasonBody
400Invalid value or unsupported type{"error":"invalid_type","message":"..."}
401Missing or invalid API key{"error":"unauthorized"}
429Rate limit exceeded{"error":"rate_limit","retry_after":1}
500Internal error (DB, license){"error":"internal_error","message":"..."}

POST /api/v1/detokenize

Reverse a token back to its original plaintext value. Call only from trusted services.

bash · terminal
1curl -sS -X POST "http://localhost:8080/api/v1/detokenize" \
2 -H "Content-Type: application/json" \
3 -d '{
4 "data": {
5 "email": "qfhw@reviudq.cnr_stx",
6 "name": "vpqh bmudaon_stx"
7 }
8}'

Response — 200 OK:

json · terminal
{"data":{"email":"user@example.com","name":"user example"},"Status":"success","Request_id":"322ce6bd-d400-473b-b523-cdbf689172bb"}

Detokenize is a trust boundary

Any service with the API key can detokenize every token. Restrict detokenize-capable services to those that genuinely need plaintext.

GET /health

Health check endpoint. No authentication required. Use for Kubernetes liveness and readiness probes.

json · terminal
{"status":"ok","timestamp":"2026-05-15T10:30:00Z","postgres":"ok","version":"1.0.4"}

Was this page helpful?