Application Protector Python

Learn about the Application Protector (AP) Python.

Protegrity Application Protector (AP) Python Overview

The Protegrity Application Protector (AP) Python provides APIs that integrate with customer applications to protect, unprotect, and reprotect sensitive data.

The AP Python has the following protection and security access methods:

  • Get product version
  • Check access rights for users
  • Protect
  • Unprotect
  • Reprotect

Features of AP Python

The following are the various features of AP Python.

Supported Python distributions

AP Python supports the following distributions on Linux:

  • Python 3.7
  • Python 3.8
  • Python 3.9
  • Python 3.10
  • Python 3.11

Trusted applications

The AP Python can be accessed only by the trusted applications. Any application that protects, unprotects, or reprotects data must first be created as a trusted application.

A trusted application name should be the name of the running application. For example, refer to the sample program in the section Running IAP - Example in the Protegrity Application Protector On-Premises Immutable Policy User Guide 9.1.0.0. Here, the trusted application name is “HelloWorld”. The trusted application user is the user who is running the program.

For AP Python applications, the logis is to determine the fully qualified module name for invoking the APIs.

For more information about how to make an application trusted, refer to Creating a Trusted Application.

Session validity

A session is valid until the sessiontimeout that is passed as a parameter to the create_session API. The default validity of a session is 15 minutes. An active session is renewed every time the session is used.

Session Handling

Sessions are required for audit record generation. A session is valid for a specific time, and it is managed by the timeout value passed during the create_session() method. By default, the session timeout value is set to 15 minutes. For every call to the create_session() method, a new session object is created - a pool of session objects is not maintained. Python’s garbage collector is used for destroying the Session objects once they are out of scope. You can also use the session object as Python’s Context manager using the with statement.

A session is automatically renewed every time it is used. Thus, for each call to a data protection operation, such as, protect, unprotect, and reprotect, the time for the session to remain alive is renewed.

Audit logs

  • Each session generates audit records for every protection method call and data element.

  • Single Data Item Operations

    • Examples:
      • 1 protect operation with data element a and count 1 → 1 audit log
      • 5 protect operations with data element b and count 5 → 5 audit logs
      • 1000 unprotect operations with data element a and count 1000 → 1000 audit logs

  • Bulk Data Item Operations

    • 2 bulk protect operations with bulk size 3 and same data elements → 1 audit log with count 6

  • Trusted Application logs are also included in audit records.

  • Audits are generated in ESA forensics for Security Officer access.

    For more information about Trusted Applications, refer to Working With Trusted Applications.

Error handling

If AP Python is used to perform a security operation on a single data item, then an exception appears in case of any error. Similarly, if AP Python is used to perform a security operation on bulk data, then an exception appears for all errors except the error codes 22, 23, and 44. Instead, an error list is returned for the individual items in the bulk data for error codes 22, 23, and 44.

For more information about the log return codes, refer to Log return codes.

Support for running AP Python in a Development Environment

The AP Python provides support for running it in a development environment. In this mode, the AP Python APIs along with a set of sample users and data elements are used to simulate the behavior of the APIs in production environment. This mode is also known as AP Python mock implementation. Customers can use this mode to test the integration of their applications with the AP Python.

For more information on how to run AP Python in a development environment, refer to Using AP Python in a development environment.

Understanding the Architecture

The architecture and workflow of Application Protector.

System Requirements

Lists the recommended minimum system requirements

Preparing the Environment

The prerequisites to install the AP Python Installation on Linux are described in the section.

Installing the AP Python Protector

Steps to setup AP Python on Linux

Configuring the Protector

Configuring and Verifying AP Python Installation on different platforms

Application Protector Python APIs

The various APIs of the AP Python.

Additional Topics

Learn about the AP Python documentation with advanced operational insights and platform-specific guidance.


Last modified : January 19, 2026