vgs_api_client
VgsApiClient - the Ruby gem for the Vault HTTP API
Storing, retrieving, and managing sensitive data within a VGS organization.
NOTE: The Vault API is intended only for environments that are already PCI-compliant. If you want to use this API, but are not yet PCI-compliant, you can use VGS Collect or VGS Proxy with Inbound Routes to quickly and seamlessly achieve compliance.
Looking for the old version of the API? Find it here.
Introduction
Each encrypted value stored in a VGS vault has one or multiple aliases associated with it. These aliases are fully opaque and retain no information about the underlying data. The user may safely store aliases without compromising data security.
NOTE: The API works with persistent storage only. Unlike volatile storage, this means that the data is stored permanently, without any implicit TTL.
Aliases are not valuable on their own. However, they can be used to decrypt the associated value and pass it to another service via the forward proxy.
Alias Formats
Each alias corresponds to a certain format. There are several alias formats suitable for different kinds of sensitive data.
For example, UUID produces a random Base58-encoded UUID string with an
environment-dependent prefix:
tok_sandbox_bhtsCwFUzoJMw9rWUfEV5e
This format is generic and suitable for any kind of data.
The tables below contain descriptions of all alias formats recognized by the API.
Generic Formats
| Value | Description |
|---|---|
NUM_LENGTH_PRESERVING |
Length-Preserving, Numeric |
RAW_UUID |
UUID |
UUID |
UUID (Prefixed, Base58-Encoded) |
GENERIC_T_FOUR |
UUID (Prefixed, Base58-Encoded, Last four preserving) |
Account Number Formats
| Value | Description |
|---|---|
FPE_ACC_NUM_T_FOUR |
Length-Preserving, Numeric (A4) |
FPE_ALPHANUMERIC_ACC_NUM_T_FOUR |
Length-Preserving, Alphanumeric (A4) |
Payment Card Formats
| Value | Description |
|---|---|
FPE_SIX_T_FOUR |
Format-Preserving, Luhn Valid (6T4) |
FPE_T_FOUR |
Format-Preserving, Luhn Valid (T4) |
PFPT |
Prefixed, Luhn Valid, 19-Digit Fixed Length |
SSN Formats
| Value | Description |
|---|---|
FPE_SSN_T_FOUR |
Format-Preserving (A4) |
Authentication
This API uses Basic authentication.
Credentials to access the API can be generated on the dashboard by going to the Settings section of the vault of your choosing.
Docs » Guides » Access credentials
Rate Limiting
The API allows up to 3,000 requests per minute. Requests are associated with the vault, regardless of the access credentials used to authenticate the request.
Your current rate limit is included as HTTP headers in every API response:
| Header Name | Description |
|---|---|
x-ratelimit-remaining |
The number of requests remaining in the 1-minute window. |
If you exceed the rate limit, the API will reject the request with HTTP 429 Too Many Requests.
Errors
The API uses standard HTTP status codes to indicate whether the request succeeded or not.
In case of failure, the response body will be JSON in a predefined format. For example, trying to create too many aliases at once results in the following response:
{
\"errors\": [
{
\"status\": 400,
\"title\": \"Bad request\",
\"detail\": \"Too many values (limit: 20)\",
\"href\": \"https://api.sandbox.verygoodvault.com/aliases\"
}
]
}
This SDK is automatically generated by the OpenAPI Generator project:
- API version: 1.0.0
- Package version: 0.0.28
- Build package: org.openapitools.codegen.languages.RubyClientCodegen
Installation
Build a gem
To build the Ruby code into a gem:
gem build vgs_api_client.gemspec
Then either install the gem locally:
gem install ./vgs_api_client-0.0.28.gem
(for development, run gem install --dev ./vgs_api_client-0.0.28.gem to install the development dependencies)
or publish the gem to a gem hosting service, e.g. RubyGems.
Finally add this to the Gemfile:
gem 'vgs_api_client', '~> 0.0.28'
Install from Git
If the Ruby gem is hosted at a git repository: https://github.com/verygoodsecurity/vgs-api-client-ruby, then add the following in the Gemfile:
gem 'vgs_api_client', :git => 'https://github.com/verygoodsecurity/vgs-api-client-ruby.git'
Include the Ruby code directly
Include the Ruby code directly using -I as follows:
ruby -Ilib script.rb
Getting Started
Please follow the installation procedure and then run the following code:
# Load the gem
require 'vgs_api_client'
# Setup authorization
VgsApiClient.configure do |config|
# Configure HTTP basic authorization: basicAuth
config.username = 'YOUR_USERNAME'
config.password = 'YOUR_PASSWORD'
end
api_instance = VgsApiClient::AliasesApi.new
opts = {
create_aliases_request: VgsApiClient::CreateAliasesRequest.new({data: [TODO]}) # CreateAliasesRequest |
}
begin
#Create aliases
result = api_instance.create_aliases(opts)
p result
rescue VgsApiClient::ApiError => e
puts "Exception when calling AliasesApi->create_aliases: #{e}"
end
Documentation for API Endpoints
All URIs are relative to https://api.sandbox.verygoodvault.com
| Class | Method | HTTP request | Description |
|---|---|---|---|
| VgsApiClient::AliasesApi | create_aliases | POST /aliases | Create aliases |
| VgsApiClient::AliasesApi | delete_alias | DELETE /aliases/alias | Delete alias |
| VgsApiClient::AliasesApi | reveal_alias | GET /aliases/alias | Reveal single alias |
| VgsApiClient::AliasesApi | reveal_multiple_aliases | GET /aliases | Reveal multiple aliases |
| VgsApiClient::AliasesApi | update_alias | PUT /aliases/alias | Update data classifiers |
Documentation for Models
- VgsApiClient::AliasFormat
- VgsApiClient::ApiError
- VgsApiClient::CreateAliasesRequest
- VgsApiClient::CreateAliasesRequestExisting
- VgsApiClient::CreateAliasesRequestNew
- VgsApiClient::InlineResponse200
- VgsApiClient::InlineResponse2001
- VgsApiClient::InlineResponse201
- VgsApiClient::InlineResponseDefault
- VgsApiClient::ModelAlias
- VgsApiClient::RevealedData
- VgsApiClient::UpdateAliasRequest
- VgsApiClient::UpdateAliasRequestData
Documentation for Authorization
basicAuth
- Type: HTTP basic authentication