Create hash
Creates a deterministic hash based on an object's property values, collection, and scope. Supports bulk operations.
This operation is similar to using the tokenize operation for a token of type deterministic
. The hash value is identical to the token ID generated for the same combination of collection, object, property values, and scope. However, unlike the token, this hash is not stored in Vault's storage and, as such, cannot be detokenized, searched, or invalidated.
The role performing this operation must have both of these:
- The
CapCryptoHasher
capability. - At least one allowing policy and no denying policies for the
hash
operation for each of the collection properties specified in the call.
See identity and access management for more information about how Vault uses capabilities to control access to operations and policies to control access to data. ``
Request
Path parameters
collection
- string required*The name of a collection.
Query parameters
adhoc_reason
- stringAn ad-hoc reason for accessing the Vault data. Required when
reason
is set toOther
.reason
- stringDetails of the reason for requesting the property. The default is set when no access reason is provided and PVAULT_SERVICE_FORCE_ACCESS_REASON is false.
custom_audit
- stringCustom audit information to be included in the audit log.
reload_cache
- booleanReloads the cache before the action.
Request body
Details of the hashing request.
- application/json
object
- object required*The input object, defined as one and only one of the following properties.
id
: the ID of an object.fields
: property values of an object.encrypted
: an encrypted object.request_index
: the index of the object in the request array.
In stateless mode,
id
is not supported and eitherfields
orencrypted
must be supplied.id
- stringThe ID of an object.
fields
- objectA list of maps of object properties and their values.
Example{
"date_of_birth": "1993-02-22",
"email": "patfar@example.com",
"first_name": "Pat",
"last_name": "Far",
"phone_number": "+11011010101"
}encrypted
- objectAn encrypted object.
ciphertext
- string required*The encrypted object base64 cipher text.
scope
- stringThe scope used to encrypt the object. By default, it uses the scope of the encrypted object.
request_index
- integerThe index of the object in the request array.
Example{
"fields": {
"first_name": "John",
"email": "patfar@example.com"
}
}props
- array of stringsA list of the properties to tokenize.
Each string:scope
- stringA classification for the hash.
fpprops
- array of stringsProperties used by the format preserving template for the ID generation. The templates require these properties:
- the
primary_account_number
template requires a property of typeCC_NUMBER
. The token ID is generated from this property by retaining the first six and last four digits and randomizing the remaining digits.
- the
fptemplate
- stringThe template used to format the generated ID. Supports:
primary_account_number
that generates an ID that is a valid 16-digit PAN (credit card number). If empty, the format of the ID is a UUID.
{
"object": {
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
},
"props": [
"phone_number"
],
"scope": "default"
}
[
{
"object": {
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
},
"props": [
"phone_number"
],
"scope": "default"
}
]
Possible responses
- 200
- 400
- 401
- 403
- 404
- 405
- 409
- 410
- 500
- 501
- 503
The request is successful.
- application/json
token_id
- string required*The ID of the token.
object_id
- stringThe ID of the newly added object, applicable for tokenizing with store_object is true.
[
{
"token_id": "de15a638-354a-11ed-a261-0242ac120002",
"object_id": "cc9a39c5-4734-4786-b317-e16705d5128f"
}
]
The request is invalid.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1001",
"message": "The access reason is missing.",
"context": {
"reason": null
}
}
Authentication credentials are incorrect or missing.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1005",
"message": "The request is unauthorized.",
"context": {}
}
The caller doesn't have the required access rights.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1007",
"message": "The operation is forbidden due to missing capabilities.",
"context": {
"username": "WebServer"
}
}
The collection, objects, or properties aren't found or are missing.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"objectid": "credit_cadr",
"error_code": "PV3003",
"message": "One or more values are invalid."
}
The operation is not allowed.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1026",
"message": "The operation is not allowed in in-memory mode.",
"context": {}
}
A conflict occurs.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV3218",
"message": "Concurrent conflicting updates to the same object.",
"context": {}
}
Access to a resource that is no longer available occurs.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1033",
"message": "The resource is gone.",
"context": {}
}
An error occurs on the server.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1000",
"message": "Something went wrong",
"context": {}
}
Not implemented.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV2001",
"message": "This operation is not implemented.",
"context": {}
}
The service is unavailable.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
error_url
- stringThe URL to the error documentation.
{
"error_code": "PV1009",
"message": "The operation timed out on the server.",
"context": {}
}
Path parameters
Query parameters
Request body
Code examples