Removing Token Vault Mapping
This section describes how to use the Remove Token Vault Mapping feature in the Automation API. This feature enables the mapping between an original value and a tokenized value to be removed from the Token Vault. This feature provides support for meeting Right to be Forgotten (RtbF) requests under the General Data Protection Regulation (GDPR). For more information, see What is the Right to be Forgotten?.
Requirements
The following requirements must be met in order for you to be able to use this feature:
You must be using either an OracleDB or Postgres for your Token Vault. (See, Token Vault Types.)
You must have the Remove Token Mapping permission to execute the request. (See, Managing Roles.)
You must understand the impact of using this feature. For more information, see Important Considerations.
Execution
To remove a Token Vault mapping, a POST request needs to be submitted to the following PDD API endpoint:
/policy-manager/api/v3/pdds/{pddId}/remove-token-mapping-requestsThe endpoint expects the following JSON body:
POST
/policy-manager/api/v3/pdds/abc123/remove-token-mapping-requests
HTTP/1.1
Content-Type: application/json
{
"identifier": {
"value": "12345",
"dataType": "TEXT"
},
"rule": {
"id": "1234ab"
}
}Status Endpoint
The status of the request can be retrieved by submitting a GET request to:
/policy-manager/api/v3/pdds/{pddId}/remove-token-mapping-requests/{requestId}The possible statuses are SUCCESS, FAILURE and RUNNING. The endpoint will return 200 OK regardless of the actual status. For example:
HTTP/1.1 200 OK
Content-Type application/json
{
"status": "FAILURE",
"failureReason": "Failed to connect to POD",
… other JSON fields
}Result
After a token mapping has been removed, attempts to Unmask and re-identify the value will fail.
The value will be assigned a new token should it be encountered again by the same rule in the same PDD, and the previous token will not be reused. For more information, see Important Considerations.