This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Application Protector Python

Learn about the Application Protector (AP) Python.

1: Understanding the Architecture
2: System Requirements
3: Preparing the Environment
4: Installing the AP Python Protector
5: Configuring the Protector
6: Application Protector Python APIs

6.1: Using the AP Python APIs

7: Additional Topics

7.1: Uninstalling the Application Protector
7.2: Memory Usage of the AP Python
7.3: Setting Up AP Python on Linux in a Development Environment
7.4: DevOps Approach for Application Protector Python
7.5: Application Protector API Return Codes
7.6: Config.ini file for Application Protector
7.7: Multi-node Application Protector Architecture

Protegrity Application Protector (AP) Python Overview

The Protegrity Application Protector (AP) Python provides APIs that integrate with customer applications to protect, unprotect, and reprotect sensitive data.

The AP Python has the following protection and security access methods:

Get product version
Check access rights for users
Protect
Unprotect
Reprotect

Features of AP Python

The following are the various features of AP Python.

Supported Python distributions

AP Python supports the following distributions on Linux:

Python 3.7
Python 3.8
Python 3.9
Python 3.10
Python 3.11

Trusted applications

The AP Python can be accessed only by the trusted applications. Any application that protects, unprotects, or reprotects data must first be created as a trusted application.

A trusted application name should be the name of the running application. For example, refer to the sample program in the section Running IAP - Example in the Protegrity Application Protector On-Premises Immutable Policy User Guide 9.1.0.0. Here, the trusted application name is “HelloWorld”. The trusted application user is the user who is running the program.

For AP Python applications, the logis is to determine the fully qualified module name for invoking the APIs.

For more information about how to make an application trusted, refer to Creating a Trusted Application.

Session validity

A session is valid until the sessiontimeout that is passed as a parameter to the create_session API. The default validity of a session is 15 minutes. An active session is renewed every time the session is used.

Session Handling

Sessions are required for audit record generation. A session is valid for a specific time, and it is managed by the timeout value passed during the create_session() method. By default, the session timeout value is set to 15 minutes. For every call to the create_session() method, a new session object is created - a pool of session objects is not maintained. Python’s garbage collector is used for destroying the Session objects once they are out of scope. You can also use the session object as Python’s Context manager using the with statement.

A session is automatically renewed every time it is used. Thus, for each call to a data protection operation, such as, protect, unprotect, and reprotect, the time for the session to remain alive is renewed.

Audit logs

Each session generates audit records for every protection method call and data element.
Single Data Item Operations
- Examples:
  - 1 protect operation with data element a and count 1 → 1 audit log
  - 5 protect operations with data element b and count 5 → 5 audit logs
  - 1000 unprotect operations with data element a and count 1000 → 1000 audit logs
Bulk Data Item Operations
- 2 bulk protect operations with bulk size 3 and same data elements → 1 audit log with count 6
Trusted Application logs are also included in audit records.
Audits are generated in ESA forensics for Security Officer access.
For more information about Trusted Applications, refer to Working With Trusted Applications.

Error handling

If AP Python is used to perform a security operation on a single data item, then an exception appears in case of any error. Similarly, if AP Python is used to perform a security operation on bulk data, then an exception appears for all errors except the error codes 22, 23, and 44. Instead, an error list is returned for the individual items in the bulk data for error codes 22, 23, and 44.

For more information about the log return codes, refer to Log return codes.

Support for running AP Python in a Development Environment

The AP Python provides support for running it in a development environment. In this mode, the AP Python APIs along with a set of sample users and data elements are used to simulate the behavior of the APIs in production environment. This mode is also known as AP Python mock implementation. Customers can use this mode to test the integration of their applications with the AP Python.

For more information on how to run AP Python in a development environment, refer to Using AP Python in a development environment.

1 - Understanding the Architecture

The architecture and workflow of Application Protector.

This page describes the architecture, the individual components, and the workflow of the Protegrity Application Protector (AP) solution.

Architecture and Workflow

The following figure illustrates the deployment architecture of the Application Protector (AP).

Architecture and Workflow of Application Protector

The following table describes the components of the AP deployment architecture.

Component	Description
Customer Application	Built in supported programming languages and integrates with AP for data protection.
Application Protector	Core protection engine that enforces security policies and performs data protection operations.
Configuration File (config.ini)	Contains initialization parameters passed to AP during startup.
Native Interface	Native interface between AP and the C layer. Java: Java Native Interface (JNI) layer Python: Python.h layer
Package Enforcement and Deployment	Downloads policy packages from the RP Agent and executes protection operations, such as, protect, unprotect, and reprotect.
Log Forwarder	Collects logs from AP and forwards them to the Audit Store for centralized auditing.
Resilient Package (RP) Agent	Standalone process that retrieves policy packages from ESA and shares them with AP processes using shared memory IPC.

The following steps describe the workflow of a sample AP deployment in the production environment.

The customer application initializes the SDK.
The configurations that are required configuration parameters are passed to the protector using the config.ini file.
Note: The configurations can be set through environment variables. ENV overrides values in the config.ini file, except for cadence and session timeout which must be set in the config file.
For more information about environment variables configuration, refer to Configuration Parameters for Protector.
The RP Agent regularly syncs with the RP Proxy or ESA to check for policy updates. If a change is detected, the updated policy package is securely downloaded over a TLS channel and stored in shared memory.
The protector synchronizes with shared memory based on the cadence value defined in config.ini file. If a new package is available, it is fetched into process memory. This updated package is then used to perform data protection operations such as, such as, protect, unprotect, and reprotect.
The audit logs generated during protection operations are forwarded to the Audit Store:
- Logs from the application are sent through the Log Forwarder
- Logs from the RP Agent are also forwarded using the Log Forwarder

Components of the Application Protector

The Protegrity Application Protector (AP) solution comprises several key components that work together to enforce data protection policies and ensure secure operations.

Application Protector

The core engine that integrates with customer applications to perform data protection operations:

Protect
Unprotect
Reprotect

AP is available in multiple language-specific variants:

AP Java: For applications developed in Java
AP Python: For applications developed in Python

Resilient Package (RP) Agent

A standalone process responsible for policy synchronization:

To sync with the RP Proxy or ESA at regular intervals of 60 seconds
To detect policy changes and download updated packages over a secure TLS channel
To store the packages in shared memory for use by the protector

Log Forwarder

A log processing tool that handles audit and protection logs:

Collects logs generated by AP and RP Agent
Forwards logs to the Audit Store within ESA

Ports used to transport the protection and audit logs to the ESA:

15780: Configurable
15781: Non-configurable

Package Deployment

The different approaches for package deployment during the initialization process of the Application Protector are described in this section.

Dynamic Package Deployment

Use this approach when the protector needs to continuously check for policy updates after initialization.

Set the cadence parameter to a non-zero value in the config.ini file.
This value defines the interval in seconds at which the protector synchronizes with the RP Agent.
If a policy change is detected, the protector automatically fetches the updated package and applies it during protection operations.
Note: This method ensures that the protector always operates with the latest policy.

Immutable Package Deployment

Use this approach when the protector does not need to check for policy changes after initialization.

Add the [devops] parameter in the config.ini file before initializing the protector.
A REST API call is used to download an envelope-encrypted package from the ESA.
The protector uses this static package for all operations without further synchronization.
For more information about the DevOps approach, refer to DevOps Approach for Application Protector.

2 - System Requirements

Lists the recommended minimum system requirements

The following table lists the minimum hardware configurations.

Hardware Component	Configuration Details
CPU	Depends on the application.
Disk Space	Under 200 MB - including LogForwarder, RP Agent, and AP Java or AP Python.
RAM	Memory usage depends on the AP flavor and application behavior. Refer to AP Java and AP Python

3 - Preparing the Environment

The prerequisites to install the AP Python Installation on Linux are described in the section.

Preparing the Environment for AP Python Installation on Linux

Before installing Protegrity Application Protector (AP) Python on a Linux platform, ensure the following prerequisites are met:

Prerequisites

The Enterprise Security Administrator (ESA) is installed, configured, and running.
The IP address or host name of the ESA is noted.
The Policy Management (PIM) is initialized on the ESA. It creates cryptographic keys and the policy repository for data protection.
For more information about initializing the PIM, refer to Initializing the Policy Management.
The Python 3, versions 3.7 to 3.11, is installed on the same machine.
The latest version of pip, the Python package manager, is installed on the same machine.

4 - Installing the AP Python Protector

Steps to setup AP Python on Linux

Extracting the Setup Scripts and Package

To set up the AP Python on the Linux platform:

Download the ApplicationProtector_Linux-ALL-64_x86-64_PY-3.11_\<version>.tgz file to any location on the machine where you want to install the protector.
Extract the AP Python installation package using the following command.
```
tar –xvf ApplicationProtector_Linux-ALL-64_x86-64_PY-3.11_<version>.tgz
```
The following setup files are extracted:
- ApplicationProtector_Linux-ALL-64_x86-64_PY-3.11_\<version>.tgz
- signatures/ApplicationProtector_Linux-ALL-64_x86-64_PY-3.11_\<version>.sig
Verify the digital signature of the signed AP Python build.
For more information about verifying the signed AP Python build, refer to Verification of Signed Protector Build.
Extract the AP Python installation package again using the following command.
```
tar –xvf ApplicationProtector_Linux-ALL-64_x86-64_PY-3.11_<version>.tgz
```
The following setup files are extracted:
- LogforwarderSetup_Linux_x64_\<version>.sh
- RPAgentSetup_Linux_x64_\<version>.sh
- APPythonSetup_Linux_x64_\<version>.sh
- APPythonDevSetup_Linux_x64_\<version>.tar

Installing Log Forwarder on Linux

The steps to install the Log Forwarder on a Linux platform using the Interactive mode or through the Silent mode, are described in this section.

Note: To preserve all the configurations while upgrading the Log Forwarder, ensure that you backup all the files present under the /opt/protegrity/logforwarder/data/config.d directory.

Using Interactive Mode

To install the Log Forwarder on a Linux platform using the Interactive mode:

Run the Log Forwarder installer using the following command.

./LogforwarderSetup_Linux_x64_<version>.sh

The prompt to enter the Audit Store endpoint appears.

Enter the audit store endpoint (host),
alternative (host:port) to use another port than the default port 9200 :

Enter the Audit Store endpoint that is the Audit Store IP address and the Audit Store port number where the Log Forwarder sends the logs.
Note: The default port number is 9200. If you are using the default port, then do not specify the port number.
Press ENTER.
The added Audit Store endpoint appears on the screen.
The prompt to enter an additional Audit Store appears.
```
Do you want to add another audit store endpoint? [y/n]:
```
If you want to add more than one Audit Store endpoint, then type y otherwise type n. If you need to add additional Audit Store endpoints, then repeat both Step 2 and Step 3 for each additional endpoint to add.
Type the y key to install into the destination directory.
The Log Forwarder is installed in the /opt/protegrity/logforwarder/ directory.
Start the Protegrity Log Forwarder service by using the following command.
```
/opt/protegrity/logforwarder/bin/logforwarderctrl start
```
The Log Forwarder is successfully installed.

Using Silent Mode

You can also execute the Log Forwarder installer without any manual intervention, which is also known as the Silent mode of installation. The following parameters must be provided to execute the installer in the Silent mode.

Parameter	Description
`-e` or `--endpoint`	IP address and port of the Audit Store. Use multiple `-e` or `--endpoint` for multiple endpoints. Default port: 9200
`-d` or `--dir`	Optional installation directory Default: `/opt/protegrity`

At the command prompt, type the following command from the installer directory.

./LogforwarderSetup_Linux_x64_<version>.sh -e <ip address:port number> [-e <ip address:port number>]

To install the Log Forwarder in a custom directory, add the -d or --dir argument to the command to specify the Log Forwarder installation directory.

The following snippet displays a sample command.

./LogforwarderSetup_Linux_x64_<version>.sh -e <ip address:port number> [-e <ip address:port number>] -d <Log Forwarder installation directory>

Installing RP Agent on Linux

The steps to install the RP Agent on a Linux platform using the Interactive mode or through the Silent mode of installation, are described in this section.

Using Interactive Mode

To install the RP Agent on a Linux platform using the Interactive mode:

Run the RP Agent installer using the following command.
```
./RPAgentSetup_Linux_x64_<version>.sh
```
The prompt to enter the upstream hostname or IP address appears.
```
Please enter upstream host name or IP address
[]:
```
Enter the ESA Host Name or IP Address.
Press ENTER.
The prompt to enter the username for downloading certificates appears.
```
Please enter the user name for downloading certificates
[]:
```
Enter the username for downloading the certificates.
Press ENTER.
The prompt to enter the password for downloading the certificates appears.
```
Please enter the password for downloading certificates
[]:
```
Enter ESA password.
Press ENTER to install into the destination directory.
Directories are created under /opt/protegrity/rpagent by default, and the required installation files are installed in these directories.
Ensure that the ESA is up and running with the HubController service in running status to enable automatic downloading of certificates.
If you have installed the RP Agent using the --nocert parameter, then the ESA certificates are not downloaded during the installation. To manually install the certificates to the /opt/protegrity/rpagent/data directory of the RP Agent, perform the following steps.
i. Navigate to the /opt/protegrity/rpagent/bin directory and run the following command.
```
./GetCertificates -u <ESA User with the Export Certificates role> [-h <ESA host name or IP address>] [-p portno] [-d directory]
```
This initiates a secure communication between the RP Agent and the ESA.
ii. Enter the password for the ESA user.
iii. Verify that the following files have been copied to the /opt/protegrity/rpagent/data directory:
- CA.pem
- cert.key
- cert.pem
- rpagent.cfg
- secret.txt
Start the RP Agent by using the following command.
```
/opt/protegrity/rpagent/bin/rpagentctrl start
```
The RP Agent is successfully installed.

Using Silent Mode

You can also execute the RP Agent installer without any manual intervention, which is also known as the Silent mode of installation. The following parameters must be provided to execute the installer in the Silent mode.

Parameter	Description
`-h` or `--host`	The host or IP address of the upstream server that is providing the resilient packages.
`-u` or `--user`	The name of the ESA user with the Export Certificates role.
`-p` or `--password`	The password of the ESA user with the Export Certificates role.
`--port`	The port number of the upstream server that is providing the resilient packages. The default port number is 25400.
`-d` or `--dir`	The installation directory, which is an optional parameter. If the installation directory is not specified, then the installation path is the default directory, which is `/opt/protegrity`.

At the command prompt, type the following command from the installer directory.

./RPAgentSetup_Linux_x64_<version>.sh (-u <user> -p <password>) [-h <host>] [--port <port>]

If you want to install the RP Agent in a directory other than the default directory, then you can add the -d parameter to the command to specify the directory. The following command displays a sample snippet.

./RPAgentSetup_Linux_x64_<version>.sh (-u <user> -p <password>) [-h <host>] [--port <port>] [-d <dir>]

Installing Application Protector Python on Linux

The steps to install the AP Python on a Linux platform using the Linux installer or through the Silent mode of installation, are describes in this section.

Using Linux Installer

To install the AP Python on the Linux platform in a production environment using the Linux installer:

Run the AP Python installer using the following command.

./APPythonSetup_Linux_x64_<version>.sh

The prompt to continue the installation appears.

*****************************************************
Welcome to the AP Python SDK Setup Wizard
*****************************************************

This will install AP Python SDK on your computer.

Do you want to continue? [yes or no]

If you want to continue with the installation of the AP Python SDK, then type yes else type no.
If you type yes, then the prompt to enter the installation directory appears.
```
Please enter installation directory
[/opt/protegrity]:
```
If you type no, then the installation of the AP Python aborts.

The AP Python is extracted in /opt/protegrity/sdk/python directory on a Linux platform.

Navigate to the /opt/protegrity/sdk/python/lib/ directory.
Run the following command to run the pip installer package.
```
pip install appython-<version>.tar.gz
```
Verify that the following directories are created in the AP Python site-packages installation directory:
- appython
- mocks
- pypepprovider
Perform the following steps to access the AP Python Pydoc, which contains the API documentation.
- Run the following command to extract the AP Python setup file:
```
tar –xvf /opt/protegrity/sdk/python/lib/<appython file.tar.gz>
```
  The appython-temp directory is extracted.
- Navigate to the appython-temp\docs\ directory.
- Open the index.html file in a browser to access the AP Python Pydoc.
If you are setting up the AP Python in a virtual Linux environment, then convert the appython-temp\docs directory to a zip file and download it locally. You can then open the index.html file in a browser to access the AP Python Pydoc.

Using Silent Mode

You can also execute the AP Python installer without any manual intervention, which is also known as the Silent mode of installation. The following parameter must be provided to execute the installer in the Silent mode.

Parameter	Description
-dir	Specifies the installation directory, which is an optional parameter. If the installation directory is not specified, then the installation path is the default directory, which is `/opt/protegrity`.

./APPythonSetup_Linux_x64_<version>.sh [-dir <directory>]

5 - Configuring the Protector

Configuring and Verifying AP Python Installation on different platforms

Verifying Installation of AP Python

To verify that the AP Python has been successfully installed:

Login to the machine where the AP Python is installed.
To verify the version of the AP Python, run the following command:
```
pip list
```
The name and version of the installed AP Python package are displayed on the console.
```
appython 10.0.0+x
```
Alternatively, run the get_version API.
To verify that the AP Python is ready to protect data, test some sample data with the protect method.
For more information about the get_version, refer to get_version.
For more information about the protect API, refer to protect.

6 - Application Protector Python APIs

The various APIs of the AP Python.

A session must be created to run the AP Python. Before creating the session, the AP Python verifies whether the application invoking the AP Python APIs is trusted. If it is trusted, then a new session is created, and the protect, unprotect, or reprotect methods can be called, one or many times, depending on the data. After the operation is complete, this session closes implicitly or the session times out if it is idle.

A session is valid for a specific time, which is managed by the timeout value passed during the create_session() method. By default, the session timeout value is set to 15 minutes. For every call to the create_session() method, a new session object is created - a pool of session objects is not maintained. Python’s garbage collector is used for destroying the session objects once they are out of scope. You can also use the session object as Python’s Context manager using the with statement. A session is automatically renewed every time it is used. Thus, for each call to a data protection operation, such as, protect, unprotect, and reprotect, the time for the session to remain alive is renewed.

For single data item calls, a total of three audit log events are generated if you perform the following operations:

1 protect operation with data element a → 1 audit log
5 protect operations with data element b → 5 audit logs
1000 unprotect operations with data element a → 1000 audit logs

For more information about audit logs information, refer to Audit logs.

The following figure explains a basic flow of a session.

AP Python APIs

The AP Python only supports bytes converted from the string data type. Data corruption might occur when a data type is directly converted to bytes and passed as an input to an API. This API supports byte as input and provides byte as output.

You do not have to explicitly close the session. The session is closed implicitly after the API protects, unprotects, or reprotects the data. The session object is implemented as a Python Context Manager and can be used with the with statement.

Supported data types for the AP Python

The AP Python supports the following data types:

Bytes
Date Object
Float
Integer
String

Note: The AP Python does not support the Datetime object.

Supported Modes for AP Python

You can use the AP Python APIs in the following modes:

Production Environment: Use the AP Python APIs to protect, unprotect, and reprotect the data using the data elements deployed on the ESA.
Development Environment: Use sample users and data elements with the AP Python Mock APIs to simulate the protect, unprotect, and reprotect operations. You do not require the Log Forwarder, the RP Agent, and the ESA to be installed on your machine.

Using AP Python in a Production Environment

The various APIs supported by the AP Python in a production environment are described in this section. It describes the syntax of the AP Python APIs and provides the sample use cases.

Initialize the protector

The Protector API returns the Protector object associated with the AP Python APIs. After instantiation, this object is used to create a session. The session object provides APIs to perform the protect, unprotect, or reprotect operations.

Protector(self)

Note: Do not pass the self parameter while invoking the API.

Parameters

None

Returns

Protector: Object associated with the AP Python APIs.

Exceptions

InitializationError: This exception is thrown if the protector fails to initialize.

Example

In the following example, the AP Python is initialized.

from appython import Protector
protector = Protector()

create_session

The create_session API creates a new session. The sessions that are created using this API, automatically time out after the session timeout value has been reached. The default session timeout value is 15 minutes. However, you can also pass the session timeout value as a parameter to this API.

Note: If the session is invalid or has timed out, then the AP Python APIs that are invoked using this session object, may throw an InvalidSessionError exception. Application developers can catch the InvalidSessionError exception and create a session by again by invoking the create_session API.

def create_session(self, policy_user, timeout=15)

Note: Do not pass the self parameter while invoking the API.

Parameters

policy_user: Username defined in the policy, as a string value.
timeout: Session timeout, specified in minutes. By default, the value of this parameter is set to 15. This parameter is optional.

Returns

session: Object of the Session class. A session object is required for calling the data protection operations, such as, protect, unprotect, and reprotect.

Exceptions

ProtectorError: This exception is thrown if a null or empty value is passed as the policy_user parameter.

Example

In the following example, User1 is passed as the policy_user parameter.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")

get_version

The get_version API returns the version of the AP Python in use. Ensure that the version number of the AP Python matches with the AP Python build package.

Note: You do not need to create a session for invoking the get_version API.

def get_version(self)

Note: Do not pass the self parameter while invoking the API.

Parameters

None

Returns

String: Product version of the installed AP Python.

Exceptions

None

Example

In the following example, the current version of the installed AP Python is retrieved.

from appython import Protector
protector = Protector()
print(protector.get_version())

Result

10.0.0+x

get_version_ex

The get_version_ex API returns the extended version of the AP Python in use. The extended version consists of the AP Python version number and the Core version.

Note:
You do not need to create a session for invoking the get_version_ex API.
The Core version is a sub-module which is required for troubleshooting protector issues.

def get_version_ex(self)

Note: Do not pass the self parameter while invoking the API.

Parameters

None

Returns

String: The product version of the installed AP Python and the Core version.

Exceptions

None

Example

In the following example, the current version of the AP Python and the Core version is retrieved.

from appython import Protector
protector = Protector()
print(protector.get_version_ex())

Result

SDK Version: 10.0.0+x, Core Version: 2.1.1+20.g78ac6ac.2.1

check_access

The check_access API returns the access permission status of the user for a specified data element.

For checking protect and unprotect access:

def check_access(self, DE, access_type)

For checking reprotect access:

def check_access(self, DE, access_type, newDE)

Note: Do not pass the self parameter while invoking the API.

Parameters

DE: String containing the data element name defined in the policy.
access_type: Type of the access permission of the user for the specified data element. You can specify a value for this parameter from the CheckAccessType enumeration.
The following are the different values for the CheckAccessType enumeration:

Access Type	Check Access Type
PROTECT	2
REPROTECT	4
UNPROTECT	8
newDE: String containing the new data element name defined in the policy.

Returns

True: The user has access to the data element.
False: The user does not have access to the data element.

Exceptions

ProtectorError: This exception is thrown if the API is unable to retrieve the default data element.
InvalidSessionError: This exception is thrown if the session is invalid or has timed out.

Example

In the following example, the check_access API is used to check whether the user has reprotect permissions for the TE_A_N_S23_L2R2_Y token data element with TE_A_N_S23_L3R3_Y as the new token data element.

from appython import Protector
from appython import CheckAccessType
protector = Protector()
session = protector.create_session("User1")
print(session.check_access("TE_A_N_S23_L2R2_Y", 
 CheckAccessType.REPROTECT, "TE_A_N_S23_L3R3_Y"))

Result

True

flush_audits

The flush_audits API is used for flushing the audit logs at any point within the application. This API is required for a short running process that lasts less than a second, to get the audit logs. It is recommended to invoke the API at the point where the application exits.

def flush_audits(self)

Note: Do not pass the self parameter while invoking the API.

Parameters

None

Returns

None

Exceptions

ProtectorError: This exception is thrown if the API is unable to flush the audit logs.

Example

In the following example, the flush_audits API is used to flush the audit logs.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "Alpha_Num")
print("Protected Data: %s" %output)
session.flush_audits()

protect

The protect API protects the data using tokenization, data type preserving encryption, No Encryption, or encryption data element. It supports both single and bulk protection without a maximum bulk size limit. However, you are recommended not to pass more than 1 MB of input data for each protection call.

For String and Byte data types, the maximum length for tokenization is 4096 bytes, while no maximum length is defined for encryption.

def protect(self, data, de, **kwargs)

Note: Do not pass the self parameter while invoking the API.

Parameters

data: Data to be protected. You can provide the data of any type that is supported by the AP Python. For example, you can specify data of type string, float, or integer. However, you cannot provide the data of multiple data types at the same time in a bulk call.
de: String containing the data element name defined in policy.
**kwargs: Specify one or more of the following keyword arguments: - external_iv: Specify the external initialization vector for Tokenization and FPE protection methods. This argument is optional.
- encrypt_to: Specify this argument for encrypting the data and set its value to bytes. This argument is Mandatory. It must not be used for Tokenization and FPE protection methods.
- external_tweak: Specify the external tweak value for FPE protection method. This argument is optional.
- charset: This is an optional argument. It indicates the byte order of the input buffer. You can specify a value for this argument from the charset constants, such as, UTF8, UTF16LE, or UTF16BE. The default value for the charset argument is UTF8. The charset argument is only applicable for the input data of byte type. The charset parameter is mandatory for the data elements created with Unicode Gen2 tokenization method and the FPE encryption method for byte APIs. The encoding set for the charset parameter must match the encoding of the input data passed.

Note: Keyword arguments are case sensitive.

Returns

For single data: Returns the protected data
For bulk data: Returns a tuple of the following data:
- List or tuple of the protected data
- Tuple of error codes

Exceptions

InvalidSessionError: This exception is thrown if the session is invalid or has timed out.
ProtectError: This exception is thrown if the API is unable to protect the data.

If the protect API is used with bulk data, then it does not throw any exception. Instead, it only returns an error code.
For more information about the return codes, refer to Application Protector Return Codes.

Example - Tokenizing String Data

The examples for using the protect API for tokenizing the string data are described in this section.

Example 1: Input string data
In the following example, the Protegrity1 string is used as the data, which is tokenized using the TE_A_N_S23_L2R2_Y Alpha Numeric data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %output)

Result

Protected Data: Pr9zdglWRy1

Example 2: Input string data using session as Context Manager
In the following example, the Protegrity1 string is used as the data, which is tokenized using the TE_A_N_S23_L2R2_Y Alpha Numeric data element.

from appython import Protector
protector = Protector()
with protector.create_session("User1") as session:
    output = session.protect("Protegrity1", "TE_A_N_S23_L2R2_Y")
    print("Protected Data: %s" %output)

Result

Protected Data: Pr9zdglWRy1

Example 3: Input date passed as a string
In the following example, the 29/05/1998 string is used as the data, which is tokenized using the TE_Date_DMY_S13 Date data element.
If a date string is provided as input, then the data element with the same tokenization type as the input date format must be used to protect the data. For example, if you have provided the input date string in DD/MM/YYYY format, then you must use only the Date (DD/MM/YYYY) data element to protect the data.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("29/05/1998", "TE_Date_DMY_S13")
print("Protected data: "+str(output))

Result

Protected data: 08/07/2443

Example 4: Input date and time passed as a string
In the following example, the 1998/05/29 10:54:47 string is used as the data, which is tokenized using the TE_Datetime_TN_DN_M Datetime data element.
If a date and time string is provided as input, then the data element with the same tokenization type as the input format must be used for data protection. For example, if the input date and time string in YYYY/MM/DD HH:MM:SS MMM format is provided, then only the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element must be used to protect the data.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("1998/05/29 10:54:47", "TE_Datetime_TN_DN_M")
print("Protected data: "+str(output))

Result

Protected data: 3311/02/22 10:54:47

Example - Tokenizing String Data with External Initialization Vector (IV)

The example for using using the protect API for tokenizing string data using external initialization vector (IV) is described in this section.

If you want to pass the external IV as a keyword argument to the protect API, then you must first pass the external IV as bytes to the API.

Example
In this example, the Protegrity1 string is used as the data tokenized using the TE_A_N_S23_L2R2_Y data element, with the help of the external IV 1234 passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "TE_A_N_S23_L2R2_Y", 
external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: PrksvEshuy1

Example - Encrypting String Data

The example for using the protect API for encrypting the string data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into the string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, the Protegrity1 string is used as the data, which is encrypted using the AES256_IV_CRC_KID data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "AES256_IV_CRC_KID", 
 encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b'#▒>▒gךڭm▒A΅,i=▒w▒▒▒▒'

Example - Protecting String Data Using Format Preserving Encryption (FPE)

The example for using the protect API to protect the string data using Format Preserving Encryption (FPE) (FF1) is described in this section.

Example
In the following example, the protegrity1234ÀÁÂÃÄÅÆÇÈÉ string is used as the data, which is protected using the FPE data element FPE_FF1_AES256_ID_AN_LnRn_ASTNE.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("protegrity1234ÀÁÂÃÄÅÆÇÈÉ", 
 "FPE_FF1_AES256_ID_AN_LnRn_ASTNE")
print("Protected Data: %s" %output)

Result

Protected Data: NRejBkN7LcBOT4ÀÁÂÃÄÅÆÇÈÉ

Example - Protecting String Data Using FPE with External IV and External Tweak

This section describes how to use the protect API for protecting string data using FPE (FF1), with external IV and external tweak is described in this section.

If the external IV and external tweak are passed as keyword arguments to the protect API, then the external IV and external tweak must be passed as bytes.

Example
In this example, the protegrity1234 string is used as the data, which is protected using the FPE data element FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2. It is used along with the external IV 1234 and external tweak abcdef that are passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("protegrity1234", 
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", external_iv=bytes("1234",
 encoding="utf-8"), 
 external_tweak=bytes("abcdef", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: prS6DaU5Dtd5g4

Example - Tokenizing Bulk String Data

The example for using the protect API for tokenizing bulk string data is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
(['prMLJsM8fZUp34', 'Pr9zdglWRy1', 'Pra9Ez5LPG56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example 2: Input bulk string data
In Example 1, the protected output was a tuple of the tokenized data and the error list. This example shows how the code can be tweaked to ensure that the protected output and the error list are retrieved separately, and not as part of a tuple.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out, error_list = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)
print("Error List: ")
print(error_list)

Result

Protected Data: 
['prMLJsM8fZUp34', 'Pr9zdglWRy1', 'Pra9Ez5LPG56']
Error List: 
(6, 6, 6)

6 is the success return code for the protect operation of each element in the list.

Example 3: Input dates passed as bulk strings
In the following example, the 14/02/2019 and 11/03/2018 strings are stored in a list and used as bulk data, which is tokenized using the TE_Date_DMY_S13 Date data element.

If a date string is provided as input, then the data element with the same tokenization type as the input date format must be used to protect the data. For example, if you have provided the input date string in DD/MM/YYYY format, then you must use only the Date (DD/MM/YYYY) data element to protect the data.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["14/02/2019", "11/03/2018"]
output = session.protect(data, "TE_Date_DMY_S13")
print("Protected data: "+str(output))

Result

Protected data: (['08/07/2443', '17/08/1830'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Example 4: Input date and time passed as bulk strings
In the following example, the 2019/02/14 10:54:47 and 2019/11/03 11:01:32 strings is used as the data, which is tokenized using the TE_Datetime_TN_DN_M Datetime data element.

If a date and time string is provided as input, then the data element with the same tokenization type as the input format must be used for data protection. For example, if you have provided the input date and time string in YYYY/MM/DD HH:MM:SS MMM format, then you must use only the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element to protect the data.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["2019/02/14 10:54:47", "2019/11/03 11:01:32"]
output = session.protect(data, "TE_Datetime_TN_DN_M")
print("Protected data: "+str(output))

Result

Protected data: (['3311/02/22 10:54:47', '3311/11/02 11:01:32'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Bulk String Data with External IV

The example for using the protect API for tokenizing bulk string data using external IV is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass external IV as bytes.

Example
In this example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data. This bulk data is tokenized using the TE_A_N_S23_L2R2_Y data element, with the help of external IV 123 that is passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y", 
 external_iv=bytes("123", encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
(['prv0WozsSjbS34', 'PrtigABOCy1', 'PrvjDdC2TD56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Protecting Bulk String Data Using FPE

The example for using the protect API for protecting bulk string data using FPE (FF1) is described in this section. The bulk string data can be passed as a list or a tuple. Caution: The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data, "FPE_FF1_AES256_APIP_AN_LnRn_ASTNE")
print("Protected Data: ")
print(p_out)

Result

Protected Data:
([u'MG01UHDQ8VyON3\xc0\xc1', u'8APfLh3W9TY\xc6\xc7\xc8', u'4XYdSFURF4bV\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Protecting Bulk String Data Using FPE with External IV and External Tweak

The example for using the protect API for protecting the bulk str ing data using FPE (FF1), with external IV and external tweak is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If the external IV and external tweak are passed as keyword arguments to the protect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, protegrity1234ÀÁ, Protegrity1ÆÇÈ, and Protegrity56ÀÁÂÃÄÅ strings are stored in a list and used as bulk data. This bulk data is protected using the FPE data element FPE_FF1_AES256_APIP_AN_LnRn_ASTNE, with the help of external IV 1234 and external tweak xyz that are passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data, "FPE_FF1_AES256_APIP_AN_LnRn_ASTNE",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("xyz",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data:
([u'WwR5aK2BMoUlcz\xc0\xc1', u'nW6lqjd7NGR\xc6\xc7\xc8', u'o6eBUZDNuyWU\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Integer Data

The example for using the protect API for tokenizing integer data is described in this section.

Example
In the following example, 21 is used as the integer data, which is tokenized using the TE_INT_4 data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(21, "TE_INT_4")
print("Protected Data: %s" %output)

Result

Protected Data: -1926573911

Example - Tokenizing Integer Data with External IV

The example for using the protect API for tokenizing integer data using the external IV is described in this section.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

Example
In this example, 21 is used as the integer data, which is tokenized using the TE_INT_4 data element, with the help of external IV 1234 passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(21, "TE_INT_4", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: -2122057622

Example - Encrypting Integer Data

The example for using the protect API for encrypting integer data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, 21 is used as the integer data, which is encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(21, "AES256", encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b'@▒u▒▒▒p▒▒k▒N▒'

Example - Tokenizing Bulk Integer Data

The example for using the protect API for tokenizing bulk integer data is described in this section. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is tokenized using the TE_INT_4 data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "TE_INT_4")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([-1926573911, -1970496120, -814489753], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Bulk Integer Data with External IV

The example for using the protect API for tokenizing bulk integer data using external IV is described in this section. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "TE_INT_4", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([-2122057622, 1795905968, 228587043], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Encrypting Bulk Integer Data

The example for using the protect API for encrypting bulk integer data is described in this section. The bulk integer data can be passed as a list or a tuple.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'@\x19\xccu\x04\xc7\xd8\xc1p\xad\xa7\x1fk\xe4N\xd0', b'"@\xec\x97(\x96\xab\x18\xd0\x99\xd4~\x1e\xf4\xba\xd1', b'y\xec\x9b+f\xa8\xb1I\xc2=[\x11\xfd\x06\xa1C'], (6,
 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Long Data

The example for using the protect API for tokenizing long data is described in this section.

Example
In the following example, 1376235139103947 is used as the long data, which is tokenized using the TE_INT_8 data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(1376235139103947, "TE_INT_8")
print("Protected Data: %s" %output)

Result

Protected Data: -1770169866845757900

Example - Tokenizing Long Data with External IV

The example for using the protect API for tokenizing long data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the protect API, then you must use bytes in the encrypt_to keyword.

Example
In this example, 1376235139103947 is used as the long data, which is tokenized using the TE_INT_8 data element, with the help of external IV 1234 passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(1376235139103947, "TE_INT_8",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: 5846214101577367207

Example - Encrypting Long Data

The example for using the protect API for encrypting long data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, 1376235139103947 is used as the long data, which is encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(1376235139103947, "AES256", encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b'#Ds####wp0Xl<\'

Example - Tokenizing Bulk Long Data

The example for using the protect API for tokenizing bulk long data is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "TE_INT_8")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([-1770169866845757900L, -8142006510957348982L, -206876567049699669L], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Bulk Long Data with External IV

The example for using the protect API for tokenizing bulk long data using external IV is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV and external tweak as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "TE_INT_8", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([5846214101577367207L, 5661139619224336475L, 7806173497368534531L], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Encrypting Bulk Long Data

The example for using the protect API for encrypting bulk long data is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'\xd5Ds\xb3\xfb\x95\xf2wp0Xl<\\\x1a\x07', b'\xaf\x05aq\xb6\xcd,L`JC4\x87\x87\t\x0b',
 b']j@*S\x96\xf5\xf5S<\x08M\xa6\x18\xbf\xda'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Protecting Float Data

The example for using the protect API for protecting float data using a No Encryption data element is described in this section. This API can be used for access control and auditing.

Example
In the following example, 22.5 is used as the float data, which is protected using the NoEncryption_1 data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(22.5, "NoEncryption_1")
print("Protected Data: %s" %output)

Result

Protected Data: 22.5

As we are using a No Encryption data element to protect the data, the protected output data is the same as the input data.

Example - Protecting Bulk Float Data

The example for using the protect API for protecting bulk float data using a No Encryption data element is described in this section. The bulk float data can be passed as a list or a tuple. This API can be used for access control and auditing.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is protected using the NoEncryption_1 data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "NoEncryption_1")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

As we are using a No Encryption data element to protect the data, the protected output data is the same as the input data.

Example - Encrypting Bulk Float Data

The example for using the protect API for encrypting bulk float data is described in this section. The bulk float data can be passed as a list or a tuple.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'g.O\xd8\x8b\x12\x89\x15Vk\x88\xbe\xf4;\x18>', b'.\xb0Q\xb9\xc9\xca\xba\xc2\xcb8\xfe\xd8\xf4q\x00\xb8', b'\xb6x\xf4\x94l9\xe6uaN\x83\x8d\n\x98\n;'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Bytes Data

The example for using the protect API for tokenizing bytes data is described in this section.

Example
In the following example, “Protegrity1” string is first converted to bytes using the Python bytes() method. The bytes data is then tokenized using the TE_A_N_S23_L2R2_Y data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %p_out)

Result

Protected Data: b'Pr9zdglWRy1'

Example - Tokenizing Bytes Data with External IV

The example for using the protect API for tokenizing bytes data using external IV is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
output = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: b'PrksvEshuy1'

Example - Encrypting Bytes Data

The example for using the protect API for encrypting bytes data is described in this section.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, “Protegrity1” string is first converted to bytes using the Python bytes() method. The bytes data is then encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "AES256", encrypt_to = bytes)
print("Encrypted Data: %s" %p_out)

Result

Encrypted Data: b't####+4Lq##ۏx'

Example - Tokenizing Bulk Bytes Data

The example for using the protect API for tokenizing bulk bytes data. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding="UTF-8"), bytes("Protegrity1",
 encoding="UTF-8"), bytes("Protegrity56", encoding="UTF-8")]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([b'prMLJsM8fZUp34', b'Pr9zdglWRy1', b'Pra9Ez5LPG56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Bulk Bytes Data with External IV

The example for using the protect API for r tokenizing bulk bytes data using external IV is described in this section. The bulk bytes data can be passed as a list or a tuple.
The individual elements of the list or tuple must be of the same data type.

Example - Encrypting Bulk Bytes Data

The example for using the protect API for encrypting bulk bytes data is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding="UTF-8"), bytes("Protegrity1",
 encoding="UTF-8"), bytes("Protegrity56", encoding="UTF-8")]
p_out = session.protect(data, "AES256", encrypt_to = bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'\xc9^x\x02)\xcbB\x91}\x7fi\x8a\xce\x8d>H', b't\x80\xf5\x8d\x9e\x0b+4Lq\x8a\x97\xdb
\x8fx\x16', b'\x87\x08\x938\xf7o~\xab\xa3\xc2L\xa90>\x18_'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Bytes Data

The example for using the protect API for tokenizing bytes data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %p_out)

In the following example, “Protegrity1” string is first converted to bytes using the Python bytes() method. The bytes data is then tokenized using the UnicodeGen2_BasicAlphaNum data element.

from appython import Protector
from appython import Charset
session = protector.create_session("User1")
data = bytes("Protegrity1", encoding="utf-16le")
p_out = session.protect(data, "UnicodeGen2_BasicAlphaNum", encrypt_to=bytes, charset=Charset.UTF16LE)
print("Protected Data: %s" %p_out)

Result

Protected Data: b'Pr9zdglWRy1'

Example - Tokenizing Bytes Data with External IV

The example for using the protect API for tokenizing bytes data using external IV is described in this section.

Example

In the following example, “Protegrity1” string is first converted to bytes using the Python bytes() method. The bytes data is then tokenized using the TE_A_N_S23_L2R2_Y data element, with the help of external IV 1234 that is passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
output = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: b'PrksvEshuy1'

Example - Tokenizing Bytes Data with External IV

The example for using the protect API for tokenizing bytes data using external IV is described in this section.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
output = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: b'PrksvEshuy1'

Example - Tokenizing Bulk Bytes Data

The example for using the protect API for tokenizing bulk bytes data is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding="UTF-8"), bytes("Protegrity1",
 encoding="UTF-8"), bytes("Protegrity56", encoding="UTF-8")]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([b'prMLJsM8fZUp34', b'Pr9zdglWRy1', b'Pra9Ez5LPG56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Bulk Bytes Data with External IV

The example for using the protect API for tokenizing bulk bytes data using external IV is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding="UTF-8"), bytes("Protegrity1",
 encoding="UTF-8"), bytes("Protegrity56", encoding="UTF-8")]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([b'prbm147L5pc434', b'PrksvEshuy1', b'Prmx0hG8Nj56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Encrypting Bulk Bytes Data

The example for using the protect API for encrypting bulk bytes data is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example

In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are first converted to bytes using the Python bytes() method. The converted bytes are then stored in a list and used as bulk data, which is encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding="UTF-8"), bytes("Protegrity1",
 encoding="UTF-8"), bytes("Protegrity56", encoding="UTF-8")]
p_out = session.protect(data, "AES256", encrypt_to = bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'\xc9^x\x02)\xcbB\x91}\x7fi\x8a\xce\x8d>H', b't\x80\xf5\x8d\x9e\x0b+4Lq\x8a\x97\xdb
\x8fx\x16',  b'\x87\x08\x938\xf7o~\xab\xa3\xc2L\xa90>\x18_'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Date Objects

The examples for using the protect API for tokenizing the date objects are described in this section.

If a date string is provided as input, then the data element with the same tokenization type as the input format must be used for data protection. For example, if you have provided the input date object in DD/MM/YYYY format, then you must use only the Date (DD/MM/YYYY) data element to protect the data.

Example 1: Input date object in DD/MM/YYYY format
In the following example, the 29/05/1998 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then tokenized using the TE_Date_DMY_S13 data element.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data = datetime.strptime("29/05/1998", "%d/%m/%Y").date()
print("Input date as a Date object : "+str(data))
p_out = session.protect(data, "TE_Date_DMY_S13")
print("Protected date: "+str(p_out))

Result

Input date as a Date object : 1998-05-29
Protected date: 1896-10-21

Example 2: Input date object in MM/DD/YYYY format

In the following example, the 05/29/1998 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then tokenized using the TE_Date_MDY_S13 data element.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data = datetime.strptime("05/29/1998", "%m/%d/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "TE_Date_MDY_S13")
print("Protected date: "+str(p_out))

Result

Input date as a Date object : 1998-05-29
Protected date: 2037-06-12

Example 3: Input date object in YYYY/DD/MM format
In the following example, the 1998/05/29 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then tokenized using the TE_Date_YMD_S13 data element.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data = datetime.strptime("1998/05/29", "%Y/%m/%d").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "TE_Date_YMD_S13")
print("Protected date: "+str(p_out))

Result

Input date as a Date object : 1998-05-29
Protected date: 2615-12-23

Example - Tokenizing Bulk Date Objects

The example for using the protect API for tokenizing bulk date objects is described in this section. The bulk date objects can passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If a date object is provided as input, then the data element with the same tokenization type as the input date format must be used to protect the data. For example, if you have provided the input date object in DD/MM/YYYY format, then you must use only the Date (DD/MM/YYYY) data element to protect the data.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data1 = datetime.strptime("12/02/2019", "%d/%m/%Y").date()
data2 = datetime.strptime("11/01/2018", "%d/%m/%Y").date()
data = [data1, data2]
print("Input data: ", str(data))
p_out = session.protect(data, "TE_Date_DMY_S13")
print("Protected data: "+str(p_out))

Result

Input data: [datetime.date(2019, 2, 12), datetime.date(2018, 1, 11)]
Protected data: ([datetime.date(1896, 10, 21), datetime.date(696, 3, 1)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Tokenizing Unicode Data

The example for using the protect API for tokenizing unicode data is described in this section.

Example
In the following example, the u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’ unicode data is used as the input data, which is tokenized using the TE_A_N_S23_L2R2_Y data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %output)

Result

Protected Data:prZeslalwuQQy3ÀÁÂÃÄÅÆÇÈÉ

Example - Encrypting Unicode Data

The example for using the protect API for encrypting unicode data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, the u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’ unicode data is used as the input data, which is encrypted using the AES256_IV_CRC_KID data element.
Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', "AES256_IV_CRC_KID", 
 encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b' ##+###>##{4Az#V#O##K#c#######\1W#~&ng%-##'

Example - Tokenizing Bulk Unicode Data

The example for using the protect API for tokenizing bulk unicode data is described in this section. The bulk unicode data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', u'Protegrity1ÆÇÈÉÀÁÂÃÄÅ', u'Protegrity56ÇÅÆÈÉÂÃ']
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([u'prZeslalwuQQy3\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9',  u'PrVt6rfyW81\xc6\xc7\xc8\xc9\xc0\xc1\xc2\xc3\xc4\xc5', u'PrFgczleNkNG\xc7\xc5\xc6\xc8\xc9\xc2\xc3'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Encrypting Bulk Unicode Data

The example for using the protect API for encrypting bulk unicode data is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

Example
In the following example, u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’, u’Protegrity1ÆÇÈÉÀÁÂÃÄÅ’, and u’Protegrity56ÇÅÆÈÉÂÃ’ unicode data are stored in a list and used as bulk data, which is encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', u'Protegrity1ÆÇÈÉÀÁÂÃÄÅ', u'Protegrity56ÇÅÆÈÉÂÃ']
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'F2\xd2\xddR\xda\x9e7#\xfc\xe6\xe2Ore\x18>=\x87\xfc\xea\x9c\xb8\x94\x9e$M?\x9a\xec\xefO5\xc3\x8fjun\xe3\r4\x0f\xedD76\xe4\xfa', b'\x9f\xc0}G\x12\x1bu\x02\xfdMO\x8e\x01\xb6\x0f\xf5\xbbi\xbe\xc9\x11J\x1c\xa4\x12\x1e\xf0\xbeA\x19\xa4\xc3', b'G\xa3(\xee
\xb7\x81m\xfc\x96-I\xa2\x9eGt\xcc\x0b-\x97\xc73\x00O\xdc\xfb\t.\xfa=\x99:\xe7'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

unprotect

This function returns the data in its original form.

def unprotect(self, data, de, **kwargs)

Do not pass the self parameter while invoking the API.

Parameters

data: Data to be unprotected.
de: String containing the data element name defined in policy.
**kwargs: Specify one or more of the following keyword arguments: - external_iv: Specify the external initialization vector for Tokenization and FPE protection methods. This argument is optional.
- decrypt_to: Specify this argument for decrypting the data and set its value to the data type of the original data. For example, if you are unprotecting a string data, then you must specify the output data type as str. This argument is Mandatory. This argument must not be used for Tokenization and FPE protection methods. The possible values for the decrypt_to argument are: - str - int - long - float - bytes
- external_tweak: Specify the external tweak value for FPE protection method. This argument is optional.
- charset: This is an optional argument. It indicates the byte order of the input buffer. You can specify a value for this argument from the charset constants, such as, UTF8, UTF16LE, or UTF16BE. The default value for the charset argument is UTF8. The charset argument is only applicable for the input data of byte type. The charset parameter is mandatory for the data elements created with Unicode Gen2 tokenization method and the FPE encryption method for byte APIs. The encoding set for the charset parameter must match the encoding of the input data passed.

Keyword arguments are case sensitive.

Returns

For single data: Returns the unprotected data
For bulk data: Returns a tuple of the following data:
- List or tuple of the unprotected data
- Tuple of error codes

Exceptions

InvalidSessionError: This exception is thrown if the session is invalid or has timed out.
ProtectError: This exception is thrown if the API is unable to protect the data.

If the unprotect API is used with bulk data, then it does not throw any exception. Instead, it only returns an error code.
For more information about the return codes, refer to Application Protector API Return Codes.

Example - Detokenizing String Data

The examples for using the unprotect API for retrieving the original string data from the token data are described in this section.

Example 1: Input string data
In the following example, the Protegrity1 string that was tokenized using the TE_A_N_S23_L2R2_Y data element, is now detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %output)
org = session.unprotect(output, "TE_A_N_S23_L2R2_Y")
print("Unprotected Data: %s" %org)

Result

Protected Data: Pr9zdglWRy1
Unprotected Data: Protegrity1

Example 2: Input date passed as a string
In the following example, the 29/05/1998 string that was tokenized using the TE_Date_DMY_S13 Date data element, is now detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("29/05/1998", "TE_Date_DMY_S13")
print("Protected data: "+str(output))
org = session.unprotect(output, "TE_Date_DMY_S13")
print("Unprotected data: "+str(org))

Result

Protected data: 08/07/2443
Unprotected data: 29/05/1998

Example 3: Input date and time passed as a string
In the following example, the 1998/05/29 10:54:47 string that was tokenized using the TE_Datetime_TN_DN_M Datetime data element is now detokenized using the same data element.

If a date and time string is provided as input, then the data element with the same tokenization type as the input format must be used for data protection. For example, if the input date and time string in YYYY/MM/DD HH:MM:SS MMM format is provided, then only the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element must be used to protect the data.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("1998/05/29 10:54:47", "TE_Datetime_TN_DN_M")
print("Protected data: "+str(output))
org = session.unprotect(output, "TE_Datetime_TN_DN_M")
print("Unprotected data: "+str(org))

Result

Protected data: 3311/02/22 10:54:47
Unprotected data: 1998/05/29 10:54:47

Example - Detokenizing String Data with External IV

The example for using the unprotect API for retrieving the original string data from token data, using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, the Protegrity1 string that was tokenized using the TE_A_N_S23_L2R2_Y data element and the external IV 1234 is now detokenized using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "TE_A_N_S23_L2R2_Y", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, "TE_A_N_S23_L2R2_Y", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: PrksvEshuy1
Unprotected Data: Protegrity1

Example - Decrypting String Data

The example for using the unprotect API for decrypting string data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, the Protegrity1 string that was encrypted using the AES256_IV_CRC_KID data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to str.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "AES256_IV_CRC_KID", 
 encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "AES256_IV_CRC_KID", decrypt_to=str)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'#▒>▒gךڭm▒A΅,i=▒w▒▒▒▒'
Decrypted Data: Protegrity1

Example - Unprotecting String Data Using FPE

The example for using the unprotect API for unprotecting string data using FPE (FF1) is described in this section.

Example
In the following example, the protegrity1234ÀÁÂÃÄÅÆÇÈÉ string that was protected using the FPE_FF1_AES256_ID_AN_LnRn_ASTNE data element, is now unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("protegrity1234ÀÁÂÃÄÅÆÇÈÉ", 
 "FPE_FF1_AES256_ID_AN_LnRn_ASTNE")
print("Protected Data: %s" %output)
org = session.unprotect(output, "FPE_FF1_AES256_ID_AN_LnRn_ASTNE")
print("Unprotected Data: %s" %org)

Result

Protected Data: NRejBkN7LcBOT4ÀÁÂÃÄÅÆÇÈÉ
Unprotected Data: protegrity1234ÀÁÂÃÄÅÆÇÈÉ

Example - Unprotecting String Data Using FPE with External IV and External Tweak

The example for using the unprotect API for unprotecting string data using FPE (FF1), with external IV and tweak is described in this section.

If the external IV and external tweak are passed as keyword arguments to the protect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, the protegrity1234 string that was protected using the FPE_FF1_AES256_ID_AN_LnRn_ASTNE data element, is now unprotected using the same data element, external IV, and external tweak.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("protegrity1234", 
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", external_iv=bytes("1234", encoding="utf-8"), 
 external_tweak=bytes("abcdef", encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, 
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", external_iv=bytes("1234", encoding="utf-8"), 
 external_tweak=bytes("abcdef", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: prS6DaU5Dtd5g4
Unprotected Data: protegrity1234

Example - Detokenizing Bulk String Data

The examples for using the unprotect API for retrieving the original bulk string data from the token data are described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "TE_A_N_S23_L2R2_Y")
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
(['prMLJsM8fZUp34', 'Pr9zdglWRy1', 'Pra9Ez5LPG56'], (6, 6, 6))
Unprotected Data: 
(['protegrity1234', 'Protegrity1', 'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example 2: Input bulk string data
In Example 1, the unprotected output was a tuple of the detokenized data and the error list. This example shows how the code can be tweaked to ensure that the unprotected output and the error list are retrieved separately, and not as part of a tuple.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = protegrity1234
data = [data]*5
p_out, error_list = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)
print("Error List: ")
print(error_list)
org, error_list = session.unprotect(p_out, "TE_A_N_S23_L2R2_Y")
print("Unprotected Data: ")
print(org)
print("Error List: ")
print(error_list)

Result

Protected Data:
['prMLJsM8fZUp34', 'prMLJsM8fZUp34', 'prMLJsM8fZUp34', 'prMLJsM8fZUp34',
 'prMLJsM8fZUp34']
Error List:
(6, 6, 6, 6, 6)
Unprotected Data:
['protegrity1234', 'protegrity1234', 'protegrity1234', 'protegrity1234',
 'protegrity1234']
Error List:
(8, 8, 8, 8, 8)

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["14/02/2019", "11/03/2018"]
output = session.protect(data, "TE_Date_DMY_S13")
print("Protected data: "+str(output))
Confidential 165
Protegrity APIs, UDFs, Commands Reference Guide 9.1.0.0 Application Protector
org = session.unprotect(output[0], "TE_Date_DMY_S13")
print("Unprotected data: "+str(org))

Result

Protected data: (['08/07/2443', '17/08/1830'], (6, 6))
Unprotected data: (['14/02/2019', '11/03/2018'], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["2019/02/14 10:54:47", "2019/11/03 11:01:32"]
output = session.protect(data, "TE_Datetime_TN_DN_M")
print("Protected data: "+str(output))
org = session.unprotect(output[0], "TE_Datetime_TN_DN_M")
print("Unprotected data: "+str(org))

Result

Protected data: (['3311/02/22 10:54:47', '3311/11/02 11:01:32'], (6, 6))
Unprotected data: (['2019/02/14 10:54:47', '2019/11/03 11:01:32'], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Bulk String Data with External IV

The example for using the unprotect API for retrieving the original bulk string data from token data using the external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("123", encoding="UTF-8"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("123", encoding="UTF-8"))
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
(['prv0WozsSjbS34', 'PrtigABOCy1', 'PrvjDdC2TD56'], (6, 6, 6))
Unprotected Data: 
(['protegrity1234', 'Protegrity1', 'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Decrypting Bulk String Data

The example for using the unprotect API for decrypting bulk string data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is encrypted using the AES256 data element. The bulk string data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to str.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "AES256", decrypt_to=str)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data: 
([b'\xc9^x\x02)\xcbB\x91}\x7fi\x8a\xce\x8d>H', b't\x80\xf5\x8d\x9e\x0b+4Lq\x8a\x97\xdb\x8fx\x16',b'\x87\x08\x938\xf7o~\xab\xa3\xc2L\xa90>\x18_'], (6, 6, 6))
Decrypted Data: 
(['protegrity1234', 'Protegrity1', 'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.

8 is the success return code for the unprotect operation of each element in the list.

Example - Unprotecting Bulk String Data Using FPE

The example for using the unprotect API for retrieving the original bulk string data from token data using FPE (FF1) is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = sessionr.protect(data, "FPE_FF1_AES256_APIP_AN_LnRn_ASTNE")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "FPE_FF1_AES256_APIP_AN_LnRn_ASTNE")
print("Unprotected Data: ")
print(out)

Result

Protected Data:
([u'MG01UHDQ8VyON3\xc0\xc1', u'8APfLh3W9TY\xc6\xc7\xc8', u'4XYdSFURF4bV\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))
Unprotected Data:
([u'protegrity1234\xc0\xc1', u'Protegrity1\xc6\xc7\xc8',
 u'Protegrity56\xc0\xc1\xc2\xc3\xc4\xc5'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Unprotecting Bulk String Data Using FPE with External IV and External Tweak

This example describes using the unprotect API to retrieve the original bulk string from token data using FPE (FF1) using external IV and external tweak.

If the external IV and external tweak are passed as keyword arguments to the protect API, then the external IV and external tweak must be passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data, "FPE_FF1_AES256_APIP_AN_LnRn_ASTNE",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("xyz",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "FPE_FF1_AES256_APIP_AN_LnRn_ASTNE", 
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("xyz",
 encoding="utf-8"))
print("Unprotected Data: ")
print(out)

Result

Protected Data:
([u'WwR5aK2BMoUlcz\xc0\xc1', u'nW6lqjd7NGR\xc6\xc7\xc8', u'o6eBUZDNuyWU
\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))
Unprotected Data:
([u'protegrity1234\xc0\xc1', u'Protegrity1\xc6\xc7\xc8',
 u'Protegrity56\xc0\xc1\xc2\xc3\xc4\xc5'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Integer Data

The example for using the unprotect API for retrieving the original integer data from token data is described in this section.

Example
In the following example, the integer data 21 that was tokenized using the TE_INT_4 data element, is now detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(21, "TE_INT_4")
print("Protected Data: %s" %output)
org = session.unprotect(output, "TE_INT_4")
print("Unprotected Data: %s" %org)

Result

Protected Data: -2122057622
Unprotected Data: 21

Example - Detokenizing Integer Data with External IV

The example for using the unprotect API for retrieving the original integer data from token data, using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, the integer data 21 that was tokenized using the TE_INT_4 data element and the external IV 1234 is now detokenized using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(21, "TE_INT_4", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, "TE_INT_4", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: -2122057622
Unprotected Data: 21

Example - Decrypting Integer Data

The example for using the unprotect API for decrypting integer data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, the integer data 21 that was encrypted using the AES256 data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to int.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(21, "AES256", encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "AES256", decrypt_to=int)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'@▒u▒▒▒p▒▒k▒N▒'
Decrypted Data: 21

Example - Detokenizing Bulk Integer Data

The example for using the unprotect API for retrieving the original bulk integer data from token data is described in this section.

The AP Python APIs support integer values only between -2147483648 and 2147483648, both inclusive.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is tokenized using the TE_INT_4 data element. The bulk integer data is then detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "TE_INT_4")
print("Protected Data: ")
print(p_out)
Confidential 170
Protegrity APIs, UDFs, Commands Reference Guide 9.1.0.0 Application Protector
out = session.unprotect(p_out[0], "TE_INT_4")
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
([-1926573911, -1970496120, -814489753], (6, 6, 6))
Unprotected Data: 
([21, 42, 55], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Bulk Integer Data with External IV

The example for using the unprotect API for retrieving the original bulk integer data from token data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In this example, 21, 42, and 55 integers are stored in a list and used as bulk data. This bulk data is tokenized using the TE_INT_4 data element, with the help of external IV 1234 that is passed as bytes.The bulk integer data is then detokenized using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "TE_INT_4", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "TE_INT_4", external_iv=bytes("1234",  encoding="utf-8"))
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
([-2122057622, 1795905968, 228587043], (6, 6, 6))
Unprotected Data: 
([21, 42, 55], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Decrypting Bulk Integer Data

The example for using the unprotect API for decrypting bulk integer data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is encrypted using the AES256 data element. The bulk integer data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to int.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "AES256", decrypt_to=int)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data: 
([b'@\x19\xccu\x04\xc7\xd8\xc1p\xad\xa7\x1fk\xe4N\xd0', b'"@\xec\x97(\x96\xab\x18\xd0\x99\xd4~\x1e\xf4\xba\xd1', b'y\xec\x9b+f\xa8\xb1I\xc2=[\x11\xfd\x06\xa1C'], (6,
 6, 6))
Decrypted Data: 
([21, 42, 55], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Long Data

The example for using the unprotect API for retrieving the original long data from the token data is described in this section.

Example
In the following example, the long data 1376235139103947 that was tokenized using the TE_INT_8 data element, is now detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(1376235139103947, "TE_INT_8")
print("Protected Data: %s" %output)
org = session.unprotect(output, "TE_INT_8")
print("Unprotected Data: %s" %org)

Result

Protected Data: -1770169866845757900
Unprotected Data: 1376235139103947

Example - Detokenizing Long Data with External IV

The example for using the unprotect API for retrieving the original long data from the token data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In this example, the long data 1376235139103947 was tokenized using the TE_INT_8 data element and the external IV 1234. It is now detokenized using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(1376235139103947, "TE_INT_8", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, "TE_INT_8", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: 5846214101577367207
Unprotected Data: 1376235139103947

Example - Decrypting Long Data

The example for using the unprotect API for decrypting long data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, the long data 1376235139103947 that was encrypted using the AES256 data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to long.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(1376235139103947, "AES256", encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "AES256", decrypt_to=int)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'#Ds####wp0Xl<\'
Decrypted Data: 1376235139103947

Example - Detokenizing Bulk Long Data

The example for using the unprotect API for retrieving the original bulk long data from the token data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "TE_INT_8")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "TE_INT_8")
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
([-1770169866845757900L, -8142006510957348982L, -206876567049699669L], (6, 6, 6))
Unprotected Data: 
([1376235139103947L, 2396235839173981L, 9371234126176985L], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Bulk Long Data with External IV

The example for using the unprotect API for retrieving the original bulk long data from the token data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In this example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is tokenized using the TE_INT_8 data element, with the help of external IV 1234 passed as bytes. The bulk long data is then detokenized using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "TE_INT_8", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "TE_INT_8", external_iv=bytes("1234",
 encoding="utf-8"))
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
([5846214101577367207L, 5661139619224336475L, 7806173497368534531L], (6, 6, 6))
Unprotected Data: 
([1376235139103947L, 2396235839173981L, 9371234126176985L], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Decrypting Bulk Long Data

The example for using the unprotect API for decrypting bulk long data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is encrypted using the AES256 data element. The bulk long data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to long.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "AES256", decrypt_to=int)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data: 
([b'\xd5Ds\xb3\xfb\x95\xf2wp0Xl<\\\x1a\x07', b'\xaf\x05aq\xb6\xcd,L`JC4\x87\x87\t\x0b', b']j@*S\x96\xf5\xf5S<\x08M\xa6\x18\xbf\xda'], (6, 6, 6))
Decrypted Data: 
([1376235139103947L, 2396235839173981L, 9371234126176985L], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Unprotecting Float Data

The example for using the unprotect API for unprotecting float data using a No Encryption data element. This API can be used for access control and auditing.

Example
In the following example, the long data 22.5 that was protected using the NoEncryption_1 data element, is now unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(22.5, "NoEncryption_1")
print("Protected Data: %s" %output)
org = session.unprotect(output, "NoEncryption_1")
print("Unprotected Data: %s" %org)

Result

Protected Data: 22.5
Unprotected Data: 22.5

The input data, the protected output data, and the unprotected data are the same, as we are using a No Encryption data element to protect and unprotect the data.

Example - Decrypting Float Data

The example for using the unprotect API for decrypting float data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, the float data 22.5 that was encrypted using the AES256 data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to float.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(22.5, "AES256", encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "AES256", decrypt_to=float)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'g.O؋#Vk###;>'
Decrypted Data: 22.5

Example - Unprotecting Bulk Float Data

This section describes how to use the unprotect API for unprotecting bulk float data using a No Encryption data element. This API can be used for access control and auditing.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is protected using the NoEncryption_1 data element. The bulk float data is then unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "NoEncryption_1")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "NoEncryption_1")
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))
Unprotected Data: 
([22.5, 48.93, 94.31], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

The input data, the protected output data, and the unprotected data are the same, as we are using a No Encryption data element to protect and unprotect the data.

Example - Decrypting Bulk Float Data

The example for using the unprotect API for decrypting bulk float data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is encrypted using the AES256 data element. The bulk float data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to float.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "AES256", decrypt_to=float)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data: 
([b'g.O\xd8\x8b\x12\x89\x15Vk\x88\xbe\xf4;\x18>', b'.\xb0Q\xb9\xc9\xca\xba\xc2\xcb8\xfe\xd8\xf4q\x00\xb8', b'\xb6x\xf4\x94l9\xe6uaN\x83\x8d\n\x98\n;'], (6, 6, 6))
Decrypted Data: 
([22.5, 48.93, 94.31], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Bytes Data

The example for using the unprotect API for retrieving the original bytes data from the token data is described in this section.

Example
In the following example, the bytes data ‘Protegrity1’ that was tokenized using the TE_A_N_S23_L2R2_Y data element, is now detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %p_out)
org = session.unprotect(p_out, "TE_A_N_S23_L2R2_Y")
print("Unprotected Data: %s" %org)

In the following example, the bytes data ‘Protegrity1’ that was tokenized using the UnicodeGen2_BasicAlphaNum data element, is now detokenized using the same data element.

from appython import Protector
from appython import Charset
session = protector.create_session("User1")
data = bytes("Protegrity1", encoding="utf-16le")
p_out = session.protect(data, "UnicodeGen2_BasicAlphaNum", encrypt_to=bytes, charset=Charset.UTF16LE)
print("Protected Data: %s" %p_out)
org = session.unprotect(p_out, "UnicodeGen2_BasicAlphaNum", decrypt_to=bytes, charset=Charset.UTF16LE)
print("Unprotected Data: %s" %org)

Result

Protected Data: b'Pr9zdglWRy1'
Unprotected Data: b'Protegrity1'

Example - Detokenizing Bytes Data with External IV

The example for using the unprotect API for retrieving the original bytes data from the token data using external IV is described in this section.

Example
In this example, the bytes data ‘Protegrity1’ was tokenized using the TE_A_N_S23_L2R2_Y data element and the external IV 1234. It is now detokenized using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
org = session.unprotect(p_out, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: b'PrksvEshuy1'
Unprotected Data: b'Protegrity1'

Example - Decrypting Bytes Data

The example for using the unprotect API for decrypting bytes data is described in this section.

Example
In the following example, the bytes data b’Protegrity1’ that was encrypted using the AES256 data element, is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: %s" %p_out)
org = session.unprotect(p_out, "AES256", decrypt_to=bytes)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b't####+4Lq##ۏx'
Decrypted Data: b'Protegrity1'

Example - Detokenizing Bulk Bytes Data

The example for using the unprotect API for retrieving the original bulk bytes data from the token data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234"), bytes("Protegrity1"), bytes("Protegrity56")]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)
org = session.unprotect(p_out[0], "TE_A_N_S23_L2R2_Y")
print("Unprotected Data: ")
print(org)

Result

Protected Data: 
([b'prMLJsM8fZUp34', b'Pr9zdglWRy1', b'Pra9Ez5LPG56'], (6, 6, 6))
Unprotected Data: 
([b'protegrity1234', b'Protegrity1', b'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Bulk Bytes Data with External IV

The example for using the unprotect API for retrieving the original bulk bytes data from the token data using external IV is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234"), bytes("Protegrity1"), bytes("Protegrity56")]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234"))
print("Protected Data: ")
print(p_out) 
org = session.unprotect(p_out[0], "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234"))
print("Unprotected Data: ")
print(org)

Result

Protected Data: 
([b'prbm147L5pc434', b'PrksvEshuy1', b'Prmx0hG8Nj56'], (6, 6, 6))
Unprotected Data: 
([b'protegrity1234', b'Protegrity1', b'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Decrypting Bulk Bytes Data

The example for using the unprotect API for decrypting bulk bytes data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding ="UTF-8"), bytes("Protegrity1", encoding
 ="UTF-8"), bytes("Protegrity56", encoding ="UTF-8")]
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
org = session.unprotect(p_out[0], "AES256", decrypt_to=bytes)
print("Decrypted Data: ")
print(org)

Result

Encrypted Data: 
([b'\xc9^x\x02)\xcbB\x91}\x7fi\x8a\xce\x8d>H', b't\x80\xf5\x8d\x9e\x0b+4Lq\x8a\x97\xdb\x8fx\x16', b'\x87\x08\x938\xf7o~\xab\xa3\xc2L\xa90>\x18_'], (6, 6, 6))
Decrypted Data: 
([b'protegrity1234', b'Protegrity1', b'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Date Objects

The example for using the unprotect API for retrieving the original data objects from token data is described in this section.

Example 1: Input date object in DD/MM/YYYY format

In this example, the 12/02/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.

The date object is then tokenized using the TE_Date_DMY_S13 data element, and then detokenized using the same data element.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data = datetime.strptime("12/02/2019", "%d/%m/%Y").date()
print("Input date as a Date object : "+str(data))
p_out = session.protect(data, "TE_Date_DMY_S13")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "TE_Date_DMY_S13")
print("Unprotected date: "+str(unprotected_output))

Result

Input date as a Date object : 2019-02-12
Protected date: 1896-10-21
Unprotected date: 2019-02-12

Example 2: Input date object in MM.DD.YYYY format

In this example, the 02/12/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then tokenized using the TE_Date_MDY_S13 data element, and then detokenized using the same data element.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data = datetime.strptime("02/12/2019", "%m/%d/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "TE_Date_MDY_S13")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "TE_Date_MDY_S13")
print("Unprotected date: "+str(unprotected_output))

Result

Input date as a Date object : 2019-02-12
Protected date: 2037-06-12
Unprotected date: 2019-02-12

Example 3: Input date object in YYYY-MM-DD format

In this example, the 2019/02/12 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then tokenized using the TE_Date_YMD_S13 data element, and then detokenized using the same data element.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data = datetime.strptime("2019/02/12", "%Y/%m/%d").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "TE_Date_YMD_S13")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "TE_Date_YMD_S13")
print("Unprotected date: "+str(unprotected_output))

Result

Input date as a Date object : 2019-02-12
Protected date: 2615-12-23
Unprotected date: 2019-02-12

Example - Detokenizing Bulk Date Objects

The example for using the unprotect API for retrieving the original bulk date objects from the token data is described in this section.

Example: Input as a Date Object
In this example, the 12/02/2019 and 11/01/2018 date strings are used as the data, which are first converted to a date objects using the Python date method of the datetime module. The two date objects are then used to create a list, which is used as the input data.
The input list is then tokenized using the TE_Date_DMY_S13 data element, and then detokenized using the same data element.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data1 = datetime.strptime("12/02/2019", "%d/%m/%Y").date()
data2 = datetime.strptime("11/01/2018", "%d/%m/%Y").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "TE_Date_DMY_S13")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "TE_Date_DMY_S13")
print("Unprotected date: "+str(unprotected_output))

Result

Input data: [datetime.date(2019, 2, 12), datetime.date(2018, 1, 11)]
Protected data: ([datetime.date(1896, 10, 21), datetime.date(696, 3, 1)], (6, 6))
Unprotected date: ([datetime.date(2019, 2, 12), datetime.date(2018, 1, 11)], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Detokenizing Unicode Data

The example for using the unprotect API for retrieving the original unicode data from the token data is described in this section.

Example
In the following example, the u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’ unicode data that was tokenized using the TE_A_N_S23_L2R2_Y data element, is now detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %output)
org = session.unprotect(output, "TE_A_N_S23_L2R2_Y")
print("Unprotected Data: %s" %org)

Result

Protected Data: prZeslalwuQQy3ÀÁÂÃÄÅÆÇÈÉ
Unprotected Data: protegrity1234ÀÁÂÃÄÅÆÇÈÉ

Example - Decrypting Unicode Data

The example for using the unprotect API for decrypting unicode data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, the u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’ unicode data that was encrypted using the AES256_IV_CRC_KID data element is now decrypted using the same data element.

Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to unicode.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', "AES256_IV_CRC_KID", 
 encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "AES256_IV_CRC_KID", decrypt_to=unicode)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b' 8"+[/O##*#wɆ#M#aX#{#B[#u####|E#(R#1##!w#t?V6#Q###W###jG'
Decrypted Data: protegrity1234ÀÁÂÃÄÅÆÇÈÉ

Example - Detokenizing Bulk Unicode Data

The example for using the unprotect API for retrieving the original bulk unicode data from the token data is described in this section.

Example
In the following example, u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’, u’Protegrity1ÆÇÈÉÀÁÂÃÄÅ’, and u’Protegrity56ÇÅÆÈÉÂÃ’ unicode data are stored in a list and used as bulk data, which is tokenized using the TE_A_N_S23_L2R2_Y data element. The bulk unicode data is then detokenized using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', u'Protegrity1ÆÇÈÉÀÁÂÃÄÅ', u'Protegrity56ÇÅÆÈÉÂÃ']
Confidential 183
Protegrity APIs, UDFs, Commands Reference Guide 9.1.0.0 Application Protector
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "TE_A_N_S23_L2R2_Y")
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
([u'prZeslalwuQQy3\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9',  u'PrVt6rfyW81\xc6\xc7\xc8\xc9\xc0\xc1\xc2\xc3\xc4\xc5', u'PrFgczleNkNG\xc7\xc5\xc6\xc8\xc9\xc2\xc3'], (6, 6, 6))
Unprotected Data: 
([u'protegrity1234\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9',  u'Protegrity1\xc6\xc7\xc8\xc9\xc0\xc1\xc2\xc3\xc4\xc5',  u'Protegrity56\xc7\xc5\xc6\xc8\xc9\xc2\xc3'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Example - Decrypting Bulk Unicode Data

The example for using the unprotect API for decrypting bulk unicode data is described in this section.

If you want to decrypt the data, then you must use bytes in the decrypt_to keyword.

Example
In the following example, u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’, u’Protegrity1ÆÇÈÉÀÁÂÃÄÅ’, and u’Protegrity56ÇÅÆÈÉÂÃ’ unicode data are stored in a list and used as bulk data, which is encrypted using the AES256 data element. The bulk unicode data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to unicode.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', u'Protegrity1ÆÇÈÉÀÁÂÃÄÅ', u'Protegrity56ÇÅÆÈÉÂÃ']
p_out = session.protect(data, "AES256", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "AES256", decrypt_to=str)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data: 
([b'F2\xd2\xddR\xda\x9e7#\xfc\xe6\xe2Ore\x18>=\x87\xfc\xea\x9c\xb8\x94\x9e$M?\x9a\xec\xefO5\xc3\x8fjun\xe3\r4\x0f\xedD76\xe4\xfa', b'\x9f\xc0}G\x12\x1bu\x02\xfdMO\x8e\x01\xb6\x0f\xf5\xbbi\xbe\xc9\x11J\x1c\xa4\x12\x1e\xf0\xbeA\x19\xa4\xc3', b'G\xa3(\xee\xb7\x81m\xfc\x96-I\xa2\x9eGt\xcc\x0b-\x97\xc73\x00O\xdc\xfb\t.\xfa=\x99:\xe7'], (6, 6, 6))
Decrypted Data: 
([u'protegrity1234\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9',  u'Protegrity1\xc6\xc7\xc8\xc9\xc0\xc1\xc2\xc3\xc4\xc5',  u'Protegrity56\xc7\xc5\xc6\xc8\xc9\xc2\xc3'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.

8 is the success return code for the unprotect operation of each element in the list.

reprotect

The reprotect API reprotects data using tokenization, data type preserving encryption, No Encryption, or encryption data element. The protected data is first unprotected and then protected again with a new data element. It supports bulk protection without a maximum data limit. However, you are recommended not to pass more than 1 MB of input data for each protection call.

For String and Byte data types, the maximum length for tokenization is 4096 bytes, while no maximum length is defined for encryption.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

def reprotect(self, data, old_de, new_de, **kwargs)

Do not pass the self parameter while invoking the API.

Parameters

data: Protected data to be reprotected. The data is first unprotected with the old data element and then protected with the new data element.
old_de: String containing the data element name defined in the policy for the input data. This data element is used to unprotect the protected data as part of the reprotect operation.
new_de: String containing the data element name defined in the policy to create the output data. This data element is used to protect the data as part of the reprotect operation.
**kwargs: Specify one or more of the following keyword arguments: - old_external_iv: Specify the old external IV in bytes for Tokenization and FPE protection methods. This old external IV is used to unprotect the protected data as part of the reprotect operation. This argument is optional.
- new_external_iv: Specify the new external IV in bytes for Tokenization and FPE protection methods. This new external IV is used to protect the data as part of the reprotect operation. This argument is optional.
- old_external_tweak: Specify the old external tweak value in bytes for the FPE protection method. This old external tweak is used to unprotect the protected data as part of the reprotect operation. This argument is optional.
- new_external_tweak: Specify the new external tweak value in bytes for the FPE protection method. This new external tweak is used to protect the data as part of the reprotect operation. This argument is optional.
- encrypt_to: Specify this argument for re-encrypting the bytes data and set its value to bytes. This argument is Mandatory. This argument must not be used for Tokenization and FPE protection methods.
- charset: This is an optional argument. It indicates the byte order of the input buffer. You can specify a value for this argument from the charset constants, such as, UTF8, UTF16LE, or UTF16BE. The default value for the charset argument is UTF8. The charset argument is only applicable for the input data of byte type. The charset parameter is mandatory for the data elements created with Unicode Gen2 tokenization method and the FPE encryption method for byte APIs. The encoding set for the charset parameter must match the encoding of the input data passed.

Keyword arguments are case sensitive.

Returns

For single data: Returns the reprotected data
For bulk data: Returns a tuple of the following data:
- List or tuple of the reprotected data
- Tuple of error codes

Exceptions

InvalidSessionError: This exception is thrown if the session is invalid or has timed out.
ProtectError: This exception is thrown if the API is unable to protect the data.

If the reprotect API is used with bulk data, then it does not throw any exception. Instead, it only returns an error code.
For more information about the return codes, refer to Application Protector API Return Codes.

Example - Retokenizing String Data

The examples for using the reprotect API for retokenizing string data are described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Alpha-Numeric data element to protect the data, then you must use only the Alpha-Numeric data element to reprotect the data.

Example 1: Input string data
In the following example, the Protegrity1 string is used as the input data, which is first tokenized using the TE_A_N_S23_L2R2_Y data element.
The tokenized input data, the old data element TE_A_N_S23_L2R2_Y, and a new data element TE_A_N_S23_L0R0_Y are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("Protegrity1", "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "TE_A_N_S23_L2R2_Y", 
 "TE_A_N_S23_L0R0_Y")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: Pr9zdglWRy1
Reprotected Data: 7gD6aY1Aja9

Example 2: Input date passed as a string
In the following example, the 14/02/2019 string is used as the input data, which is first tokenized using the TE_Date_DMY_S13 Date data element.
If a date string is provided as input, then the data element with the same tokenization type as the input date format must be used to protect the data. For example, if you have provided the input date string in DD/MM/YYYY format, then you must use only the Date (DD/MM/YYYY) data element to protect the data.
The tokenized input data, the old data element TE_Date_DMY_S13, and a new data element TE_Date_DMY_S16 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("14/02/2019", "TE_Date_DMY_S13")
print("Protected data: "+str(output))
r_out = session.reprotect(output, "TE_Date_DMY_S13", "TE_Date_DMY_S16")
print("Reprotected data: "+str(r_out))

Result

Protected data: 08/07/2443
Reprotected data: 19/10/1231

Example 3: Input date and time passed as a string
In the following example, the 2019/02/14 10:54:47 string is used as the input data, which is first tokenized using the TE_Datetime_TN_DN_M Datetime data element.
If a date and time string is provided as input, then the data element with the same tokenization type as the input format must be used for data protection. For example, if the input date and time string in YYYY/MM/DD HH:MM:SS MMM format is provided, then only the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element must be used to protect the data. The tokenized input data, the old data element TE_Datetime_TN_DN_M, and a new data element TE_Datetime_TN_DN_Y are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect("2019/02/14 10:54:47", "TE_Datetime_TN_DN_M")
print("Protected data: "+str(output))
r_out = session.reprotect(output, "TE_Datetime_TN_DN_M", "TE_Datetime_TN_DN_Y")
print("Reprotected data: "+str(r_out))

Result

Protected data: 3311/02/22 10:54:47
Reprotected data: 2019/09/25 10:54:47

Example - Retokenizing String Data with External IV

The example for using the reprotect API for retokenizing string data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, the Protegrity1 string is used as the input data, which is first tokenized using the TE_A_N_S23_L2R2_Y data element, with the help of external IV 1234 that is passed as bytes.
The tokenized input data, the TE_A_N_S23_L2R2_Y data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV. It then retokenizes the data using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
p_out = session.protect("Protegrity1", "TE_A_N_S23_L2R2_Y", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "TE_A_N_S23_L2R2_Y", 
 "TE_A_N_S23_L2R2_Y", old_external_iv=bytes("1234", encoding="utf-8"), 
 new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: PrksvEshuy1
Reprotected Data: PrKxfmdTGy1

Example - Reprotecting String Data Using FPE

The example for using the reprotect API for reprotecting string data using FPE (FF1) is described in this section.

The ptyCharsets parameter is mandatory for data elements created with Unicode Gen2 tokenization method and the Format Preserving Encryption (FPE) method for byte APIs. The encoding set for the ptyCharsets parameter must match the encoding of the input data passed.

Example
In the following example, the protegrity1234ÀÁÂÃÄÅÆÇÈÉ string is used as the input data, which is first protected using the FPE data element FPE_FF1_AES256_ID_AN_LnRn_ASTNE.
The protected input data, the old data element FPE_FF1_AES256_ID_AN_LnRn_ASTNE, and a new data element FPE_FF1_AES256_ID_AN_LnRn_ASTNI are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
p_out = session.protect("protegrity1234ÀÁÂÃÄÅÆÇÈÉ", 
 "FPE_FF1_AES256_ID_AN_LnRn_ASTNE")
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "FPE_FF1_AES256_ID_AN_LnRn_ASTNE", 
 "FPE_FF1_AES256_ID_AN_LnRn_ASTNI")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: NRejBkN7LcBOT4ÀÁÂÃÄÅÆÇÈÉ
Reprotected Data: AdbY0XkXIW7MvHÀÁÂÃÄÅÆÇÈÉ

Example - Reprotecting String Data Using FPE with External IV and External Tweak

The example for using the reprotect API for reprotecting string data using FPE (FF1), with external IV and external tweak is described in this section.

If the external IV and external tweak are passed as keyword arguments to the reprotect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, the protegrity1234 string is used as the data, which is first protected using the FPE data element FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2, with the help of external IV 1234 and external tweak abcdef that are both passed as bytes.
The protected input data, the FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2 data element, the old external IV 1234 and external tweak abcdef in bytes, and a new external IV 123456 and external tweak xyz in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element, and old external IV and external tweak. It then reprotects it using the same data element, but with the new external IV and external tweak.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
p_out = session.protect("protegrity1234", 
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", external_iv=bytes("1234",
 encoding="utf-8"), 
 external_tweak=bytes("abcdef", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, 
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", 
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", 
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("12345",
 encoding="utf-8"), 
 old_external_tweak=bytes("abcdef", encoding="utf-8"),
 new_external_tweak=bytes("xyz", encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: prS6DaU5Dtd5g4
Reprotected Data: pr7hzGvIWOZQf4

Example - Retokenizing Bulk String Data

The examples for using the reprotect API for retokenizing bulk string data are described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example 1: Input bulk string data
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is tokenized using the TE_A_N_S13_L1R3_N data element.
The tokenized input data, the old data element TE_A_N_S13_L1R3_N, and a new data element TE_A_N_S23_L2R2_Y are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "TE_A_N_S13_L1R3_N")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_A_N_S13_L1R3_N",
 "TE_A_N_S23_L2R2_Y")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
(['pLAvXYIAbp5234', 'P8PCmC8gty1', 'PHNjXrw7Iy56'], (6, 6, 6))
Reprotected Data: 
(['prMLJsM8fZUp34', 'Pr9zdglWRy1', 'Pra9Ez5LPG56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example 2: Input dates passed as bulk strings
In the following example, the 14/02/2019 and 11/03/2018 strings are stored in a list and used as bulk data, which is tokenized using the TE_Date_DMY_S13 Date data element.

The tokenized input data, the old data element TE_Date_DMY_S13, and a new data element TE_Date_DMY_S16 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["14/02/2019", "11/03/2018"]
output = session.protect(data, "TE_Date_DMY_S13")
print("Protected data: "+str(output))
r_out = session.reprotect(output[0], "TE_Date_DMY_S13", "TE_Date_DMY_S16")
print("Reprotected data: "+str(r_out))

Result

Protected data: (['08/07/2443', '17/08/1830'], (6, 6))
Reprotected data: (['19/10/1231', '25/09/2588'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Example 3: Input date and time passed as bulk strings
In the following example, the 2019/02/14 10:54:47 and 2019/11/03 11:01:32 strings is used as the data, which is tokenized using the TE_Datetime_TN_DN_M Datetime data element.
If a date and time string is provided as input, then the data element with the same tokenization type as the input format must be used for data protection. For example, if you have provided the input date and time string in YYYY-MM-DD HH:MM:SS MMM format, then you must use only the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element to protect the data.
The tokenized input data, the old data element TE_Datetime_TN_DN_M, and a new data element TE_Datetime_TN_DN_Y are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["2019/02/14 10:54:47", "2019/11/03 11:01:32"]
output = session.protect(data, "TE_Datetime_TN_DN_M")
print("Protected data: "+str(output))
r_out = session.reprotect(output[0], "TE_Datetime_TN_DN_M", "TE_Datetime_TN_DN_Y")
print("Reprotected data: "+str(r_out))

Result

Protected data: (['3311/02/22 10:54:47', '3311/11/02 11:01:32'], (6, 6))
Reprotected data: (['2019/09/25 10:54:47', '2019/05/16 11:01:32'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Retokenizing Bulk String Data with External IV

The example for using the reprotect API for retokenizing bulk string data using external IV is described int his section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is tokenized using the TE_A_N_S23_L2R2_Y data element, with the help of external IV 123 that is passed as bytes.
The tokenized input data, the TE_A_N_S23_L2R2_Y data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV, and then retokenizes it using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_A_N_S23_L2R2_Y","TE_A_N_S23_L2R2_Y",
 old_external_iv=bytes("1234", encoding="utf-8"),
new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
(['prbm147L5pc434', 'PrksvEshuy1', 'Prmx0hG8Nj56'], (6, 6, 6))
Reprotected Data: 
(['prFApvQWkhC934', 'PrKxfmdTGy1', 'PrKciFj8Ng56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Reprotecting Bulk String Data Using FPE

The example for using the reprotect API for reprotecting bulk string data using FPE (FF1) is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, protegrity1234ÀÁ, Protegrity1ÆÇÈ, and Protegrity56ÀÁÂÃÄÅ strings are stored in a list and used as bulk data, which is protected using the FPE data element FPE_FF1_AES256_ID_AN_LnRn_ASTNE. The tokenized input data, the old data element FPE_FF1_AES256_ID_AN_LnRn_ASTNE, and a new data element FPE_FF1_AES256_ID_AN_LnRn_ASTNI are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data, "FPE_FF1_AES256_ID_AN_LnRn_ASTNE")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "FPE_FF1_AES256_ID_AN_LnRn_ASTNE",
 "FPE_FF1_AES256_ID_AN_LnRn_ASTNI")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([u'NRejBkN7LcBOT4\xc0\xc1', u'8BT1NNNqnPZ\xc6\xc7\xc8', u'ecZslauY6iAl\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))
Reprotected Data: 
([u'AdbY0XkXIW7MvH\xc0\xc1', u'1sw4XpkXXn2\xc6\xc7\xc8', u'0dEqKSUy7OEX\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Reprotecting Bulk String Data Using FPE with External IV and External Tweak

The example for using the reprotect API for reprotecting bulk string data using FPE (FF1), with external IV and external tweak is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If the external IV and external tweak are passed as keyword arguments to the reprotect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, protegrity1234ÀÁ, Protegrity1ÆÇÈ, and Protegrity56ÀÁÂÃÄÅ strings are stored in a list and used as bulk data, which is first protected using the FPE data element FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2 data element, with the help of an external IV 1234 and external tweak abc that are both passed as bytes. The protected input data, the FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2 data element, the old external IV 1234 and external tweak abc in bytes, and a new external IV 123456 and external tweak xyz in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element, and old external IV and external tweak. It then reprotects it using the same data element, but with the new external IV and external tweak.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data,
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", external_iv=bytes("1234",
 encoding="utf-8"),
 external_tweak=bytes("abc", encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0],
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2",
 "FPE_FF1_AES256_ASCII_APIP_AN_L2R1_ASTNI_ML2", 
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"), 
 old_external_tweak=bytes("abc", encoding="utf-8"),
 new_external_tweak=bytes("xyz", encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([u'prngoI74u6NZrY\xc0\xc1', u'PrFBtLOLDBJ\xc6\xc7\xc8', u'PrlIizsBZ8Bc\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))
Reprotected Data: 
([u'prvKwWyJiHTjtV\xc0\xc1', u'PrOjAc1YuIp\xc6\xc7\xc8', u'PrgiU5fdHGXE\xc0\xc1\xc2\xc3\xc4\xc5'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Retokenizing Integer Data

The example for using the reprotect API for retokenizing integer data is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used Integer data element to protect the data, then you must use only Integer data element to reprotect the data.

Example
In the following example, 21 is used as the input integer data, which is first tokenized using the TE_INT_4 data element.
The tokenized input data, the old data element TE_INT_4, and a new data element TE_INT_4_1 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(21, "TE_INT_4")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "TE_INT_4", "TE_INT_4_1")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: -1926573911
Reprotected Data: 1673602066

Example - Retokenizing Integer Data with External IV

The example for using the reprotect API for retokenizing integer data using external IV is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Integer data element to protect the data, then you must use only the Integer data element to reprotect the data.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

The AP Python APIs support integer values only between -2147483648 and 2147483648, both inclusive.

Example
In the following example, 21 is used as the input integer data, which is first tokenized using the TE_INT_4 data element, with the help of external IV 1234 that is passed as bytes.
The tokenized input data, the TE_INT_4 data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV. It then retokenizes the data using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
p_out = session.protect(21, "TE_INT_4", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "TE_INT_4", "TE_INT_4",
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: -2122057622
Reprotected Data: 342830163

Example - Retokenizing Bulk Integer Data

The example for using the reprotect API for retokenizing bulk integer data is described in this section. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Integer data element to protect the data, then you must use only the Integer data element to reprotect the data.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is tokenized using the TE_INT_4 data element.
The tokenized input data, the old data element TE_INT_4, and a new data element TE_INT_4_1 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "TE_INT_4")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_INT_4", "TE_INT_4_1")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([-1926573911, -1970496120, -814489753], (6, 6, 6))
Reprotected Data: 
([1673602066, -2106523868, 1683756976], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Retokenizing Bulk Integer Data with External IV

The example for using the reprotect API for retokenizing bulk integer data using external IV is described in this section. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Integer data element to protect the data, then you must use only the Integer data element to reprotect the data.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is tokenized using the TE_INT_4 data element, with the help of external IV 1234 that is passed as bytes.
The tokenized input data, the TE_INT_4 data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV. It then retokenizes the data using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [21, 42, 55]
p_out = session.protect(data, "TE_INT_4", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_INT_4", "TE_INT_4",
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([-2122057622, 1795905968, 228587043], (6, 6, 6))
Reprotected Data: 
([342830163, 1360764745, -1892139659], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Retokenizing Long Data

The example for using the reprotect API for retokenizing long data is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Integer data element to protect the data, then you must use only the Integer data element to reprotect the data.

Example
In the following example, 1376235139103947 is used as the input long data, which is first tokenized using the TE_INT_8 data element.
The tokenized input data, the old data element TE_INT_8, and a new data element TE_INT_8_1 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(1376235139103947, "TE_INT_8")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "TE_INT_8", "TE_INT_8_1")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: -1770169866845757900
Reprotected Data: 1496033169477057599

Example - Retokenizing Long Data with External IV

The example for using the reprotect API for retokenizing long data using external IV is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Integer data element to protect the data, then you must use only the Integer data element to reprotect the data.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 1376235139103947 is used as the input long data, which is first tokenized using the TE_INT_8 data element, with the help of external IV 1234 that is passed as bytes.

The tokenized input data, the TE_INT_8 data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV, and then retokenizes it using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
p_out = session.protect(1376235139103947, "TE_INT_8", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "TE_INT_8", "TE_INT_8",
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 5846214101577367207
Reprotected Data: 2547273918835895593

Example - Retokenizing Bulk Long Data

The example for using the reprotect API for retokenizing bulk long data is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Integer data element to protect the data, then you must use only the Integer data element to reprotect the data.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is tokenized using the TE_INT_8 data element.
The tokenized input data, the old data element TE_INT_8, and a new data element TE_INT_8_1 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "TE_INT_8")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_INT_8", "TE_INT_8_1")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([-1770169866845757900L, -8142006510957348982L, -206876567049699669L], (6, 6, 6))
Reprotected Data: 
([1496033169477057599L, -751706970736718821L, 6484885126927122847L], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Retokenizing Bulk Long Data with External IV

The example for using the reprotect API for retokenizing bulk long data using external IV is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Integer data element to protect the data, then you must use only the Integer data element to reprotect the data.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is tokenized using the TE_INT_8 data element, with the help of external IV 1234 that is passed as bytes. The tokenized input data, the TE_INT_8 data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV. It then retokenizes the data using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "TE_INT_8", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_INT_8", "TE_INT_8",
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([5846214101577367207L, 5661139619224336475L, 7806173497368534531L], (6, 6, 6))
Reprotected Data: 
([2547273918835895593L, 3484073575451507396L, 1789344813959912458L], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Reprotecting Float Data

The example for using the reprotect API for reprotecting float data using a No-Encryption data element is described in this section. This API can be used for access control and auditing.

If you are reprotecting the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the No Encryption data element to protect the data, then you must use only the No Encryption data element to reprotect the data.

Example
In the following example, 22.5 is used as the input float data, which is first protected using the NoEncryption_1 data element.
The protected input data, the old data element NoEncryption_1, and a new data element NoEncryption_2 are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(22.5, "NoEncryption_1")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "NoEncryption_1", "NoEncryption_2")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 22.5
Reprotected Data: 22.5

As we are using a No-Encryption data element to protect and reprotect the data, the reprotected output data is the same as the protected data.

Example - Reprotecting Bulk Float Data

The example for using the reprotect API for reprotecting bulk float data using a No Encryption data element is described in this section. The bulk float data can be passed as a list or a tuple. This API can be used for access control and auditing.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is tokenized using the NoEncryption_1 data element.
The tokenized input data, the old data element NoEncryption_1, and a new data element NoEncryption_2 are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "NoEncryption_1")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "NoEncryption_1", "NoEncryption_2")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))
Reprotected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.
As we are using a No Encryption data element to protect and reprotect the data, the reprotected output data is the same as the protected data.

Example - Retokenizing Bytes Data

The example for using the reprotect API for retokenizing bytes data is described in this section.

Example
In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then tokenized using the TE_A_N_S23_L2R2_Y data element.
The tokenized input data, the old data element TE_A_N_S23_L2R2_Y, and a new data element TE_A_N_S13_L1R3_N are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "TE_A_N_S23_L2R2_Y",
 "TE_A_N_S13_L1R3_N")
print("Reprotected Data: %s" %r_out)

In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then tokenized using the UnicodeGen2_BasicAlphaNum data element.
The tokenized input data, the old data element UnicodeGen2_BasicAlphaNum, and a new data element UnicodeGen2_BasicAlpha are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
from appython import Charset
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-1be")
p_out = session.protect(data, "UnicodeGen2_BasicAlphaNum", encrypt_to=bytes, charset=Charset.UTF16BE)
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "UnicodeGen2_BasicAlphaNum", "UnicodeGen2_BasicAlpha", encrypt_to=bytes, charset=Charset.UTF16BE)
print("Reprotected Data: %s" %r_out)

Result

Protected Data: b'Pr9zdglWRy1'
Reprotected Data: b'P8PCmC8gty1'

Example - Retokenizing Bytes Data with External IV

The example for using the reprotect API for retokenizing bytes data using external IV is described in this section.

Example
In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then tokenized using the TE_A_N_S23_L2R2_Y data element, with the help of external IV 1234 that is passed as bytes.
The tokenized input data, the TE_A_N_S23_L2R2_Y data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV, and then retokenizes it using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "TE_A_N_S23_L2R2_Y",
 "TE_A_N_S23_L2R2_Y", old_external_iv=bytes("1234", encoding="utf-8"),
 new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: b'PrksvEshuy1'
Reprotected Data: b'PrKxfmdTGy1'

Example - Re-Encrypting Bytes Data

The example for using the reprotect API for re-encrypting bytes data is described in this section.

If you are using the reprotect API, then the old data element and the new data element must be of the same protection method. For example, if you have used the AES256 data element to protect the data, then you must use only the AES256 data element to reprotect the data.

Example
In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then encrypted using the AES256 data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes. The encrypted input data, the old data element AES256, and a new data element AES256_IV_CRC_KID are then passed as inputs to the reprotect API. The reprotect API first decrypts the protected input data using the old data element and then re-encrypts it using the new data element, as part of a single reprotect operation. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "AES256", encrypt_to = bytes)
print("Encrypted Data: %s" %p_out)
r_out = session.reprotect(p_out, "AES256", "AES256_IV_CRC_KID", encrypt_to = bytes)
print("Re-encrypted Data: %s" %r_out)

Result

Encrypted Data: b't####+4Lq##ۏx'
Re-encrypted Data: b' #,f#7d####l#:##s##D&#w]#Vd#y#-'

Example - Retokenizing Bulk Bytes Data

The example for using the reprotect API for retokenizing bulk bytes data is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are first converted to bytes using the Python bytes() method. The converted bytes are then stored in a list and used as bulk data, which is tokenized using the TE_A_N_S23_L2R2_Y data element.
The tokenized input data, the old data element TE_A_N_S23_L2R2_Y, and a new data element TE_A_N_S13_L1R3_N are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234"), bytes("Protegrity1"), bytes("Protegrity56")]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_A_N_S23_L2R2_Y",
 "TE_A_N_S13_L1R3_N")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([b'prMLJsM8fZUp34', b'Pr9zdglWRy1', b'Pra9Ez5LPG56'], (6, 6, 6))
Reprotected Data: 
([b'pLAvXYIAbp5234', b'P8PCmC8gty1', b'PHNjXrw7Iy56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Retokenizing Bulk Bytes Data with External IV

The example for using the reprotect API for retokenizing bulk bytes data using external IV is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are first converted to bytes using the Python bytes() method. The converted bytes are then stored in a list and used as bulk data, which is tokenized using the TE_A_N_S23_L2R2_Y data element, with the help of external IV 1234 that is passed as bytes.
The tokenized input data, the TE_A_N_S23_L2R2_Y data element, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first detokenizes the protected input data using the given data element and old external IV. It then retokenizes the data using the same data element, but with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding="utf-8"), bytes("Protegrity1",
 encoding="utf-8"), bytes("Protegrity56", encoding="utf-8")]
p_out = session.protect(data, "TE_A_N_S23_L2R2_Y",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out) 
r_out = session.reprotect(p_out[0], "TE_A_N_S23_L2R2_Y",
 "TE_A_N_S23_L2R2_Y", old_external_iv=bytes("1234", encoding="utf-8"),
 new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([b'prbm147L5pc434', b'PrksvEshuy1', b'Prmx0hG8Nj56'], (6, 6, 6))
Reprotected Data: 
([b'prFApvQWkhC934', b'PrKxfmdTGy1', b'PrKciFj8Ng56'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Re-Encrypting Bulk Bytes Data

The example for using the reprotect API for re-encrypting bulk bytes data is described in this section. The bulk bytes data canbe passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

To avoid data corruption, do not convert the encrypted bytes data into string format. It is recommended that you to convert the encrypted bytes data to a Hexadecimal, Base 64, or any other appropriate format.

The encrypted input data, the old data element AES256, and a new data element AES256_IV_CRC_KID are then passed as inputs to the reprotect API. The reprotect API first decrypts the protected input data using the old data element and then re-encrypts it using the new data element, as part of a single reprotect operation. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [bytes("protegrity1234", encoding ="UTF-8"), bytes("Protegrity1", encoding
 ="UTF-8"), bytes("Protegrity56", encoding ="UTF-8")]
p_out = session.protect(data, "AES256", encrypt_to = bytes)
print("Encrypted Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "AES256", "AES256_IV_CRC_KID", encrypt_to = bytes)
print("Re-encrypted Data: ")
print(r_out)

Result

Encrypted Data: 
([b'\xc9^x\x02)\xcbB\x91}\x7fi\x8a\xce\x8d>H', b't\x80\xf5\x8d\x9e\x0b+4Lq\x8a\x97\xdb\x8fx\x16', b'\x87\x08\x938\xf7o~\xab\xa3\xc2L\xa90>\x18_'], (6, 6, 6))
Re-encrypted Data: 
([b' \x08\xdfV2)A/\xc2\x96X\x86M\xbf&$P\xa1\xb9\x83o\xb4\x90\x9b\x8d\xf8\xf5\x976\x95\xcd\xf4\xea\xc7\xad\xedl\xbck\xd1\xf3@\xf7.\xfd\xe0\x13H\xe6\xb1', b'\x08\x11\x7f\xdf\x05\xf0I\xaa\xd1\xe2v`\xe9\x9dH\xa1\xa3\x025oW~\xc7\xf0KT\xd4\x1c\x05V\xaei\xee', b' \x08)\x84N&\xd4e(lq\xfa\x8d\x05\xa9\xe5\x8do(\xf2T\xe3l\xa9|V\xc2&X\x1d\x02yF[\xbfb(x\xe3\x1a/|x91K\xc2\xc8\xf2"\x89\xc3'], (6, 6, 6))

Example - Retokenizing Date Objects

The example for using the reprotect API for retokenizing date objects is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example: Input as a data object
In the following example, the 12/02/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module. The date object is then tokenized using the TE_Date_DMY_S13 data element.
The tokenized input data, the old data element TE_Date_DMY_S13, and a new data element TE_Date_DMY_S16 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data = datetime.strptime("12/02/2019", "%d/%m/%Y").date()
print("Input date as a Date object : "+str(data))
p_out = session.protect(data, "TE_Date_DMY_S13")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "TE_Date_DMY_S13", "TE_Date_DMY_S16")
print("Reprotected date: "+str(r_out))

Result

Input date as a Date object : 2019-02-12
Protected date: 1896-10-21
Reprotected date: 2130-06-19

Example - Retokenizing Bulk Date Objects

The example for using the reprotect API for retokenizing bulk date objects is described in this section. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example: Input as a Date Object
In the following example, the 12/02/2019 and 11/01/2018 date strings are used as the data, which are first converted to a date objects using the Python date method of the datetime module. The two date objects are then used to create a list, which is used as the input data.
The input list is then tokenized using the TE_Date_DMY_S13 data element.
The tokenized input data, the old data element TE_Date_DMY_S13, and a new data element TE_Date_DMY_S16 are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("User1")
data1 = datetime.strptime("12/02/2019", "%d/%m/%Y").date()
data2 = datetime.strptime("11/01/2018", "%d/%m/%Y").date()
data = [data1, data2]
print("Input data: ", str(data))
p_out = session.protect(data, "TE_Date_DMY_S13")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "TE_Date_DMY_S13", "TE_Date_DMY_S16")
print("Reprotected date: "+str(r_out))

Result

Input data: [datetime.date(2019, 2, 12), datetime.date(2018, 1, 11)]
Protected data: ([datetime.date(1896, 10, 21), datetime.date(696, 3, 1)], (6, 6))
Reprotected date: ([datetime.date(2130, 6, 19), datetime.date(1339, 10, 10)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Example - Retokenizing Unicode Data

The example for using the reprotect API for retokenizing unicode data is described in this section.

Example
In the following example, the u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’ unicode data is used as the input data, which is first tokenized using the TE_A_N_S23_L2R2_Y data element.
The tokenized input data, the old data element TE_A_N_S23_L2R2_Y, and a new data element TE_AN_S23_L0R0_Y are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
output = session.protect(u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', "TE_A_N_S23_L2R2_Y")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "TE_A_N_S23_L2R2_Y", 
 "TE_AN_S23_L0R0_Y")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: prZeslalwuQQy3ÀÁÂÃÄÅÆÇÈÉ
Reprotected Data: Nw8MLVwbdcBMUaÀÁÂÃÄÅÆÇÈÉ

Example - Retokenizing Bulk Unicode Data

The example for using the reprotect API for retokenizing bulk unicode data is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example

In the following example, u’protegrity1234ÀÁÂÃÄÅÆÇÈÉ’, u’Protegrity1ÆÇÈÉÀÁÂÃÄÅ’, and u’Protegrity56ÇÅÆÈÉÂÃ’ unicode data are stored in a list and used as bulk data, which is tokenized using the TE_A_N_S23_L2R2_Y data element.
The tokenized input data, the old data element TE_A_N_S13_L1R3_N, and a new data element TE_A_N_S23_L2R2_Y are then passed as inputs to the reprotect API. The reprotect API detokenizes the protected input data using the old data element and then retokenizes it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("User1")
data = [u'protegrity1234ÀÁÂÃÄÅÆÇÈÉ', u'Protegrity1ÆÇÈÉÀÁÂÃÄÅ', u'Protegrity56ÇÅÆÈÉÂÃ']
p_out = session.protect(data, "TE_A_N_S13_L1R3_N")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "TE_A_N_S13_L1R3_N",
 "TE_A_N_S23_L2R2_Y")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([u'p3oZN1j1PF33hz\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9', u'P5fjL8vdBci\xc6\xc7\xc8\xc9\xc0\xc1\xc2\xc3\xc4\xc5', u'PIo45D7g73Sm\xc7\xc5\xc6\xc8\xc9\xc2\xc3'],  (6, 6, 6))
Reprotected Data: 
([u'prZeslalwuQQy3\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9',  u'PrVt6rfyW81\xc6\xc7\xc8\xc9\xc0\xc1\xc2\xc3\xc4\xc5', u'PrFgczleNkNG\xc7\xc5\xc6\xc8\xc9\xc2\xc3'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Using AP Python Mock in a Development Environment

The AP Python Mock can be used in a development environment. This is also known as mock implementation of AP Python APIs. In this mode, the AP Python Mock development package provides you with sample users and data elements that can be used to simulate the behavior of the actual APIs in production environment.

When the AP Python Mock APIs are used with the sample users and data elements provided with the development package, the output data is only a simulation of the protected or encrypted data. Do not use the AP Python APIs in the development environment to protect, unprotect, or reprotect sensitive data.

The examples on how to use the sample data elements for simulating the protect, unprotect, and reprotect scenarios are described in this section.

In the mock implementation, the ALL_USER user name must be passed as an argument to the create_session API for creating a session.

Mock example - protecting string

The example for using the protect API for protecting a string input data is described in this section.

Example: Input string data
In the following example, the Protegrity1 string is used as the input data, which is protected using the SUCCESS_STR data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_STR")
print("Protected Data: %s" %output)

Result

Protected Data: 6JPqrjJEqLX

Mock Example - Protecting String Data with External IV

The example for using the protect API for protecting string input data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

Example
In this example, the Protegrity1 string is used as the input data, which is tokenized using the SUCCESS_STR data element, with external IV 1234 passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_STR", 
 external_iv=bytes("1234"))
print("Protected Data: %s" %output)

Result

Protected Data: Ho9bgXoebxa

Mock Example - Protecting String Data Using External IV and External Tweak

The example for using the protect API for protecting string input data using external IV and external tweak is described in this section.

If the external IV and external tweak are passed as keyword arguments to the protect API, then the external IV and external tweak must be passed as bytes.

Example
In this example, the protegrity1234 string is used as the input data protected using the data element SUCCESS_STR, with external IV 1234 and external tweak abcdef passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("protegrity1234", "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("abcdef",
 encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: 9GsvVbGRvTQwxr

Mock Example - Protecting Bulk String Data

The examples for using the protect API for protecting bulk string input data are described in this section. The bulk string input data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example 1
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is protected using the SUCCESS_STR data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_STR")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
(['pJPqrjJEqLXHaO', '6JPqrjJEqLX', '6JPqrjJEqLl5'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Example 2
In Example 1, the protected output was a tuple of the tokenized data and the error list. This example shows how the code can be tweaked to ensure that you retrieve the protected output and the error list separately, and not as part of a tuple.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = "protegrity1234"
data = [data]*5
p_out, error_list = session.protect(data, "SUCCESS_STR")
print("Protected Data: ", end="")
print(p_out)
print("Error List: ", end="")
print(error_list)

Result

Protected Data: ['pJPqrjJEqLXHaO', 'pJPqrjJEqLXHaO', 'pJPqrjJEqLXHaO', 'pJPqrjJEqLXHaO', 'pJPqrjJEqLXHaO']
Error List: (6, 6, 6, 6, 6)

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Bulk String Data with External IV

The example for using the protect API for protecting bulk string input data using external IV is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

Example
In this example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk input data. This bulk data is protected using the SUCCESS_STR data element, with external IV 123 passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_STR", 
 external_iv=bytes("123"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
(['nx8mEaxwmR2VSq', '1x8mEaxwmR2', '1x8mEaxwmRdF'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Bulk String Data Using External IV and External Tweak

The example for using the protect API for protecting bulk string input data using external IV and external tweak is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV and external tweak as keyword arguments to the protect API, then you must pass the external IV and external tweak as bytes.

Example
In the following example, protegrity1234ÀÁ, Protegrity1ÆÇÈ, and Protegrity56ÀÁÂÃÄÅ strings are stored in a list and used as bulk input data. This bulk data is protected using the SUCCESS_STR data element, with the help of external IV 1234 and external tweak xyz that are both passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data, "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("xyz", encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
(['uc72ntca2dI896Ã\x83Â\x80Ã\x83Â\x81', 'xc72ntca2dIÃ\x83Â\x86Ã\x83Â\x87Ã\x83Â\x88',
 'xc72ntca2dEBÃ\x83Â\x80Ã\x83Â\x81Ã\x83Â\x82Ã\x83Â\x83Ã\x83Â\x84Ã\x83Â\x85'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting String Data

The example for using the unprotect API for retrieving the original string data from the protected data is described in this section.

Example: Input string data
In the following example, the Protegrity1 string that was protected using the SUCCESS_STR data element, is now unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_STR")
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_STR")
print("Unprotected Data: %s" %org)

Result

Protected Data: 6JPqrjJEqLX
Unprotected Data: Protegrity1

Mock Example - Unprotecting String Data with External IV

The example for using the unprotect API for retrieving the original string data from protected data, using external initialization vector (IV) is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, the Protegrity1 string that was protected using the SUCCESS_STR data element and the external IV 1234 is now unprotected using the same data element and same external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_STR", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_STR", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: Ho9bgXoebxa
Unprotected Data: Protegrity1

Mock Example - Unprotecting String Data Using External IV and External Tweak

The example for using the unprotect API for unprotecting string data using external IV and tweak is described in this section.

If the external IV and external tweak are passed as keyword arguments to the protect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, the protegrity1234 string that was protected using the SUCCESS_STR data element, is now unprotected using the same data element and the same external IV and external tweak.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("protegrity1234", "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("abcdef",
 encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("abcdef",
 encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: 9GsvVbGRvTQwxr
Unprotected Data: protegrity1234

Mock Example - Unprotecting Bulk String Data

The examples for using the unprotect API for retrieving the original bulk string data from the protected data are described in this section.

Example 1
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is protected using the SUCCESS_STR data element. The bulk string data is then unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_STR")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_STR")
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
(['pJPqrjJEqLXHaO', '6JPqrjJEqLX', '6JPqrjJEqLl5'], (6, 6, 6))
Unprotected Data: 
(['protegrity1234', 'Protegrity1', 'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.

8 is the success return code for the unprotect operation of each element in the list.

Example 2
In Example 1, the unprotected output was a tuple of the unprotected data and the error list.
The following example shows how you can tweak the code to ensure that you retrieve the unprotected output and the error list separately, and not as part of a tuple.

from appython import Protector
 protector = Protector()
 session = protector.create_session("ALL_USER")
 data = protegrity1234
 data = [data]*5
 p_out, error_list = session.protect(data, "SUCCESS_STR")
 print("Protected Data: ", end="")
 print(p_out)
 print("Error List: ", end="")
 print(error_list)
 org, error_list = session.unprotect(p_out, "SUCCESS_STR")
 print("Unprotected Data: ", end="")
 print(org)
 print("Error List: ", end="")
 print(error_list)

Result

Protected Data: ['pJPqrjJEqLXHaO', 'pJPqrjJEqLXHaO', 'pJPqrjJEqLXHaO', 'pJPqrjJEqLXHaO',
 'pJPqrjJEqLXHaO']
Error List: (6, 6, 6, 6, 6)
Unprotected Data: ['protegrity1234', 'protegrity1234', 'protegrity1234',
 'protegrity1234', 'protegrity1234']
Error List: (8, 8, 8, 8, 8)

6 is the success return code for the protect operation of each element in the list.

8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Unprotecting Bulk String Data with External IV

The example for using the unprotect API for retrieving the original bulk string data from protected data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_STR",
 external_iv=bytes("123"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_STR",
 external_iv=bytes("123"))
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
(['nx8mEaxwmR2VSq', '1x8mEaxwmR2', '1x8mEaxwmRdF'], (6, 6, 6))
Unprotected Data: 
(['protegrity1234', 'Protegrity1', 'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.

8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Unprotecting Bulk String Data Using External IV and External Tweak

The example for using the unprotect API for retrieving the original bulk string data from protected data using external IV and external tweak is described in this section.

If the external IV and external tweak are passed as keyword arguments to the protect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, protegrity1234ÀÁ, Protegrity1ÆÇÈ, and Protegrity56ÀÁÂÃÄÅ strings are stored in a list and used as bulk data. This bulk data is protected using the SUCCESS_STR data element, with the help of external IV 1234 and external tweak xyz that are both passed as bytes. The protected bulk string data is then unprotected using the same data element, same external IV, and external tweak.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data, "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("xyz",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_STR", 
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("xyz",
 encoding="utf-8"))
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
(['uc72ntca2dI896Ã\x83Â\x80Ã\x83Â\x81', 'xc72ntca2dIÃ\x83Â\x86Ã\x83Â\x87Ã\x83Â\x88',
 'xc72ntca2dEBÃ\x83Â\x80Ã\x83Â\x81Ã\x83Â\x82Ã\x83Â\x83Ã\x83Â\x84Ã\x83Â\x85'], (6, 6, 6))
Unprotected Data: 
([u'protegrity1234\xc0\xc1', u'Protegrity1\xc6\xc7\xc8',
 u'Protegrity56\xc0\xc1\xc2\xc3\xc4\xc5'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.

8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Reprotecting String

The example for using the reprotect API for reprotecting string data is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used Alpha-Numeric data element to protect the data, then you must use only Alpha-Numeric data element to reprotect the data.

Example: Input string data
In the following example, the Protegrity1 string is used as the input data, which is first protected using the SUCCESS_STR data element.
The protected input data, the old data element SUCCESS_STR, and a new data element SUCCESS_REPROTECT_STR are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element, and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_STR")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "SUCCESS_STR", 
 "SUCCESS_REPROTECT_STR")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 6JPqrjJEqLX
Reprotected Data: JQbePhQ2eGC

Mock Example - Reprotecting String Data with External IV

The example for using the reprotect API for reprotecting string data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, the Protegrity1 string is used as the input data, which is first protected using the SUCCESS_STR data element, with the help of external IV 1234 that is passed as bytes.
The protected input data, the old data element SUCCESS_STR, a new data element SUCCESS_REPROTECT_STR, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("Protegrity1", "SUCCESS_STR", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "SUCCESS_STR", 
 "SUCCESS_REPROTECT_STR", old_external_iv=bytes("1234", encoding="utf-8"), 
 new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: Ho9bgXoebxa
Reprotected Data: vQIqelQyqY6

Mock Example - Reprotecting String Data Using External IV and External Tweak

The example for using the reprotect API for reprotecting string data using external IV and external tweak is described in this section.

If the external IV and external tweak are passed as keyword arguments to the reprotect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, the protegrity1234 string is used as the data, which is first protected using the SUCCESS_STR data element, with the help of external IV 1234 and external tweak abcdef that are both passed as bytes.
The protected input data, the SUCCESS_STR data element, a new data element SUCCESS_REPROTECT_STR, the old external IV 1234 and external tweak abcdef in bytes, and a new external IV 123456 and external tweak xyz in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element, and old external IV and external tweak, and then reprotects it using the same data element, but with the new external IV and external tweak.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("protegrity1234", "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("abcdef"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "SUCCESS_STR", 
 "SUCCESS_REPROTECT_STR", old_external_iv=bytes("1234", encoding="utf-8"),
 new_external_iv=bytes("12345", encoding="utf-8"),
 old_external_tweak=bytes("abcdef", encoding="utf-8"),
 new_external_tweak=bytes("xyz"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 9GsvVbGRvTQwxr
Reprotected Data: 3AZjIrAvjOsnwb

Mock Example - Reprotecting Bulk String Data

The example for using the reprotect API for reprotecting bulk string data is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is protected using the SUCCESS_STR data element.
The protected input data, the old data element SUCCESS_STR, and a new data element SUCCESS_REPROTECT_STR are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_STR")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_STR",
 "SUCCESS_REPROTECT_STR")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
(['pJPqrjJEqLXHaO', '6JPqrjJEqLX', '6JPqrjJEqLl5'], (6, 6, 6))
Reprotected Data:
(['gQbePhQ2eGCjqW', 'JQbePhQ2eGC', 'JQbePhQ2eGBK'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Bulk String Data with External IV

The example for using the reprotect API for reprotecting bulk string data using external IV is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is protected using the SUCCESS_STR data element, with the help of an external IV 1234 that is passed as bytes.
The protected input data, the old data element SUCCESS_STR, a new data element SUCCESS_REPROTECT_STR, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_STR",
 "SUCCESS_REPROTECT_STR", old_external_iv=bytes("1234", encoding="utf-8"), 
 new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data:
(['fo9bgXoebxaCTN', 'Ho9bgXoebxa', 'Ho9bgXoebx2q'], (6, 6, 6))
Reprotected Data:
(['cQIqelQyqY6OoN', 'vQIqelQyqY6', 'vQIqelQyqYXa'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Bulk String Data Using External IV and External Tweak

The example for using the reprotect API for reprotecting bulk string data using external IV and external tweak is described in this section. The bulk string data can be used as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If the external IV and external tweak are passed as keyword arguments to the reprotect API, then the external IV and external tweak must be passed as bytes.

Example
In the following example, protegrity1234ÀÁ, Protegrity1ÆÇÈ, and Protegrity56ÀÁÂÃÄÅ strings are stored in a list and used as bulk data, which is first protected using the SUCCESS_STR data element, with the help of an external IV 1234 and external tweak abc that are both passed as bytes.
The protected input data, the old data element SUCCESS_STR, a new data element SUCCESS_REPROTECT_STR, the old external IV 1234 and external tweak abc in bytes, and a new external IV 123456 and external tweak xyz in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the old data element, and old external IV and external tweak, and then reprotects it using the new data element, new external IV, and external tweak.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234ÀÁ", "Protegrity1ÆÇÈ", "Protegrity56ÀÁÂÃÄÅ"]
p_out = session.protect(data, "SUCCESS_STR",
 external_iv=bytes("1234", encoding="utf-8"), external_tweak=bytes("abc",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_STR",
 "SUCCESS_REPROTECT_STR", old_external_iv=bytes("1234", encoding="utf-8"),
 new_external_iv=bytes("123456", encoding="utf-8"),
 old_external_tweak=bytes("abc", encoding="utf-8"),
 new_external_tweak=bytes("xyz", encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
(['A2XIHe2vIEFmShÃ\x83Â\x80Ã\x83Â\x81', 'N2XIHe2vIEFÃ\x83Â\x86Ã\x83Â\x87Ã\x83Â\x88',
 'N2XIHe2vIE5oÃ\x83Â\x80Ã\x83Â\x81Ã\x83Â\x82Ã\x83Â\x83Ã\x83Â\x84Ã\x83Â\x85'],
(6, 6, 6))
Reprotected Data:
(['VmDBawmlBAsfc6Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã
\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\
x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã
\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\
x82Â\x80Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â
\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\
x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã
\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x81',
'emDBawmlBAsÃ\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â
\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\
x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã
\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x86Ã\x83Â\
x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã
\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\
x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã
\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x87Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\
x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã
\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\
x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã
\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x88','emDBawmlBAtIÃ\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\
x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â
\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\
x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â
\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x80Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\
x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â
\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\
x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â
\x82Ã\x82Â\x81Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\
x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â
\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã\
x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â
\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\
x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â
\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã\
x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â
\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\
x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â
\x83Ã\x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\
x83Â\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x84Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â
\x83Ã\x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\
x82Â\x82Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x83Ã\x83Â\x83Ã\x82Â
\x82Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x83Ã\x83Â\x82Ã\x82Â\x82Ã\x83Â\x83Ã\x82Â\x82Ã\
x83Â\x82Ã\x82Â\x85'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Integer Data

The example for using the protect API for protecting integer data is described in this section.

The AP Python APIs support integer values only between -2147483648 and 2147483648, both inclusive.

Example
In the following example, 21 is used as the integer data, which is tokenized using the SUCCESS_INT data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(21, "SUCCESS_INT")
print("Protected Data: %s" %output)

Result

Protected Data: 68

Mock Example - Protecting Integer Data with External Initialization Vector (IV)

The example for using the protect API for protecting integer data using external initialization vector (IV) is described in this section.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 21 is used as the integer data, which is tokenized using the SUCCESS_INT data element, with the help of external IV 1234 that is passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(21, "SUCCESS_INT", external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: 36

Mock Example - Protecting Bulk Integer Data

The example for using the protect API for protecting bulk integer data is described in this section. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

The AP Python APIs support integer values only between -2147483648 and 2147483648, both inclusive.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is protected using the SUCCESS_INT data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_INT")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([68, 46, 55], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Bulk Integer Data with External IV

The example for using the protect API for protecting bulk integer data using external IV is described in this section. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is protected using the SUCCESS_INT data element, with the help of external IV 1234 that is passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_INT", external_iv=bytes("1234",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([36, 13, 99], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Integer Data

The example for using the unprotect API for retrieving the original integer data from protected data is described in this section.

The AP Python APIs support integer values only between -2147483648 and 2147483648, both inclusive.

Example
In the following example, the integer data 21 that was protected using the SUCCESS_INT data element, is now unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(21, "SUCCESS_INT")
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_INT")
print("Unprotected Data: %s" %org)

Result

Protected Data: 68
Unprotected Data: 21

Mock Example - Unprotecting Integer Data with External IV

The example for using the unprotect API for retrieving the original integer data from protected data, using external initialization vector (IV) is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, the integer data 21 that was protected using the SUCCESS_INT data element and the external IV 1234, is now unprotected using the same data element and same external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(21, "SUCCESS_INT", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_INT", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: 36
Unprotected Data: 21

Mock Example - Unprotecting Bulk Integer Data

The example for using the unprotect API for retrieving the original bulk integer data from protected data is described in this section.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is protected using the SUCCESS_INT data element. The bulk integer data is then unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_INT")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_INT")
print("Unprotected Data: ")
print(out)

Result

Protected Data:
([68, 46, 55], (6, 6, 6))
Unprotected Data:
([21, 42, 55], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Bulk Integer Data with External IV

The example for using the unprotect API for retrieving the original bulk integer data from protected data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is protected using the SUCCESS_INT data element and external IV 1234. The bulk integer data is then unprotected using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_INT", external_iv=bytes("1234",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_INT", external_iv=bytes("1234",
 encoding="utf-8"))
print("Unprotected Data: ")
print(out)

Result

Protected Data:
([36, 13, 99], (6, 6, 6))
Unprotected Data:
([21, 42, 55], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Reprotecting Integer Data

The example for using the reprotect API for reprotecting integer data is described in this section.

The AP Python APIs support integer values only between -2147483648 and 2147483648, both inclusive.

Example
In the following example, 21 is used as the input integer data, which is first protected using the SUCCESS_INT data element.
The tokenized input data, the old data element SUCCESS_INT, and a new data element SUCCESS_REPROTECT_INT are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element, and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(21, "SUCCESS_INT")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "SUCCESS_INT", "SUCCESS_REPROTECT_INT")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 68
Reprotected Data: 69

Mock Example - Reprotecting Integer Data with External IV

The example for using the reprotect API for reprotecting integer data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 21 is used as the input integer data, which is first tokenized using the SUCCESS_INT data element, with the help of external IV 1234 that is passed as bytes.
The protected input data, the old data element SUCCESS_INT, a new data element SUCCESS_REPROTECT_INT, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect(21, "SUCCESS_INT", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "SUCCESS_INT", "SUCCESS_REPROTECT_INT",
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 36
Reprotected Data: 14

Mock Example - Reprotecting Bulk Integer Data

The example for using the reprotect API for reprotecting bulk integer data. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

The AP Python APIs support integer values only between -2147483648 and 2147483648, both inclusive.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is protected using the SUCCESS_INT data element.
The protected input data, the old data element SUCCESS_INT, and a new data element SUCCESS_REPROTECT_INT are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_INT")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_INT", "SUCCESS_REPROTECT_INT")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data:
([68, 46, 55], (6, 6, 6))
Reprotected Data:
([69, 86, 22], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Bulk Integer Data with External IV

The example for using the reprotect API for rerotecting bulk integer data using external IV is described in this section. The bulk integer data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is protected using the SUCCESS_INT data element, with the help of an external IV 123 that is passed as bytes.
The tokenized input data, the old data element SUCCESS_INT, a new data element SUCCESS_REPROTECT_INT, the old external IV 123 in bytes, and a new external IV 1234 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_INT", external_iv=bytes("1234",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_INT", "SUCCESS_REPROTECT_INT",
 old_external_iv=bytes("123", encoding="utf-8"), new_external_iv=bytes("1234",
 encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data:
([36, 13, 99], (6, 6, 6))
Reprotected Data:
([24, 72, 33], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Long Data

The example for using the protect API for protecting long data is described in this section.

Example
In the following example, 1376235139103947 is used as the long data, which is protected using the SUCCESS_LONG data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(1376235139103947, "SUCCESS_LONG")
print("Protected Data: %s" %output)

Result

Protected Data: 8632961867806753

Mock Example - Protecting Long Data with External IV

The example for using the protect API for protecting long data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 1376235139103947 is used as the long data, which is protected using the SUCCESS_LONG data element, with the help of external IV 1234 that is passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(1376235139103947, "SUCCESS_LONG",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: 6278329624602417

Mock Example - Protecting Bulk Long Data

The example for using the protect API for protecting bulk long data. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_LONG")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([8632961867806753, 9672961467836748, 7638965892832741], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Bulk Long Data with External IV

The example for using the protect API for protecting bulk long data using external IV is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the protect API, then you must pass the external IV as bytes to the API.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_LONG", external_iv=bytes("1234",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([6278329624602417, 3248329524672456, 4276321638678459], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Long Data

The example for using the unprotect API for retrieving the original long data from protected data is described in this section.

Example
In the following example, the long data 1376235139103947 that was tokenized using the SUCCESS_LONG data element, is now unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(1376235139103947, "SUCCESS_LONG")
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_LONG")
print("Unprotected Data: %s" %org)

Result

Protected Data: 8632961867806753
Unprotected Data: 1376235139103947

Mock Example - Unprotecting Long Data with External IV

The example for using the unprotect API for retrieving the original long data from protected data, using external initialization vector (IV) is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, the long data 1376235139103947 that was protected using the SUCCESS_LONG data element and the external IV 1234 is now unprotected using the same data element and external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(1376235139103947, "SUCCESS_LONG", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_LONG", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: %s" %org)

Result

Protected Data: 6278329624602417
Unprotected Data: 1376235139103947

Mock Example - Unprotecting Bulk Long Data

The example for using the unprotect API for retrieving the original bulk long data from protected data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_LONG")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_LONG")
print("Unprotected Data: ")
print(out)

Result

Protected Data:
([8632961867806753, 9672961467836748, 7638965892832741], (6, 6, 6))
Unprotected Data:
([1376235139103947, 2396235839173981, 9371234126176985], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Unprotecting Bulk Long Data with External IV

The example for using the unprotect API for retrieving the original bulk long data from protected data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the unprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is protected using the SUCCESS_LONG data element and external IV 1234. The bulk long data is then unprotected using the same data element and same external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_LONG", external_iv=bytes("1234",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_LONG", external_iv=bytes("1234",
 encoding="utf-8"))
print("Unprotected Data: ")
print(out)

Result

Protected Data:
([6278329624602417, 3248329524672456, 4276321638678459], (6, 6, 6))
Unprotected Data:
([1376235139103947, 2396235839173981, 9371234126176985], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Reprotecting Long Data

The example for using the reprotect API for reprotecting long data is described in this section.

Example
In the following example, 1376235139103947 is used as the input long data, which is first protected using the SUCCESS_LONG data element.
The protected input data, the old data element SUCCESS_LONG, and a new data element SUCCESS_REPROTECT_LONG are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(1376235139103947, "SUCCESS_LONG")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "SUCCESS_LONG", "SUCCESS_REPROTECT_LONG")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 8632961867806753

Mock Example - Reprotecting Long Data with External IV

The example for using the reprotect API for reprotecting long data using external IV is described in this section.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 1376235139103947 is used as the input long data, which is first protected using the SUCCESS_LONG data element, with the help of external IV 1234 that is passed as bytes.
The protected input data, the old data element SUCCESS_LONG, a new data element SUCCESS_REPROTECT_LONG, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect(1376235139103947, "SUCCESS_LONG", 
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "SUCCESS_LONG", "SUCCESS_REPROTECT_LONG",
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 6278329624602417
Reprotected Data: 4563152458405896

Mock Example - Reprotecting Bulk Long Data

The example for using the reprotect API for reprotecting bulk long data is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is protected using the SUCCESS_LONG data element.
The tokenized input data, the old data element SUCCESS_LONG, and a new data element SUCCESS_REPROTECT_LONG are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_LONG")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_LONG", "SUCCESS_REPROTECT_LONG")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data:
([8632961867806753, 9672961467836748, 7638965892832741], (6, 6, 6))
Reprotected Data:
([4213926425402581, 9253926725412574, 5214928493413576], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Bulk Long Data with External IV

The example for using the reprotect API for reprotecting bulk long data using external IV. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to pass the external IV as a keyword argument to the reprotect API, then you must pass the external IV as bytes to the API.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is protected using the SUCCESS_LONG data element, with the help of an external IV 1234 that is passed as bytes.
The protected input data, the old data element SUCCESS_LONG, a new data element SUCCESS_REPROTECT_LONG, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_LONG", external_iv=bytes("1234",
 encoding="utf-8"))
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_LONG", "SUCCESS_REPROTECT_LONG",
 old_external_iv=bytes("1234", encoding="utf-8"), new_external_iv=bytes("123456",
 encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data:
([6278329624602417, 3248329524672456, 4276321638678459], (6, 6, 6))
Reprotected Data:
([4563152458405896, 1583152758465874, 8564159413463872], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Float Data

The example for using the protect API for protecting float data using a No Encryption data element. This API can be used for access control and auditing.

Example
In the following example, 22.5 is used as the float data, which is protected using the SUCCESS_FLOAT data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(22.5, "SUCCESS_FLOAT")
print("Protected Data: %s" %output)

Result

Protected Data: 22.5

As we are using a No Encryption data element to protect the data, the protected output data is the same as the input data.

Mock Example - Protecting Bulk Float Data

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is protected using the SUCCESS_FLOAT data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "SUCCESS_FLOAT")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.
As we are using a No Encryption data element to protect the data, the protected output data is the same as the input data.

Mock Example - Unprotecting Float Data

The example for using the unprotect API for unprotecting float data using a No Encryption data element. This API can be used for access control and auditing.

Example
In the following example, the long data 22.5 that was protected using the SUCCESS_FLOAT data element, is now unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(22.5, "SUCCESS_FLOAT")
print("Protected Data: %s" %output)
org = session.unprotect(output, "SUCCESS_FLOAT")
print("Unprotected Data: %s" %org)

Result

Protected Data: 22.5
Unprotected Data: 22.5

The input data, the protected output data, and the unprotected data are the same, as we are using a No Encryption data element to protect and unprotect the data.

Mock Example - Unprotecting Bulk Float Data

The example for using the unprotect API for unprotecting bulk float data using a No Encryption data element. This API can be used for access control and auditing.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is protected using the SUCCESS_FLOAT data element. The bulk float data is then unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "SUCCESS_FLOAT")
print("Protected Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_FLOAT")
print("Unprotected Data: ")
print(out)

Result

Protected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))
Unprotected Data: 
([22.5, 48.93, 94.31], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.
The input data, the protected output data, and the unprotected data are the same, as we are using a No Encryption data element to protect and unprotect the data.

Mock Example - Reprotecting Float Data

The example for using the reprotect API for reprotecting float data using a No Encryption data element. This API can be used for access control and auditing.

If you are reprotecting the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used No Encryption data element to protect the data, then you must use only No Encryption data element to reprotect the data.

Example
In the following example, 22.5 is used as the input float data, which is first protected using the SUCCESS_FLOAT data element.
The protected input data, the old data element SUCCESS_FLOAT, and a new data element SUCCESS_REPROTECT_FLOAT are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(22.5, "SUCCESS_FLOAT")
print("Protected Data: %s" %output)
r_out = session.reprotect(output, "SUCCESS_FLOAT", "SUCCESS_REPROTECT_FLOAT")
print("Reprotected Data: %s" %r_out)

Result

Protected Data: 22.5
Reprotected Data: 22.5

As we are using a No Encryption data element to protect and reprotect the data, the reprotected output data is the same as the protected data.

Mock Example - Reprotecting Bulk Float Data

The example for using the reprotect API for reprotecting bulk float data using a No Encryption data element is described in this section. The bulk long data can be passed as a list or a tuple. This API can be used for access control and auditing.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is protected using the SUCCESS_FLOAT data element.
The tokenized input data, the old data element SUCCESS_FLOAT, and a new data element SUCCESS_REPROTECT_FLOAT are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "SUCCESS_FLOAT")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_FLOAT", "SUCCESS_REPROTECT_FLOAT")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))
Reprotected Data: 
([22.5, 48.93, 94.31], (6, 6, 6))

Mock Example - Protecting Bytes Data

The example for using the protect API for protecting bytes data is described in this section.

Example
In the following example, “Protegrity1” string is first converted to bytes using the Python bytes() method. The bytes data is then protected using the SUCCESS_BYTE data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE")
print("Protected Data: %s" %p_out)

Result

Protected Data: b'nLiNJRL7N2P'

Mock Example - Protecting Bytes Data with External IV

The example for using the protect API for protecting bytes data using external IV is described in this section.

Example
In the following example, “Protegrity1” string is first converted to bytes using the Python bytes() method. The bytes data is then protected using the SUCCESS_BYTE data element, with the help of external IV 1234 that is passed as bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
output = session.protect(data, "SUCCESS_BYTE",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %output)

Result

Protected Data: b'Ho9bgXoebxa'

Mock Example - Protecting Bulk Bytes Data

The example for using the protect API for protecting bulk bytes data. The bulk bytes data can be used as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [bytes("protegrity1234"), bytes("Protegrity1"), bytes("Protegrity56")]
p_out = session.protect(data, "SUCCESS_BYTE")
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([b'pJPqrjJEqLXHaO', b'6JPqrjJEqLX', b'6JPqrjJEqLl5'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Bulk Bytes Data with External IV

The example for using the protect API for protecting bulk bytes data using external IV. The bulk bytes data can be passed as a list or a tuple.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [bytes("protegrity1234", encoding="utf-8"), bytes("Protegrity1",
 encoding="utf-8"), bytes("Protegrity56", encoding="utf-8")]
p_out = session.protect(data, "SUCCESS_BYTE",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out)

Result

Protected Data: 
([b'fo9bgXoebxaCTN', b'Ho9bgXoebxa', b'Ho9bgXoebx2q'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Bytes Data

The example for using the unprotect API for retrieving the original bytes data from protected data is described in this section.

Example
In the following example, the bytes data b’Protegrity1’ that was protected using the SUCCESS_BYTE data element, is now unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE")
print("Protected Data: %s" %p_out)
org = session.unprotect(p_out, "SUCCESS_BYTE")
print("Unprotected Data: %s" %org)

Result

Protected Data: b'6JPqrjJEqLX'
Unprotected Data: b'Protegrity1'

Mock Example - Unprotecting Bytes Data with External IV

The example for using the unprotect API for retrieving the original bytes data from protected data, using external initialization vector (IV) is described in this section.

Example
In the following example, the bytes data b’Protegrity1’ that was protected using the SUCCESS_BYTE data element and the external IV 1234 is now unprotected using the same data element and same external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE", external_iv=bytes("1234",
 encoding="utf-8"))
print("Protected Data:", p_out)
org = session.unprotect(p_out, "SUCCESS_BYTE", external_iv=bytes("1234",
 encoding="utf-8"))
print("Unprotected Data:", org)

Result

Protected Data: b'Ho9bgXoebxa'
Unprotected Data: b'Protegrity1'

Mock Example - Unprotecting Bulk Bytes Data

The example for using the unprotect API for retrieving the original bulk bytes data from protected data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [bytes("protegrity1234"), bytes("Protegrity1"), bytes("Protegrity56")]
p_out = session.protect(data, "SUCCESS_BYTE")
print("Protected Data: ")
print(p_out)
org = session.unprotect(p_out[0], "SUCCESS_BYTE")
print("Unprotected Data: ")
print(org)

Result

Protected Data:
([b'pJPqrjJEqLXHaO', b'6JPqrjJEqLX', b'6JPqrjJEqLl5'], (6, 6, 6))
Unprotected Data:
([b'protegrity1234', b'Protegrity1', b'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Unprotecting Bulk Bytes Data with External IV

The example for using the unprotect API for retrieving the original bulk bytes data from protected data using external IV is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [bytes("protegrity1234", encoding="utf-8"), bytes("Protegrity1",
 encoding="utf-8"), bytes("Protegrity56", encoding="utf-8")]
p_out = session.protect(data, "SUCCESS_BYTE",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out) 
org = session.unprotect(p_out[0], "SUCCESS_BYTE",
 external_iv=bytes("1234", encoding="utf-8"))
print("Unprotected Data: ")
print(org)

Result

Protected Data:
([b'fo9bgXoebxaCTN', b'Ho9bgXoebxa', b'Ho9bgXoebx2q'], (6, 6, 6))
Unprotected Data:
([b'protegrity1234', b'Protegrity1', b'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Re-encrypting Bytes Data

The example for using the reprotect API for re-encrypting bytes data is described in this section.

If you are using the reprotect API, then the old data element and the new data element must be of the same protection method. For example, if you have used AES256 data element to protect the data, then you must use only AES256 data element to reprotect the data.

Example
In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then encrypted using the SUCCESS_BYTE data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.
The protected input data, the old data element SUCCESS_BYTE, and a new data element SUCCESS_REPROTECT_BYTE are then passed as inputs to the reprotect API. The reprotect API first decrypts the protected input data using the old data element and then re-encrypts it using the new data element, as part of a single reprotect operation. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE", encrypt_to=bytes)
print("Encrypted Data: %s" %p_out)
r_out = session.reprotect(p_out, "SUCCESS_BYTE", "SUCCESS_REPROTECT_BYTE",
 encrypt_to=bytes)
print("Re-encrypted Data: %s" %r_out)

Result

Encrypted Data: b'6JPqrjJEqLX'
Re-encrypted Data: b'JQbePhQ2eGC'

Mock Example - Reprotecting Bytes Data with External IV

The example for using the reprotect API for reprotecting bytes data using external IV is described in this section.

Example
In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then protected using the SUCCESS_BYTE data element, with the help of external IV 1234 that is passed as bytes.
The protected input data, the old data element SUCCESS_BYTE, a new data element SUCCESS_REPROTECT_BYTE, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: %s" %p_out)
r_out = session.reprotect(p_out, "SUCCESS_BYTE",
 "SUCCESS_REPROTECT_BYTE", old_external_iv=bytes("1234", encoding="utf-8"),
 new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: %s" %r_out)

Result

Protected Data: b'Ho9bgXoebxa'
Reprotected Data: b'vQIqelQyqY6'

Mock Example - Reprotecting Bulk Bytes Data

The example for using the reprotect API for reprotecting bulk bytes data. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are first converted to bytes using the Python bytes() method. The converted bytes are then stored in a list and used as bulk data, which is protected using the SUCCESS_BYTE data element.
The tokenized input data, the old data element SUCCESS_BYTE, and a new data element SUCCESS_REPROTECT_BYTE are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [bytes("protegrity1234"), bytes("Protegrity1"), bytes("Protegrity56")]
p_out = session.protect(data, "SUCCESS_BYTE")
print("Protected Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_BYTE",
 "SUCCESS_REPROTECT_BYTE")
print("Reprotected Data: ")
print(r_out)

Result

Protected Data:
([b'pJPqrjJEqLXHaO', b'6JPqrjJEqLX', b'6JPqrjJEqLl5'], (6, 6, 6))
Reprotected Data:
([b'gQbePhQ2eGCjqW', b'JQbePhQ2eGC', b'JQbePhQ2eGBK'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Bulk Bytes Data with External IV

The example for using the reprotect API for reprotecting bulk bytes data using external IV is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are first converted to bytes using the Python bytes() method. The converted bytes are then stored in a list and used as bulk data, which is protected using the SUCCESS_BYTE data element, with the help of an external IV 1234 that is passed as bytes.
The protected input data, the SUCCESS_BYTE data element, a new data element SUCCESS_REPROTECT_BYTE, the old external IV 1234 in bytes, and a new external IV 123456 in bytes are then passed as inputs to the reprotect API. As part of a single reprotect operation, the reprotect API first unprotects the protected input data using the given data element and old external IV, and then reprotects it using the new data element and with the new external IV.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [bytes("protegrity1234", encoding="utf-8"), bytes("Protegrity1",
 encoding="utf-8"), bytes("Protegrity56", encoding="utf-8")]
p_out = session.protect(data, "SUCCESS_BYTE",
 external_iv=bytes("1234", encoding="utf-8"))
print("Protected Data: ")
print(p_out) 
r_out = session.reprotect(p_out[0], "SUCCESS_BYTE",
 "SUCCESS_REPROTECT_BYTE", old_external_iv=bytes("1234", encoding="utf-8"),
 new_external_iv=bytes("123456", encoding="utf-8"))
print("Reprotected Data: ")
print(r_out)

Result

Protected Data:
([b'fo9bgXoebxaCTN', b'Ho9bgXoebxa', b'Ho9bgXoebx2q'], (6, 6, 6))
Reprotected Data:
([b'cQIqelQyqY6OoN', b'vQIqelQyqY6', b'vQIqelQyqYXa'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Date Object in DD/MM/YYYY Format

The example for using the protect API for protecting the date object.

Example: Input date object in DD/MM/YYYY format
In the following example, the 27/01/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then protected using the SUCCESS_DATE_DDMMYYYY data element.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("27/01/2019", "%d/%m/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected date: "+str(p_out))

Result

Input date as a Date object : 2019-01-27
Protected date: 2022-06-14

Mock Example - Protecting Bulk Date Objects in DD/MM/YYYY Format

The example for using the protect API for protecting bulk date objects. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, the 27/01/2019 and 22/04/2018 date strings are used as the data, which are first converted to a date objects using the Python date method of the datetime module. The two date objects are then used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_DDMMYYYY data element. For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("27/01/2019", "%d/%m/%Y").date()
data2 = datetime.strptime("22/04/2018", "%d/%m/%Y").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected data: "+str(p_out))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2022, 6, 14), datetime.date(2021, 9, 7)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Date String in DD/MM/YYYY Format

The example for using the protect API for protecting a date string in DD/MM/YYYY format is described in this section.

Example: Input date string in DD/MM/YYYY format
In the following example, the 27/01/2019 date string is used as the input data, which is protected using the SUCCESS_DATE_DDMMYYYY data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("27/01/2019", "SUCCESS_DATE_DDMMYYYY")
print("Protected date: " + p_out)

Result

Protected date: 14/06/2022

Mock Example - Protecting Bulk Date Strings in DD/MM/YYYY Format

The example for using the protect API for protecting bulk date strings. The bulk date strings can be used as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, the 27/01/2019 and 22/04/2018 date strings are used to create a list, which is used as the input data. The input list is then protected using the SUCCESS_DATE_DDMMYYYY data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["27/01/2019", "22/04/2018"]
print("Input data: " + str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected data: " + str(p_out))

Result

Input data: ['27/01/2019', '22/04/2018']
Protected data: (['14/06/2022', '07/09/2021'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Date Objects in DD/MM/YYYY Format

The example for using the unprotect API for retrieving the original data object from protected data is described in this section.

Example: Input date object in DD/MM/YYYY format
In the following example, the 27/01/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is first protected using the SUCCESS_DATE_DDMMYYYY data element, and is then unprotected using the same data element.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("27/01/2019", "%d/%m/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "SUCCESS_DATE_DDMMYYYY")
print("Unprotected date: "+str(unprotected_output))

Result

Input date as a Date object : 2019-01-27
Protected date: 2022-06-14
Unprotected date: 2019-01-27

Mock Example - Unprotecting Bulk Date Objects in DD/MM/YYYY Format

The example for using the unprotect API for retrieving the original bulk date objects from token data is described in this section.

Example
In the following example, the 27/01/2019 and 22/04/2018 date strings are used as the data, which are first converted to a date objects using the Python date method of the datetime module. The two date objects are then used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_DDMMYYYY data element, and then unprotected using the same data element.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("27/01/2019", "%d/%m/%Y").date()
data2 = datetime.strptime("22/04/2018", "%d/%m/%Y").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "SUCCESS_DATE_DDMMYYYY")
print("Unprotected data: "+str(unprotected_output))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2022, 6, 14), datetime.date(2021, 9, 7)], (6, 6))
Unprotected data: ([datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Unprotecting Date String in DD/MM/YYYY Format

The example for using the unprotect API for retrieving the original data string from protected data is described in this section.

Example: Input date string in DD/MM/YYYY format
In the following example, the 27/01/2019 date string that was protected using the SUCCESS_DATE_DDMMYYYY data element, is unprotected using the SUCCESS_DATE_DDMMYYYY data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("27/01/2019", "SUCCESS_DATE_DDMMYYYY")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "SUCCESS_DATE_DDMMYYYY")
print("Unprotected date: "+str(unprotected_output))

Result

Protected date: 14/06/2022
Unprotected date: 27/01/2019

Mock Example - Unprotecting Bulk Date Strings in DD/MM/YYYY Format

The example for using the unprotect API for retrieving the original bulk date strings from token data is described in this section.

Example
In the following example, the 27/01/2019 and 22/04/2018 date strings are used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_DDMMYYYY data element, and then unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["27/01/2019", "22/04/2018"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "SUCCESS_DATE_DDMMYYYY")
print("Unprotected data: "+str(unprotected_output))

Result

Input data: ['27/01/2019', '22/04/2018']
Protected data: (['14/06/2022', '07/09/2021'], (6, 6))
Unprotected data: (['27/01/2019', '22/04/2018'], (8, 8))

Mock Example - Reprotecting Date Object in DD/MM/YYYY Format

The example for using the reprotect API for reprotecting a date object is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the 27/01/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module. The date object is then protected using the SUCCESS_DATE_DDMMYYYY data element.
The protected input data, the old data element SUCCESS_DATE_DDMMYYYY, and a new data element SUCCESS_REPROTECT_DATE_DDMMYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("27/01/2019", "%d/%m/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "SUCCESS_DATE_DDMMYYYY",
 "SUCCESS_REPROTECT_DATE_DDMMYYYY")
print("Reprotected date: "+str(r_out))

Result

Input date as a Date object : 2019-01-27
Protected date: 2022-06-14
Reprotected date: 2030-11-26

Mock Example - Reprotecting Bulk Date Objects in DD/MM/YYYY Format

The example for using the reprotect API for reprotecting bulk date objects is described in this section. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example In the following example, the two date strings 27/01/2019 and 22/04/2018 are used as data, which are first converted to date objects using the Python date method of the datetime module. The two date objects are joined together to create a list, which is protected using the SUCCESS_DATE_DDMMYYYY data element. The protected input data, the old data element SUCCESS_DATE_DDMMYYYY, and a new data element SUCCESS_REPROTECT_DATE_DDMMYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("27/01/2019", "%d/%m/%Y").date()
data2 = datetime.strptime("22/04/2018", "%d/%m/%Y").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATE_DDMMYYYY",
 "SUCCESS_REPROTECT_DATE_DDMMYYYY")
print("Reprotected data: "+str(r_out))
Result
Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2022, 6, 14), datetime.date(2021, 9, 7)], (6, 6))
Reprotected data: ([datetime.date(2030, 11, 26), datetime.date(2030, 2, 19)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Date String in DD/MM/YYYY Format

The example for using the reprotect API for reprotecting a date in string format is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the 27/01/2019 date string is protected using the SUCCESS_DATE_DDMMYYYY data element.
The protected input data, the old data element SUCCESS_DATE_DDMMYYYY, and a new data element SUCCESS_REPROTECT_DATE_DDMMYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("27/01/2019", "SUCCESS_DATE_DDMMYYYY")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "SUCCESS_DATE_DDMMYYYY",
 "SUCCESS_REPROTECT_DATE_DDMMYYYY")
print("Reprotected date: "+str(r_out))

Result

Protected date: 14/06/2022
Reprotected date: 26/11/2030

Mock Example - Reprotecting Bulk Date Strings in DD/MM/YYYY Format

The example for using the reprotect API for reprotecting bulk date strings is described in this section. The bulk date strings can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the two date strings 27/01/2019 and 22/04/2018 are used to create a list, which is protected using the SUCCESS_DATE_DDMMYYYY data element.
The protected input data, the old data element SUCCESS_DATE_DDMMYYYY, and a new data element SUCCESS_REPROTECT_DATE_DDMMYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["27/01/2019", "22/04/2018"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_DDMMYYYY")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATE_DDMMYYYY",
 "SUCCESS_REPROTECT_DATE_DDMMYYYY")
print("Reprotected data: "+str(r_out))

Result

Input data: ['27/01/2019', '22/04/2018']
Protected data: (['14/06/2022', '07/09/2021'], (6, 6))
Reprotected data: (['26/11/2030', '19/02/2030'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Date Object in MM.DD.YYYY Format

The example for using the protect API for protecting the date object is described in this section.

Example: Input date object in MM.DD.YYYY format
In the following example, the 01/27/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then protected using the SUCCESS_DATE_MMDDYYYY data element.

For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("01/27/2019", "%m/%d/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected date: "+str(p_out))

Result

Input date as a Date object : 2019-01-27
Protected date: 2025-06-29

Mock Example - Protecting Bulk Date Objects in MM.DD.YYYY Format

The example for using the protect API for tokenizing bulk date objects. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, the 01/27/2019 and 04/22/2018 date strings are used as the data, which are first converted to a date objects using the Python date method of the datetime module. The two date objects are then used to create a list, which is used as the input data. The input list is then protected using the SUCCESS_DATE_MMDDYYYY data element.

For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("01/27/2019", "%m/%d/%Y").date()
data2 = datetime.strptime("04/22/2018", "%m/%d/%Y").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected data: "+str(p_out))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2025, 6, 29), datetime.date(2024, 9, 22)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Date String in MM.DD.YYYY Format

The example for using the protect API for protecting a date string in MM/DD/YYYY format is described in this section.

Example: Input date string in MM.DD.YYYY format
In the following example, the 01/27/2019 date string is used as the data, which is protected using the SUCCESS_DATE_MMDDYYYY data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("01/27/2019", "SUCCESS_DATE_MMDDYYYY")
print("Protected date: " + p_out)

Result

Protected date: 06/29/2025

Mock Example - Protecting Bulk Date Strings in MM.DD.YYYY Format

The example for using the protect API for tokenizing bulk dates in string format is described in this section. The bulk date strings can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, the 01/27/2019 and 04/22/2018 date strings are used to create a list, which is used as the input data. The input list is then protected using the SUCCESS_DATE_MMDDYYYY data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["01/27/2019", "04/22/2018"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected data: "+str(p_out))

Result

Input data: ['01/27/2019', '04/22/2018']
Protected data: (['06/29/2025', '09/22/2024'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Date Objects in MM.DD.YYYY Format

The example for using the unprotect API for retrieving the original data object from protected data is described in this section.

Example: Input date object in MM.DD.YYYY format
In the following example, the 01/27/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is first protected using the SUCCESS_DATE_MMDDYYYY data element, and is then unprotected using the same data element.

For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("01/27/2019", "%m/%d/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "SUCCESS_DATE_MMDDYYYY")
print("Unprotected date: "+str(unprotected_output))

Result

Input date as a Date object : 2019-01-27
Protected date: 2025-06-29
Unprotected date: 2019-01-27

Mock Example - Unprotecting Bulk Date Objects in MM.DD.YYYY Format

The example for using the unprotect API for retrieving the original bulk date objects from token data is described in htis section.

Example
In the following example, the 01/27/2019 and 04/22/2018 date strings are used as the data, which are first converted to a date objects using the Python date method of the datetime module. The two date objects are then used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_MMDDYYYY data element, and then unprotected using the same data element.

For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("01/27/2019", "%m/%d/%Y").date()
data2 = datetime.strptime("04/22/2018", "%m/%d/%Y").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "SUCCESS_DATE_MMDDYYYY")
print("Unprotected data: "+str(unprotected_output))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2025, 6, 29), datetime.date(2024, 9, 22)], (6, 6))
Unprotected data: ([datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Unprotecting Date Objects in MM.DD.YYYY Format

The example for using the unprotect API for retrieving the original data object from protected data is described in this section.

Example: Input date object in MM.DD.YYYY format
In the following example, the 01/27/2019 date string that was protected using the SUCCESS_DATE_MMDDYYYY data element, is unprotected using the same data element.

For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("01/27/2019", "SUCCESS_DATE_MMDDYYYY")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "SUCCESS_DATE_MMDDYYYY")
print("Unprotected date: "+str(unprotected_output))

Result

Protected date: 06/29/2025
Unprotected date: 01/27/2019

Mock Example - Unprotecting Bulk Date Strings in MM.DD.YYYY Format

The example for using the unprotect API for retrieving the original bulk date strings from token data is described in this section.

Example
In the following example, the 01/27/2019 and 04/22/2018 date strings are used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_MMDDYYYY data element, and then unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["01/27/2019", "04/22/2018"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "SUCCESS_DATE_MMDDYYYY")
print("Unprotected data: "+str(unprotected_output))

Result

Input data: ['01/27/2019', '04/22/2018']
Protected data: (['06/29/2025', '09/22/2024'], (6, 6))
Unprotected data: (['01/27/2019', '04/22/2018'], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Reprotecting Date Object in MM.DD.YYYY Format

The example for using the reprotect API for reprotecting date object is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the 01/27/2019 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module. The datetime object is then protected using the SUCCESS_DATE_MMDDYYYY data element.
The protected input data, the old data element SUCCESS_DATE_MMDDYYYY, and a new data element SUCCESS_REPROTECT_DATE_MMDDYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("01/27/2019", "%m/%d/%Y").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "SUCCESS_DATE_MMDDYYYY",
 "SUCCESS_REPROTECT_DATE_MMDDYYYY")
print("Reprotected date: "+str(r_out))

Result

Input date as a Date object : 2019-01-27
Protected date: 2025-06-29
Reprotected date: 2033-12-11

Mock Example - Reprotecting Bulk Date Objects in MM.DD.YYYY Format

The example for using the reprotect API for reprotecting bulk date objects. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the two date strings 01/27/2019 and 04/22/2018 are used as data, which are first converted to date objects using the Python date method of the datetime module. The two date objects are joined together to create a list, which is protected using the SUCCESS_DATE_MMDDYYYY data element.
The protected input data, the old data element SUCCESS_DATE_MMDDYYYY, and a new data element SUCCESS_REPROTECT_DATE_MMDDYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("01/27/2019", "%m/%d/%Y").date()
data2 = datetime.strptime("04/22/2018", "%m/%d/%Y").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATE_MMDDYYYY",
 "SUCCESS_REPROTECT_DATE_MMDDYYYY")
print("Reprotected data: "+str(r_out))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2025, 6, 29), datetime.date(2024, 9, 22)], (6, 6))
Reprotected data: ([datetime.date(2033, 12, 11), datetime.date(2033, 3, 6)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Date String in MM.DD.YYYY Format

The example for using the reprotect API for reprotecting a date in string format is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the 01/27/2019 date string is used as the data, which is protected using the SUCCESS_DATE_MMDDYYYY data element.
The protected input data, the old data element SUCCESS_DATE_MMDDYYYY, and a new data element SUCCESS_REPROTECT_DATE_MMDDYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("01/27/2019", "SUCCESS_DATE_MMDDYYYY")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "SUCCESS_DATE_MMDDYYYY",
 "SUCCESS_REPROTECT_DATE_MMDDYYYY")
print("Reprotected date: "+str(r_out))

Result

Protected date: 06/29/2025
Reprotected date: 12/11/2033

Mock Example - Reprotecting Bulk Date Strings in MM.DD.YYYY Format

The example for uisng the reprotect API for reprotecting bulk dates in string format. The bulk date strings can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the two date strings 01/27/2019 and 04/22/2018 are used to create a list, which is protected using the SUCCESS_DATE_MMDDYYYY data element.
The protected input data, the old data element SUCCESS_DATE_MMDDYYYY, and a new data element SUCCESS_REPROTECT_DATE_MMDDYYYY are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["01/27/2019", "04/22/2018"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATE_MMDDYYYY",
 "SUCCESS_REPROTECT_DATE_MMDDYYYY")
print("Reprotected data: "+str(r_out))

Result

Input data: ['01/27/2019', '04/22/2018']
Protected data: (['06/29/2025', '09/22/2024'], (6, 6))
Reprotected data: (['12/11/2033', '03/06/2033'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Bulk Date Strings in MM.DD.YYYY Format

The example for using the reprotect API for reprotecting bulk dates in string format. The bulk date strings can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["01/27/2019", "04/22/2018"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_MMDDYYYY")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATE_MMDDYYYY",
 "SUCCESS_REPROTECT_DATE_MMDDYYYY")
print("Reprotected data: "+str(r_out))

Result

Input data: ['01/27/2019', '04/22/2018']
Protected data: (['06/29/2025', '09/22/2024'], (6, 6))
Reprotected data: (['12/11/2033', '03/06/2033'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Bulk Date Objects in YYYY/MM/DD Format

The example for using the protect API for protecting bulk date objects is described in this section. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, the 2019/01/27 and 2018/04/22 date strings are used as the data, which are first converted to a date object using the Python date method of the datetime module. The two date objects are then used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_YYYYMMDD data element. For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("2019/01/27", "%Y/%m/%d").date()
data2 = datetime.strptime("2018/04/22", "%Y/%m/%d").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected data: "+str(p_out))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2028, 7, 14), datetime.date(2027, 10, 8)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Date Object in YYYY-MM-DD Format

The example for using the protect API for protecting the date object is described in this section.

Example: Input date object in YYYY-MM-DD format
In the following example, the 2019/01/27 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is then protected using the SUCCESS_DATE_YYYYMMDD data element.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("2019/01/27", "%Y/%m/%d").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected date: "+str(p_out))

Result

Input date as a Date object : 2019-01-27
Protected date: 2028-07-14

Mock Example - Protecting Bulk Date Objects in YYYY-MM-DD Format

The example for using the protect API for protecting bulk date objects is described in this section. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, the 2019/01/27 and 2018/04/22 date strings are used as the data, which are first converted to a date object using the Python date method of the datetime module.
The two date objects are then used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_YYYYMMDD data element.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("2019/01/27", "%Y/%m/%d").date()
data2 = datetime.strptime("2018/04/22", "%Y/%m/%d").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected data: "+str(p_out))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2028, 7, 14), datetime.date(2027, 10, 8)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Date Objects in YYYY-MM-DD Format

The example for using the unprotect API for retrieving the original data object from protected data is described in this section.

Example: Input date object in YYYY-MM-DD format
In the following example, the 2019/01/27 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module.
The date object is first protected using the SUCCESS_DATE_YYYYMMDD data element, and is then unprotected using the same data element.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
Confidential 268
Protegrity APIs, UDFs, Commands Reference Guide 9.1.0.0 Application Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("2019/01/27", "%Y/%m/%d").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "SUCCESS_DATE_YYYYMMDD")
print("Unprotected date: "+str(unprotected_output))

Result

Input date as a Date object : 2019-01-27
Protected date: 2028-07-14
Unprotected date: 2019-01-27

Mock Example - Unprotecting Bulk Date Objects in YYYY-MM-DD Format

The example for using the unprotect API for retrieving the original bulk date objects from token data is described on this section.

Example
In the following example, the 2019/01/27 and 2018/04/22 date strings are used as the data, which are first converted to date objects using the Python date method of the datetime module.
The two date objects are then used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_YYYYMMDD data element, and then unprotected using the same data element.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("2019/01/27", "%Y/%m/%d").date()
data2 = datetime.strptime("2018/04/22", "%Y/%m/%d").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "SUCCESS_DATE_YYYYMMDD")
print("Unprotected data: "+str(unprotected_output))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2028, 7, 14), datetime.date(2027, 10, 8)], (6, 6))
Unprotected data: ([datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Unprotecting Date String in YYYY-MM-DD Format

The example for using the unprotect API for retrieving the original data string from protected data is described in this section.

Example: Input date string in YYYY-MM-DD format
In the following example, the 2019/01/27 date string that was protected using the SUCCESS_DATE_YYYYMMDD data element, is unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("2019/01/27", "SUCCESS_DATE_YYYYMMDD")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "SUCCESS_DATE_YYYYMMDD")
print("Unprotected date: "+str(unprotected_output))

Result

Protected date: 2028/07/14
Unprotected date: 2019/01/27

Mock Example - Unprotecting Bulk Date Strings in YYYY-MM-DD Format

The example for using the unprotect API for retrieving the original bulk date strings from token data is described in this section.

Example
In the following example, the 2019/01/27 and 2018/04/22 date strings are used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATE_YYYYMMDD data element, and then unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["2019/01/27", "2018/04/22"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "SUCCESS_DATE_YYYYMMDD")
print("Unprotected data: "+str(unprotected_output))

Result

Input data: ['2019/01/27', '2018/04/22']
Protected data: (['2028/07/14', '2027/10/08'], (6, 6))
Unprotected data: (['2019/01/27', '2018/04/22'], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Reprotecting Date Object in YYYY-MM-DD Format

The example for using the reprotect API for reprotecting date object is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the 2019/01/27 date string is used as the data, which is first converted to a date object using the Python date method of the datetime module. The date object is then protected using the SUCCESS_DATE_YYYYMMDD data element.
The protected input data, the old data element SUCCESS_DATE_YYYYMMDD, and a new data element SUCCESS_REPROTECT_DATE_YYYYMMDD are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data = datetime.strptime("2019/01/27", "%Y/%m/%d").date()
print("\nInput date as a Date object : "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "SUCCESS_DATE_YYYYMMDD",
 "SUCCESS_REPROTECT_DATE_YYYYMMDD")
print("Reprotected date: "+str(r_out))

Result

Input date as a Date object : 2019-01-27
Protected date: 2028-07-14
Reprotected date: 2036-12-26

Mock Example - Reprotecting Bulk Date Objects in YYYY-MM-DD Format

The example for using the reprotect API for reprotecting bulk date objects is described in this section. The bulk date objects can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the two date strings 2019/01/27 and 2018/04/22 are used as data, which are first converted to date objects using the Python date method of the datetime module. The two date objects are joined together to create a list, which is protected using the SUCCESS_DATE_YYYYMMDD data element.
The protected input data, the old data element SUCCESS_DATE_YYYYMMDD, and a new data element SUCCESS_REPROTECT_DATE_YYYYMMDD are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.
For information regarding the Python datetime module, refer to Python documentation.

from appython import Protector
from datetime import datetime
protector = Protector()
session = protector.create_session("ALL_USER")
data1 = datetime.strptime("2019/01/27", "%Y/%m/%d").date()
data2 = datetime.strptime("2018/04/22", "%Y/%m/%d").date()
data = [data1, data2]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATE_YYYYMMDD",
 "SUCCESS_REPROTECT_DATE_YYYYMMDD")
print("Reprotected data: "+str(r_out))

Result

Input data: [datetime.date(2019, 1, 27), datetime.date(2018, 4, 22)]
Protected data: ([datetime.date(2028, 7, 14), datetime.date(2027, 10, 8)], (6, 6))
Reprotected data: ([datetime.date(2036, 12, 26), datetime.date(2036, 3, 21)], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Reprotecting Date String in YYYY-MM-DD Format

The example for using the reprotect API for reprotecting a date in string format is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the 2019/01/27 date string is protected using the SUCCESS_DATE_YYYYMMDD data element.
The protected input data, the old data element SUCCESS_DATE_YYYYMMDD, and a new data element SUCCESS_REPROTECT_DATE_YYYYMMDD are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("2019/01/27", "SUCCESS_DATE_YYYYMMDD")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "SUCCESS_DATE_YYYYMMDD",
 "SUCCESS_REPROTECT_DATE_YYYYMMDD")
print("Reprotected date: "+str(r_out))

Result

Protected date: 2028/07/14
Reprotected date: 2036/12/26

Mock Example - Reprotecting Bulk Date Strings in YYYY-MM-DD Format

The example for using the reprotect API for reprotecting bulk dates in string format is described in this section. The bulk date strings can be passes as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Date (DD/MM/YYYY) data element to protect the data, then you must use only the Date (DD/MM/YYYY) data element to reprotect the data.

Example
In the following example, the two date strings 2019/01/27 and 2018/04/22 are used to create a list, which is protected using the SUCCESS_DATE_YYYYMMDD data element.
The protected input data, the old data element SUCCESS_DATE_YYYYMMDD, and a new data element SUCCESS_REPROTECT_DATE_YYYYMMDD are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["2019/01/27", "2018/04/22"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATE_YYYYMMDD")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATE_YYYYMMDD",
 "SUCCESS_REPROTECT_DATE_YYYYMMDD")
print("Reprotected data: "+str(r_out))

Result

Input data: ['2019/01/27', '2018/04/22']
Protected data: (['2028/07/14', '2027/10/08'], (6, 6))
Reprotected data: (['2036/12/26', '2036/03/21'], (8, 8))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Protecting Date and Time String

The example for using the protect API for protecting the date and time string is described in this section.

If you are providing the input as a Datetime object, then you must use the data element with the tokenization type as Datetime to protect the data.

Example: Input date and time string in YYYY-MM-DD HH:MM:SS MMM format
In the following example, the 2019/01/27 02:34:54.123 date and time string is protected using the SUCCESS_DATETIME data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("2019/01/27 02:34:54.123", "SUCCESS_DATETIME")
print("Protected date: "+str(p_out))

Result

Protected date: 2021/10/27 08:16:34.123000

Mock Example - Protecting Bulk Date and Time Strings

The example for using the protect API for protecting bulk date and time strings is described in this section. The bulk date and time strings can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["2019/01/27 02:34:54.123", "2018/04/22 01:24:35.123"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATETIME")
print("Protected data: "+str(p_out))

Result

Input data: ['2019/01/27 02:34:54.123', '2018/04/22 01:24:35.123']
Protected data: (['2021/10/27 08:16:34.123000', '2021/01/20 07:06:15.123000'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Unprotecting Date and Time String

The example for using the unprotect API for retrieving the original bulk data and time string from protected data is described in this section.

Example: Input date and time string in YYYY-MM-DD HH:MM:SS MMM format
In the following example, the 2019/01/27 02:34:54.123 date and time string that was protected using the SUCCESS_DATETIME data element, is unprotected using the same data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("2019/01/27 02:34:54.123", "SUCCESS_DATETIME")
print("Protected date: "+str(p_out))
unprotected_output = session.unprotect(p_out, "SUCCESS_DATETIME")
print("Unprotected data: "+str(unprotected_output))

Result

Protected date: 2021/10/27 08:16:34.123000
Unprotected data: 2019/01/27 02:34:54.123000

Mock Example - Unprotecting Bulk Date and Time Strings

The example for using the unprotect API for retrieving the original bulk date and time strings from token data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["2019/01/27 02:34:54.123", "2018/04/22 01:24:35.123"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATETIME")
print("Protected data: "+str(p_out))
unprotected_output = session.unprotect(p_out[0], "SUCCESS_DATETIME")
print("Unprotected data: "+str(unprotected_output))

Result

Protected data: (['2021/10/27 08:16:34.123000', '2021/01/20 07:06:15.123000'], (6, 6))
Unprotected data: (['2019/01/27 02:34:54.123000', '2018/04/22 01:24:35.123000'], (8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Reprotecting Date and Time String

The example for using the reprotect API for reprotecting date and time string is described in this section.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element to protect the data, then you must use only the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element to reprotect the data.

Example: Input date and time in YYYY-MM-DD HH:MM:SS MMM format
In the following example, the 2019/01/27 02:34:54.123 date string is protected using the SUCCESS_DATETIME data element.
The protected input data, the old data element SUCCESS_DATETIME, and a new data element SUCCESS_REPROTECT_DATETIME are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
p_out = session.protect("2019/01/27 02:34:54.123", "SUCCESS_DATETIME")
print("Protected date: "+str(p_out))
r_out = session.reprotect(p_out, "SUCCESS_DATETIME", "SUCCESS_REPROTECT_DATETIME")
print("Reprotected date: "+str(r_out))

Result

Protected date: 2021/10/27 08:16:34.123000
Reprotected date: 2022/06/24 02:27:30.123000

Mock Example - Reprotecting Bulk Date and Time Strings

The example for using the reprotect API for reprotecting bulk date and time strings is described in this section. The bulk date and time strings can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you are retokenizing the data using the reprotect API, then the old data element and the new data element must have the same tokenization type. For example, if you have used the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element to protect the data, then you must use only the Datetime (YYYY-MM-DD HH:MM:SS MMM) data element to reprotect the data.

Example
In the following example, the 2019/01/27 02:34:54.123 and 2018/04/22 01:24:35.123 date and time strings are used to create a list, which is used as the input data.
The input list is then protected using the SUCCESS_DATETIME data element.
The protected input data, the old data element SUCCESS_DATETIME, and a new data element SUCCESS_REPROTECT_DATETIME are then passed as inputs to the reprotect API. The reprotect API first unprotects the protected input data using the old data element and then reprotects it using the new data element, as part of a single reprotect operation.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["2019/01/27 02:34:54.123", "2018/04/22 01:24:35.123"]
print("Input data: "+str(data))
p_out = session.protect(data, "SUCCESS_DATETIME")
print("Protected data: "+str(p_out))
r_out = session.reprotect(p_out[0], "SUCCESS_DATETIME", "SUCCESS_REPROTECT_DATETIME")
print("Reprotected date: "+str(r_out))

Result

Protected data: (['2021/10/27 08:16:34.123000', '2021/01/20 07:06:15.123000'], (6, 6))
Reprotected date: (['2022/06/24 02:27:30.123000', '2021/09/17 01:17:11.123000'], (6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Encrypting String Data

The example for using the protect API for encrypting string data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example: Input string data
In the following example, the Protegrity1 string is used as the data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_ENC", 
 encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b'1\x05\n\x07\n\n\x17\x19\x15\nB'

Mock Example - Encrypting Bulk String Data

The example for using the protect API for encrypting bulk string data is described in this section. The bulk string data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to encrypt the data, then you must must use bytes in the encrypt_to keyword.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_ENC",
 encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'\x11\x05\n\x07\n\n\x17\x19\x15\nBE\\F', b'1\x05\n\x07\n\n\x17\x19\x15\nB', b'1\x05\n
\x07\n\n\x17\x19\x15\nFA'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Decrypting String Data

The example for using the unprotect API for decrypting string data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example: Input string data
In the following example, the Protegrity1 string that was encrypted using the SUCCESS_ENC data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument, and its value is set to str.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_ENC", 
 encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "SUCCESS_ENC",
 decrypt_to=str)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'1\x05\n\x07\n\n\x17\x19\x15\nB'
Decrypted Data: Protegrity1

Mock Example - Decrypting Bulk String Data

The example for using the unprotect API for decrypting bulk string data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, protegrity1234, Protegrity1, and Protegrity56 strings are stored in a list and used as bulk data, which is encrypted using the SUCCESS_STR data element. The bulk string data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument, and its value is set to str.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["protegrity1234", "Protegrity1", "Protegrity56"]
p_out = session.protect(data, "SUCCESS_STR", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_STR", decrypt_to=str)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data:
([b'pJPqrjJEqLXHaO', b'6JPqrjJEqLX', b'6JPqrjJEqLl5'], (6, 6, 6))
Decrypted Data:
(['protegrity1234', 'Protegrity1', 'Protegrity56'], (8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Encrypting Integer Data

The example for using the protect API for encrypting integer data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 21 is used as the integer data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(21, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b'twes'

Mock Example - Encrypting Bulk Integer Data

The example foe using the protect API for encrypting bulk integer data is described in this section. The bulk integer data can be passed as a list or a tuple.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'twes', b'Kwes', b'Vwes'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Decrypting Integer Data

The example for using the unprotect API for decrypting integer data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, the integer data 21 that was encrypted using the SUCCESS_ENC data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument, and its value is set to int.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(21, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "SUCCESS_ENC", decrypt_to=int)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'twes'
Decrypted Data: 21

Mock Example - Decrypting Bulk Integer Data

The example for using the unprotect API for decrypting bulk integer data is described in this section.

If you want to encrypt the data,then you must use bytes in the encrypt_to keyword.

Example
In the following example, 21, 42, and 55 integers are stored in a list and used as bulk data, which is encrypted using the SUCCESS_ENC data element. The bulk integer data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument, and its value is set to int.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [21, 42, 55]
p_out = session.protect(data, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_ENC", decrypt_to=int)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data:
([b'twes', b'Kwes', b'Vwes'], (6, 6, 6))
Decrypted Data:
([21, 42, 55], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Encrypting Long Data

The example for uisng the protect API for encrypting long data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 1376235139103947 is used as the long data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(1376235139103947, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b'\xaa\x8b\xf2\xc5\xc2\x8eap'

Mock Example - Encrypting Bulk Long Data

The example for using the protect API for encrypting bulk long data is described in this section. The bulk long data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'\xaa\x8b\xf2\xc5\xc2\x8eap', b'<\x82\x98R2\xeemp', b'\xb8\xd5W\ny&Dp'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Decrypting Long Data

The example for using the unprotect API for decrypting long data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, the long data 1376235139103947 that was encrypted using the SUCCESS_ENC data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument, and its value is set to long.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(1376235139103947, "SUCCESS_ENC", encrypt_to=bytes)
Confidential 282
Protegrity APIs, UDFs, Commands Reference Guide 9.1.0.0 Application Protector
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "SUCCESS_ENC", decrypt_to=int)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'\xaa\x8b\xf2\xc5\xc2\x8eap'
Decrypted Data: 1376235139103947

Mock Example - Decrypting Bulk Long Data

The example for using the unprotect API for decrypting bulk long data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 1376235139103947, 2396235839173981, and 9371234126176985 long data are stored in a list and used as bulk data, which is encrypted using the SUCCESS_ENC data element. The bulk long data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument, and its value is set to long.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [1376235139103947, 2396235839173981, 9371234126176985]
p_out = session.protect(data, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_ENC", decrypt_to=int)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data:
([b'\xaa\x8b\xf2\xc5\xc2\x8eap', b'<\x82\x98R2\xeemp', b'\xb8\xd5W\ny&Dp'], (6, 6, 6))
Decrypted Data:
([1376235139103947, 2396235839173981, 9371234126176985], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Encrypting Float Data

The example for using the protect API for encrypting float data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 22.5 is used as the float data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(22.5, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: %s" %output)

Result

Encrypted Data: b'SEKF'

Mock Example - Encrypting Bulk Float Data

The example for using the protect API for encrypting bulk float data is described in this section. The bulk float data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is encrypted using the SUCCESS_ENC data element. Therefore, the encrypt_to parameter is passed as a keyword argument, and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'SEKF', b'UOKJ\\', b'XCK@^'], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Decrypting Float Data

The example for using the unprotect API for decrypting float data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example

In the following example, the float data 22.5 that was encrypted using the SUCCESS_ENC data element is now decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to float.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect(22.5, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: %s" %output)
org = session.unprotect(output, "SUCCESS_ENC", decrypt_to=float)
print("Decrypted Data: %s" %org)

Result

Encrypted Data: b'SEKF'
Decrypted Data: 22.5

Mock Example - Decrypting Bulk Float Data

The example for using the unprotect API for decrypting bulk float data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

Example
In the following example, 22.5, 48.93, and 94.14 float data are stored in a list and used as bulk data, which is encrypted using the SUCCESS_ENC data element. The bulk float data is then decrypted using the same data element. Therefore, the decrypt_to parameter is passed as a keyword argument and its value is set to float.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = [22.5, 48.93, 94.31]
p_out = session.protect(data, "SUCCESS_ENC", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
out = session.unprotect(p_out[0], "SUCCESS_ENC", decrypt_to=float)
print("Decrypted Data: ")
print(out)

Result

Encrypted Data: 
([b'SEKF', b'UOKJ\\', b'XCK@^'], (6, 6, 6))
Decrypted Data: 
([22.5, 48.93, 94.31], (6, 6, 6))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Encrypting Bytes Data

The example for using the protect API for encrypting bytes data is described in this section.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE", encrypt_to=bytes)
print("Encrypted Data: %s" %p_out)

Result

Encrypted Data: b'6JPqrjJEqLX'

Mock Example - Encrypting Bulk Bytes Data

The example for using the protect API for encrypting bulk bytes data is described in this section. The bulk bytes data can be passes as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

If you want to encrypt the data, then you must use bytes in the encrypt_to keyword.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=[bytes("Protegrity1")]*5
p_out = session.protect(data, "SUCCESS_BYTE", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)

Result

Encrypted Data: 
([b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX'], (6,
 6, 6, 6, 6))

6 is the success return code for the protect operation of each element in the list.

Mock Example - Decrypting Bytes Data

The example for using the protect API for decrypting bytes data is described in this section.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE", encrypt_to=bytes)
print("Encrypted Data: %s" %p_out)
org = session.unprotect(p_out, "SUCCESS_BYTE", decrypt_to=bytes)
print("Decrypted Data: %s" org)

Result

Encrypted Data: b'6JPqrjJEqLX'
Decrypted Data: %s b'Protegrity1'

Mock Example - Decrypting Bulk Bytes Data

The example for using the protect API for encrypting bulk bytes data is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=[bytes("Protegrity1")]*5
p_out = session.protect(data, "SUCCESS_BYTE", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
org = session.unprotect(p_out[0], "SUCCESS_BYTE", decrypt_to=bytes)
print("Decrypted Data: ")
print(org)

Result

Encrypted Data:
([b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX'], (6,
 6, 6, 6, 6))
Decrypted Data:
([b'Protegrity1', b'Protegrity1', b'Protegrity1', b'Protegrity1', b'Protegrity1'], (8,
 8, 8, 8, 8))

6 is the success return code for the protect operation of each element in the list.
8 is the success return code for the unprotect operation of each element in the list.

Mock Example - Re-encrypting Bytes Data

The example for using the reprotect API for re-encrypting bytes data is described in this section.

Example
In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then encrypted using the SUCCESS_BYTE data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.
The protected input data, the old data element SUCCESS_BYTE, and a new data element SUCCESS_REPROTECT_BYTE are then passed as inputs to the reprotect API. The reprotect API first decrypts the protected input data using the old data element and then re-encrypts it using the new data element, as part of a single reprotect operation. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=bytes("Protegrity1", encoding="utf-8")
p_out = session.protect(data, "SUCCESS_BYTE", encrypt_to=bytes)
print("Encrypted Data: %s" %p_out)
r_out = session.reprotect(p_out, "SUCCESS_BYTE", "SUCCESS_REPROTECT_BYTE",
 encrypt_to=bytes)
print("Re-encrypted Data: %s" %r_out)

Result

Encrypted Data: b'6JPqrjJEqLX'
Re-encrypted Data: b'JQbePhQ2eGC'

Mock Example - Re-Encrypting Bulk Bytes Data

The example for using the reprotect API for re-encrypting bulk bytes data is described in this section. The bulk bytes data can be passed as a list or a tuple.

The individual elements of the list or tuple must be of the same data type.

Example
In the following example, Protegrity1 string is first converted to bytes using the Python bytes() method. The bytes data is then repeated five times in a list and used as bulk data, which is encrypted using the SUCCESS_BYTE data element. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.
The encrypted input data, the old data element SUCCESS_BYTE, and a new data element SUCCESS_REPROTECT_BYTE are then passed as inputs to the reprotect API. The reprotect API first decrypts the protected input data using the old data element and then re-encrypts it using the new data element, as part of a single reprotect operation. Therefore, the encrypt_to parameter is passed as a keyword argument and its value is set to bytes.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=[bytes("Protegrity1")]*5
p_out = session.protect(data, "SUCCESS_BYTE", encrypt_to=bytes)
print("Encrypted Data: ")
print(p_out)
r_out = session.reprotect(p_out[0], "SUCCESS_BYTE", "SUCCESS_REPROTECT_BYTE",
 encrypt_to=bytes)
print("Re-encrypted Data: ")
print(r_out)

Result

Encrypted Data:
([b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX', b'6JPqrjJEqLX'], (6,
 6, 6, 6, 6))
Re-encrypted Data:
([b'JQbePhQ2eGC', b'JQbePhQ2eGC', b'JQbePhQ2eGC', b'JQbePhQ2eGC', b'JQbePhQ2eGC'], (6,
 6, 6, 6, 6))

Using sample data elements for simulating auxiliary API scenarios

The examples on how to use the sample data elements for simulating the following auxiliary API scenarios are described in this section:

• Checking access permissions with success output
• Checking access permissions with failure output

In the mock implementation, you must pass the ALL_USER user name as an argument to the create_session API for creating a session.

Mock Example - Success Scenario for Checking Access Permissions

This example describes the success scenario on checking the access permission status of the user for a specified data element.

Example
In the following example, the check_access API returns True when you check the permission of User1 for protecting the data using the SUCCESS_CHECK_ACCESS data element.

from appython import Protector
from appython import CheckAccessType
protector = Protector()
session = protector.create_session("ALL_USER")
print(session.check_access("SUCCESS_CHECK_ACCESS", CheckAccessType.PROTECT))

Result

True

Mock Example - Failure Scenario for Checking Access Permissions

This example describes the failure scenario on checking the access permission status of the user for a specified data element.

Example
In the following example, the check_access API returns True when you check the permission of User1 for protecting the data using the FAIL_CHECK_ACCESS data element.

from appython import Protector
from appython import CheckAccessType
protector = Protector()
session = protector.create_session("ALL_USER")
print(session.check_access("FAIL_CHECK_ACCESS", CheckAccessType.PROTECT))

Result

False

Using sample data elements for simulating error scenarios

The examples on how to use the sample data elements for simulating the error scenarios while protecting, unprotecting, and reprotecting the data are described in this section.

In the mock implementation, you must pass the ALL_USER user name as an argument to the create_session API for creating a session.

Mock Example - Invalid User Exception

The examples for the scenario if a user who is not defined in a policy is used to protect single or bulk data are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the EXCEPTION_INVALID_USER data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "EXCEPTION_INVALID_USER")
 print("protect: "+output)
except ProtectError as error:
 print(error)

Result

1, The username could not be found in the policy in shared memory.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "EXCEPTION_INVALID_USER")
print(output)

Result

([None, None, None, None, None], ('1', '1', '1', '1', '1'))

Mock Example - Invalid Data Element Exception

The examples for the scenario if a data element that is not defined in a policy is used to protect single or bulk data are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the EXCEPTION_INVALID_DE data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
Confidential 291
Protegrity APIs, UDFs, Commands Reference Guide 9.1.0.0 Application Protector
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "EXCEPTION_INVALID_DE")
 print("protect: "+output)
except ProtectError as error:
 print(error)

Result

2, The data element could not be found in the policy in shared memory.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "EXCEPTION_INVALID_DE")
print(output)

Result

([None, None, None, None, None], ('2', '2', '2', '2', '2'))

Mock Example - External Tweak is Null

The examples for the scenario if a null external tweak is used to protect single or bulk data are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the EXCEPTION_TWEAK_IS_NULL data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "EXCEPTION_TWEAK_IS_NULL")
 print("protect: "+output)
except ProtectError as error:
 print(error)

Result

4, Tweak is null.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "EXCEPTION_TWEAK_IS_NULL")
print(output)

Result

([None, None, None, None, None], ('4', '4', '4', '4', '4'))

Mock Example - Data Too Short

The examples for the scenario if the data to be protected or unprotected is too short are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the DATA_TOO_SHORT data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "DATA_TOO_SHORT")
 print("protect: "+output)
except ProtectError as error:
 print(error)

Result

22, Data is too short to be protected/unprotected.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "DATA_TOO_SHORT")
print(output)

Result

([None, None, None, None, None], ('22', '22', '22', '22', '22'))

Mock Example - Long User Name

The examples for the scenario if the name of the user, who is protecting or unprotecting the data, is too long are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the USER_TOO_LONG data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "USER_TOO_LONG")
 print("protect: "+output)
except ProtectError as error:
Confidential 293
Protegrity APIs, UDFs, Commands Reference Guide 9.1.0.0 Application Protector
 print(error)

Result

25, Username too long.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "USER_TOO_LONG")
print(output)

Result

([None, None, None, None, None], ('25', '25', '25', '25', '25'))

Mock Example - Unsupported Algorithm

The examples for the scenario if the protection method used to protect the data is not supported by the API are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the EXCEPTION_UNSUPPORTED_ALGORITHM data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "EXCEPTION_UNSUPPORTED_ALGORITHM")
 print("protect: "+output)
except ProtectError as error:
 print(error)

Result

26, Unsupported algorithm or unsupported action for the specific data element.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "EXCEPTION_UNSUPPORTED_ALGORITHM")
print(output)

Result

([None, None, None, None, None], ('26', '26', '26', '26', '26'))

Mock Example - Empty Policy

The examples for the scenario if the data is protected without the policy being present in shared memory are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the EMPTY_POLICY data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "EMPTY_POLICY")
 print("protect: "+output)
except ProtectError as error:
 print(error)

Result

31, Policy not available.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "EMPTY_POLICY")
print(output)

Result

([None, None, None, None, None], ('31', '31', '31', '31', '31'))

Mock Example - Invalid Input

The examples for the scenario if the data to be protected is invalid are described in this section.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the INPUT_NOT_VALID data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
try:
 output = session.protect("Protegrity1", "INPUT_NOT_VALID")
 print("protect: "+output)
except ProtectError as error:
 print(error)

Result

44, The content of the input data is not valid.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "INPUT_NOT_VALID")
print(output)

Result

([None, None, None, None, None], ('44', '44', '44', '44', '44'))

Mock Example - Reprotecting Data with Heterogenous Data Elements

This example describes the error when the new data element used to reprotect the data does not have the same tokenization type or the protection method as that of the old data element.

Example: Single Data
In the following example, the Protegrity1 string is used as the data, which is being protected using the SUCCESS_STR data element.
The protected input data, the old data element SUCCESS_STR, and a new data element REPROTECT_HETERO_STR are then passed as inputs to the reprotect API. The reprotect API returns an error as the old and new data elements do not have the same tokenization type or the protection method.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("ALL_USER")
output = session.protect("Protegrity1", "SUCCESS_STR" )
try:
 org = session.reprotect(output, "SUCCESS_STR", "REPROTECT_HETERO_STR" )
 print("Reprotected data: "+org)
except Exception as error:
 print(error)

Result

26, Unsupported algorithm or unsupported action for the specific data element.

Example: Bulk Data
In the following example, the Protegrity1 string is repeated five times in a list, which is used as the input bulk data. The input data is being protected using the SUCCESS_STR data element.
The protected input data, the old data element SUCCESS_STR, and a new data element REPROTECT_HETERO_STR are then passed as inputs to the reprotect API. The reprotect API returns an error as the old and new data elements do not have the same tokenization type or the protection method.

from appython import Protector
protector = Protector()
session = protector.create_session("ALL_USER")
data=["Protegrity1"]*5
output = session.protect(data, "SUCCESS_STR" )
try:
 org = session.reprotect(output[0], "SUCCESS_STR", "REPROTECT_HETERO_STR" )
 print("Reprotected data:")
 print(org)
except Exception as error:
 print(error)

Result

26, Unsupported algorithm or unsupported action for the specific data element.

Using sample users for simulating error scenarios

The examples on how to use sample users for simulating the user-related error scenarios while protecting, unprotecting, and reprotecting the data are described in this section.

Mock Example - No Protect User

The examples for the scenario in which a user does not have privileges to protect data are described in this section.

Example: Single Data
In the following example, the NO_PROTECT_USER user is used to try and protect the Protegrity1 string using the SUCCESS_STR data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("NO_PROTECT_USER")
try:
 output = session.protect("Protegrity1", "SUCCESS_STR")
 print("Protected data: "+output)
except ProtectError as error:
 print(error)

Result

3, The user does not have the appropriate permissions to perform the requested  operation.

Example: Bulk Data
In the following example, the Protegrity1 string is repeated five times in a list, which is used as the input bulk data. The NO_PROTECT_USER is used to try and protect the input data using the SUCCESS_STR data element.

from appython import Protector
from appython.exceptions import ProtectError
protector = Protector()
session = protector.create_session("NO_PROTECT_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "SUCCESS_STR")
print(output)

Result

([None, None, None, None, None], ('3', '3', '3', '3', '3'))

Mock Example - No Reprotect User

The examples for the scenario in which a user does not have privileges to reprotect data are described in this section.

Example: Single Data
In the following example, the NO_REPROTECT_USER user is used to try and reprotect the Protegrity1 string using the SUCCESS_REPROTECT_STR data element.

from appython import Protector
from appython.exceptions import ReprotectError
protector = Protector()
session = protector.create_session("NO_REPROTECT_USER")
try:
 org = session.reprotect("Protegrity1", "SUCCESS_STR", "SUCCESS_REPROTECT_STR")
 print("reprotect: " + org)
except ReprotectError as e:
 print(e)

Result

3, The user does not have the appropriate permissions to perform the requested operation.

Example: Bulk Data
In the following example, the Protegrity1 string is repeated five times in a list, which is used as the input bulk data. The NO_REPROTECT_USER is used to try and reprotect the input data using the SUCCESS_REPROTECT_STR data element.

from appython import Protector
from appython.exceptions import ReprotectError
protector = Protector()
session = protector.create_session("NO_REPROTECT_USER")
data = ["Protegrity1"]*5 
org = session.reprotect(data, "SUCCESS_STR", "SUCCESS_REPROTECT_STR")
print(org)

Result

([None, None, None, None, None], ('3', '3', '3', '3', '3'))

Mock Example - No Unprotect Null User

The examples for the scenario in which a user does not have privileges to unprotect data are described in this section. In this case, if the user tries to unprotect the data, then the unprotect API returns a null value.

Example: Single Data
In the following example, the NO_UNPROTECT_NULL_USER user is first used to protect the Protegrity1 string using the SUCCESS_STR data element. Then, the NO_UNPROTECT_NULL_USER user is used to try and unprotect the protected input data using the same data element. However, the user is unable to unprotect the data and the API returns a null value.

from appython import Protector
from appython.exceptions import UnprotectError
protector = Protector()
session = protector.create_session("NO_UNPROTECT_NULL_USER")
p_out = session.protect("Protegrity1", "SUCCESS_STR")
print("Protected data: " + p_out)
org = session.unprotect(p_out, "SUCCESS_STR")
print("Unprotected data: ")
print(org)

Result

Protected data: lSvH5dvO5l5vvH5zvOvzaX
Unprotected data: None

Example: Bulk Data
In the following example, the Protegrity1 string is repeated five times in a list, which is used as the input bulk data. The NO_UNPROTECT_NULL_USER user is first used to protect the input data using the SUCCESS_STR data element. Then, the NO_UNPROTECT_NULL_USER user is used to try and unprotect the protected input data using the same data element.

from appython import Protector
from appython.exceptions import UnprotectError
protector = Protector()
session = protector.create_session("NO_UNPROTECT_NULL_USER")
data = ["Protegrity1"]*5 
p_out = session.protect(data, "SUCCESS_STR")
print("Protected data: ")
print(p_out)
org = session.unprotect(p_out[0], "SUCCESS_STR")
print("Unprotected data: ")
print(org)

Result

Protected data: 
(['lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX',
 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX'], (6, 6, 6, 6, 6))
Unprotected data: 
([None, None, None, None, None], ('3', '3', '3', '3', '3'))

Mock Example - No Unprotect Exception User

The example for the scenario in which a user does not have privileges to unprotect data are described in this section. In this case, if the user tries to unprotect the data, then the unprotect API throws an exception.

from appython import Protector
from appython.exceptions import UnprotectError
protector = Protector()
session = protector.create_session("NO_UNPROTECT_EXC_USER")
p_out = session.protect("Protegrity1", "SUCCESS_STR")
print("Protected data: " + p_out)
try:
 org = session.unprotect(p_out, "SUCCESS_STR")
 print("Unprotected data: " + org)
except UnprotectError as e:
 print(e)

Result

Protected data: lSvH5dvO5l5vvH5zvOvzaX
3, The user does not have the appropriate permissions to perform the requested operation.

from appython import Protector
from appython.exceptions import UnprotectError
protector = Protector()
session = protector.create_session("NO_UNPROTECT_EXC_USER")
data = ["Protegrity1"]*5 
p_out = session.protect(data, "SUCCESS_STR")
print("Protected data: ")
print(p_out)
org = session.unprotect(p_out[0], "SUCCESS_STR")
print("Unprotected data: ")
print(org)

Result

Protected data: 
(['lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX',
 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX'], (6, 6, 6, 6, 6))
Unprotected data: 
([None, None, None, None, None], ('3', '3', '3', '3', '3'))

Mock Example - No Unprotect Protected User

Example: Single Data
In the following example, the NO_UNPROTECT_PROTECTED_USER user is first used to protect the Protegrity1 string using the SUCCESS_STR data element. Then, the NO_UNPROTECT_NULL_USER user is used to try and unprotect the protected input data using the same data element. However, the user is unable to unprotect the data, and the API returns the protected input data.

from appython import Protector
from appython.exceptions import UnprotectError
protector = Protector()
session = protector.create_session("NO_UNPROTECT_PROTECTED_USER")
p_out = session.protect("Protegrity1", "SUCCESS_STR")
print("Protected data: " + p_out)
org = session.unprotect(p_out, "SUCCESS_STR")
print("Unprotected data: " + org)

Result

Protected data: lSvH5dvO5l5vvH5zvOvzaX
Unprotected data: lSvH5dvO5l5vvH5zvOvzaX

Example: Bulk Data
In the following example, the Protegrity1 string is repeated five times in a list, which is used as the input bulk data. The NO_UNPROTECT_PROTECTED_USER user is first used to protect the input data using the SUCCESS_STR data element. Then, the NO_UNPROTECT_PROTECTED_USER user is used to try and unprotect the protected input data using the same data element.

from appython import Protector
from appython.exceptions import UnprotectError
protector = Protector()
session = protector.create_session("NO_UNPROTECT_PROTECTED_USER")
data = ["Protegrity1"]*5 
p_out = session.protect(data, "SUCCESS_STR")
print("Protected data: ")
print(p_out)
org = session.unprotect(p_out[0], "SUCCESS_STR")
print("Unprotected data: ")
print(org)

Result

Protected data: 
(['lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX',
 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX'], (6, 6, 6, 6, 6))
Unprotected data: 
(['lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX',
 'lSvH5dvO5l5vvH5zvOvzaX', 'lSvH5dvO5l5vvH5zvOvzaX'], (3, 3, 3, 3, 3))

Mock Example - No User

The examples for the scenario in which a user has not been defined in the security policy are described in this section.

Example: Single Data
In the following example, the NO_USER user is used to try and protect the Protegrity1 string using the SUCCESS_STR data element. However, the user is unable to perform the requested operation because the user has not been defined in the security policy.

from appython import Protector
from appython.exceptions import ProtectError, ReprotectError, UnprotectError
protector = Protector()
session = protector.create_session("NO_USER")
try:
 output = session.protect("Protegrity1", "SUCCESS_STR")
 print("Protected data: " + output)
except ProtectError as e:
 print(e)

Result

1, The username could not be found in the policy.

Example: Bulk Data
In the following example, the Protegrity1 string is repeated five times in a list, which is used as the input bulk data. The NO_USER user is used to try and protect the Protegrity1 string using the SUCCESS_STR data element. However, the user is unable to perform the requested operation because the user has not been defined in the security policy.

from appython import Protector
from appython.exceptions import ProtectError, ReprotectError, UnprotectError
protector = Protector()
session = protector.create_session("NO_USER")
data = ["Protegrity1"]*5 
output = session.protect(data, "SUCCESS_STR")
print(output)

Result

([None, None, None, None, None], ('1', '1', '1', '1', '1'))

6.1 - Using the AP Python APIs

Sample application for the AP Python

The process to use the AP Python protect, unprotect, and reprotect methods is described in this section.

It is assumed that the ESA is already available.

The tasks can be divided in the following order.

Create the data elements and data store in the Policy Management on the ESA Web UI.
Create the member sources and roles.
Configure the policy.
Configure the trusted application.
Add a trusted application to the data store.
Install the AP Python.
Run the sample application.

Creating a Data Element and Data Store

Create a data element and data store in the ESA by performing the following.

Before you run the application, decide on how you would like to protect the data – using encryption or tokenization.Protection and unprotection methods are available for both.

To create a data element, from the ESA Web UI, navigate to Policy Management → Data Elements & Masks → Data Elements. For more information about creating data elements, refer to Working With Data Elements.
To create a data store, navigate to Policy Management → Data Stores. For more information about creating data stores, refer to Creating a Data Store.

Creating a Member Source and Role

Create a member source and role in the ESA by performing the following.

To create a member source, from the ESA Web UI, navigate to Policy Management → Roles & Member Sources → Member Sources.
For more information about creating a member source, refer to Working With Member Sources.
To create a role, from the ESA Web UI, navigate to Policy Management → Roles & Member Sources → Roles.
For more information about creating a role, refer to Creating a Role.

Configuring a Policy

Configure a policy in the ESA by performing the following.

From the ESA Web UI, navigate to Policy Management → Policies & Trusted Applications → Policies.
Click Add New Policy.
The New Policy screen appears.
After the policy is configured for the application user, add the permissions, data elements, roles, and data stores to the policy and then save it.
Deploy the policy using the Policy Management Web UI.

For more information about creating a data security policy, refer to Creating Policies.

Configuring a Trusted Application

Only the applications and users configured as trusted applications under the ESA security policy can access the AP APIs.
If a policy is deployed but the application or the user is not trusted, then the AP aborts with the following message while performing the protect or unprotect operations:
API consumer is not part of the trusted applications, please contact the Security Officer

Configure a trusted application in the ESA by performing the following.

From the ESA Web UI, navigate to Policy Management → Policies & Trusted Applications → Trusted Application.
Create a trusted application.
Deploy the trusted application using the Policy Management Web UI.

For more information about trusted applications, refer to Working With Trusted Applications.

Adding a Trusted Application to Data Store

Add a trusted application to data store by performing the following.

From the ESA Web UI, navigate to Policy Management → Data Stores.
The list of all the data stores appear.
Select the required data store.
The screen to edit the data store appears.
Under the Trusted Applications tab, click Add.
The screen to add the trusted application appears.
Select the required trusted application and click Add.
Select the required policy and deploy it using the Policy Management Web UI.

For more information about adding a trusted application to data store, refer to Linking Data Store to a Trusted Application.

Installing the AP Python

Install the AP Python by performing the following steps.

To install the AP Python, refer to Application Protector Python Installation.
Verify if the AP Python is successfully installed by performing the following.
a. Initialize the AP Python.
For more information about the AP Python initialization API, refer to Initialize the protector.
b. Run the get_version method using the following command to check the version of the installed AP Python.
The following is a sample code to check the version number of the installed AP Python.
```
 from appython import Protector
 protector = Protector()
 print(protector.get_version())
```
c. Save the sample code and name it .py. d. Run the command python .py to know the version of the installed AP Python.

Running the AP Python APIs

After setting up the policy and trusted application, you can begin testing the AP Python APIs for protection, unprotection, and reprotection.

For more information about the AP Python APIs, refer to Application Protector Python APIs.

For more information about the AP Python return codes, refer to Application Protector API Return Codes.

The following represents a sample AP Python application for performing the protect, unprotect, and reprotect operations.

from appython import Protector
if __name__ == "__main__":

    # Initialize the protector
    protector = Protector()

    # Create session with policy user
    session = protector.create_session("USER1")

    # Protect operation
    p_out = session.protect("Protegrity1", "TE_AN_SLT13_L0R0_N")
    print("Protected Data: %s" %p_out)

    # Reprotect operation
    r_out = session.reprotect(p_out, "TE_AN_SLT13_L0R0_N", "TE_AN_SLT13_L0R0_N")
    print("Reprotected Data: %s" %r_out)

    # Unprotect operation
    org = session.unprotect(r_out, "TE_AN_SLT13_L0R0_N")
    print("Unprotected Data: %s" %org)

7 - Additional Topics

Learn about the AP Python documentation with advanced operational insights and platform-specific guidance.

This section expands the core Application Protector (AP) Python documentation.

Uninstalling AP Python on Linux involves removing binaries, configuration files, and dependencies.
Understanding AP Python’s memory footprint is critical for performance tuning and resource allocation.
Understanding the installation of AP Python on Linux in a development environment.

7.1 - Uninstalling the Application Protector

Uninstalling the AP Python Installation on different platforms

Uninstalling Application Protector (AP) Python from Linux in Production Environment

The steps to uninstall the different components of the AP Python in production environment are described in this section.

Uninstalling the Log Forwarder from Linux

To preserve all the configurations while upgrading the Log Forwarder, ensure that all the files present under the /opt/protegrity/logforwarder/data/config.d directory are backed up.

To uninstall the Log Forwarder from a Linux platform:

Navigate to the /opt/protegrity/logforwarder/bin directory.
Stop the Log Forwarder using the following command.
```
./logforwarderctrl stop
```
Delete the /opt/protegrity/logforwarder directory. The Log Forwarder is uninstalled.

Uninstalling the RP Agent from Linux

Before uninstalling the RP Agent, ensure that all the files present under the /opt/protegrity/rpagent/data directory are backed up.

To uninstall the RP Agent from a Linux platform:

Navigate to the /opt/protegrity/rpagent/bin directory.
Stop the RP Agent using the following command.
```
./rpagentctrl stop
```
Delete the /opt/protegrity/rpagent directory. The RP Agent is uninstalled.

Uninstalling the AP Python from Linux

To uninstall the AP Python from a Linux platform:

Login to the machine from where you want to uninstall the AP Python.
Uninstall the AP Python by running the following command.
```
pip uninstall appython
```
Delete the /opt/protegrity/sdk/python directory. The AP Python is uninstalled.

7.2 - Memory Usage of the AP Python

The memory usage in the AP Python for different policy sizes with a sample.

The memory used for the different policy sizes using a sample python application is described in this section.

Sample application

The following is a sample python application.

from appython import Protector
if __name__ == "__main__":

    # Initialize the protector
    protector = Protector()

    # Create session with policy user
    session = protector.create_session("USER1")

    # Protect operation
    p_out = session.protect("Protegrity1", "TE_AN_SLT13_L0R0_N")
    print("Protected Data: %s" %p_out)

    # Reprotect operation
    r_out = session.reprotect(p_out, "TE_AN_SLT13_L0R0_N", "TE_AN_SLT13_L0R0_N")
    print("Reprotected Data: %s" %r_out)

    # Unprotect operation
    org = session.unprotect(r_out, "TE_AN_SLT13_L0R0_N")
    print("Unprotected Data: %s" %org)

Expected memory usage

The process to find the policy size and expected memory usage for different policy sizes used by the python application is described in this section.

To find the policy size:

On Insights dashboard, under the Discover section, navigate to the troubleshooting index.
Search using the process.module.keyword: coreprovider filter.
Navigate to the logs with description as Policy successfully loaded. The additional_info.memoryUsed field depicts the policy size.

Memory Usage

The following is the expected memory usage for different policy sizes used by the python application.

Policy size	Process memory consumption
13 MB	42 MB
38 MB	89 MB
536 MB	979 MB

The process memory increases substantially for a few milliseconds when the application is running in the following cases:
The policy is replaced with another policy
Changes are made in the current policy

Conclusion

The results for memory required by various policy sizes using the sample python application can be used to determine the memory requirements of the Python application. The results are based on memory usage of a single instance of python processes. The results exclude LogForwarder and RP Agent.

7.3 - Setting Up AP Python on Linux in a Development Environment

Learn about installating AP Python on Linux in a development environment.

The steps to set up the AP Python on a Linux platform in a development environment are described in the section.

Verifying prerequisites

Ensure that the following prerequisites are met:

Python 3, version from 3.7 to 3.11, must be installed on the machine.
Latest version of pip, the Python package manager, must be installed.

Extracting the AP Python installation package

To set up the AP Python on the Linux platform in development environment.

Download the ApplicationProtector_Linux-ALL-64_x86-64_PY-3.11_\<version>.tgz file to any location on the machine where you want to install the protector.
Extract the AP Python installation package using the following command.
```
tar –xvf ApplicationProtector_Linux-ALL-64_x86-64_PY-3.11_<version>.tgz
```
The following setup files are extracted:
- LogforwarderSetup_Linux_x64_\<version>.sh
- RPAgentSetup_Linux_x64_\<version>.sh
- APPythonSetup_Linux_x64_\<version>.sh
- APPythonDevSetup_Linux_x64_\<version>.tar

Installing AP Python in a Development Environment

Run the following script to install AP Python in a development environment.
```
pip install APPythonDevSetup_Linux_x64_<version>.tar
```
This installs the AP Python in the development environment on the Linux platform. The default installation directory for the Linux platform is /usr/local/lib/python<version>/site-packages.
Verify that the following directories are created in the AP Python site-packages installation directory:
- appython
- mocks
- pypepprovider
To verify the version of the AP Python, run the following command:
```
pip list
```
The name and version of the installed AP Python package are displayed on the console.
```
appython-dev 10.0.0+x
```
For information on how to use the AP Python APIs in a development environment, refer to Using AP Python in a development environment.
Perform the following steps to access the AP Python Pydoc, which contains the API documentation.
- Run the following command to extract the AP Python setup file:
```
tar –xvf APPythonDevSetup_Linux_x64_<version>.tar
```
  The appython_dev-<version> directory is extracted.
- Navigate to the appython_dev-<version>\docs\ directory.
- Open the index.html file in a browser to access the AP Python Pydoc.
If you are setting up the AP Python in a virtual Linux environment, then convert the appython_dev-<version>\docs\ directory to a zip file and download it locally. You can then open the index.html file in a browser to access the AP Python Pydoc.

Uninstalling AP Python from the Development Environment

To uninstall the AP Python from the development environment:

Login to the machine where AP Python is installed.
Uninstall the AP Python by running the following command.
```
pip uninstall appython-dev
```

7.4 - DevOps Approach for Application Protector Python

The DevOps approach for package deployment.

The DevOps approach enables immutable package deployment. It uses a REST API call to download packages from the ESA in an encrypted format.

Note: The RP Agent should not be installed for immutable package deployments using DevOps.

For more information about package deployment approaches, refer to Resilient Package Deployment.

A REST API call is used to download the package on your local machine. Configure the package path in the config.ini file within the DevOps section and the decryptor class.

If a downloaded path is overwritten, a new package will be reflected in the running application at the set time interval. This occurs when another package with the same name overwrites the existing one. This changes the protector’s behaviour. The protector no longer functions as an immutable protector.

DevOps approach architecture

A REST API call is used to download the policy from the ESA in an envelop encrypted format. A public key is created using a Key Management System (KMS) or Hardware Security Module (HSM). This public key must be passed to the REST API.

The ESA generates a JSON file for the package with policy.
The encrypted DEK needs to be decrypted to perform the security operations. A Decryptor class is implemented using the Decryptor interface, to decrypt the Data Encryption Key (DEK) using a private key.

Before you begin

Ensure the following prerequisites are met:

The installation of the RP Agent is not required for immutable package deployment using the DevOps approach.
The decryptor parameter must have a fully qualified name of the decryptor class.
A Decryptor class needs to be implemented using the Decryptor interface, which decrypts the Data Encryption Key (DEK) using a private key. It returns the decrypted DEK in bytes.
For more information on the decryptor interface of AP Java, refer to Configuring the Decryptor interface.
For more information on the decryptor interface of AP Python, refer to Configuring the Decryptor interface.
The data store is properly configured before exporting your Application Protector policy. Define allowed servers for seamless policy deployment and secure access control.
For more information about configuring a data store, refer to -
- Creating a Data Store
- Adding Allowed Servers for the Data Store

AP Python

Using the DevOps approach

Perform the following steps to use the DevOps approach for immutable package deployment.

Add the [devops] parameter in the config.ini file.
Ensure the decryptor class has a fully qualified domain name.

[devops]
package.path = /path/to/policyFile
decryptor.path = /path/to/decryptorClassFile
decryptor.class = decryptorClassName

The following is an example for adding the [devops] parameter in the config.ini file.

[devops]
package.path = /opt/policies/test.json
decryptor.path = /opt/protegrity/sdk/python/lib/RSADecryptor.py
decryptor.class = RSADecryptor

Note: For ESA 10.2.0 and later, Application Protector DevOps must use the Encrypted Resilient Package REST APIs using GET method. The legacy Export API using POST method is deprecated and not supported for Teams (PPC). The deprecated API remains supported only for the Enterprise edition for backward compatibility.
For more information about exporting Resilient Package using POST method for 10.0.1 and 10.1.0 ESA, refer to Using the Resilient Package REST APIs.

For more information about exporting Resilient Package using GET method for 10.2 ESA, refer to Using the Resilient Package REST APIs.

For more information about exporting Resilient Package using GET method for PPC, refer to Using the Encrypted Resilient Package REST APIs.

Sample code for DevOps approach

The sample code for DevOps approach for various Application Protectors using different cloud platforms is provided in this section.

DevOps approach for AP Python

The sample code for DevOps approach for the AP Python using different cloud platforms is provided in this section.

Configuring the Decryptor interface

A Decryptor class must implement the DEKDecryptor interface to decrypt the DEK. This interface includes the decrypt method. The decrypt method provides keyLabel, algorithmId, and encDek parameters. The decrypted DEK must be returned in byte[] format.

The following is a sample code for implementing the DEKDecryptor interface.

from abc import ABC, abstractmethod

class DEKDecryptor(ABC):
   @abstractmethod
   def decrypt(self,keylabel:str,algorithm_id:str,enc_dek:bytes) -> bytes:
      """
      Provides keyLabel,algorithmID and encDEK
      """

Using AWS

The following is a sample implementation using the private key from AWS KMS.

import logging
import boto3
from botocore.exceptions import ClientError
from pycoreprovider.utils.DEKDecryptor import DEKDecryptor


logger = logging.getLogger(__name__)

class KeyDecrypt:
    def __init__(self, kms_client):
        self.kms_client = kms_client

    @classmethod
    def from_client(cls) -> "KeyDecrypt":
        """
        Creates a KeyDecrypt instance with a default KMS client.

        :return: An instance of KeyDecrypt initialized with the default KMS client.
        """
        kms_client = boto3.client("kms",region_name="us-east-1")
        return cls(kms_client)


    def decrypt(self, key_id: str, cipher_text: bytes) -> bytes:
        """
        Decrypts text previously encrypted with a key.

        :param key_id: The ARN or ID of the key used to decrypt the data.
        :param cipher_text: The encrypted text to decrypt.
        :return: The decrypted text.
        """
        try:
            return self.kms_client.decrypt(KeyId=key_id, CiphertextBlob=cipher_text,EncryptionAlgorithm="ALGORITHM_NAME")[
                "Plaintext"
            ]
        except ClientError as err:
            logger.error(
                "Couldn't decrypt your ciphertext. Here's why: %s",
                err.response,
            )
            raise



class AWSKMSDecryptor(DEKDecryptor):
    def decrypt(self,keyLabel,algorithmID,encDek):
        key_decrypt = KeyDecrypt.from_client()
        return key_decrypt.decrypt("key:arn",encDek)

Using Azure

The following is a sample implementation using the private key from Azure Key Vault.

from azure.identity import DefaultAzureCredential
from azure.keyvault.keys.crypto import CryptographyClient, EncryptionAlgorithm
from pycoreprovider.utils.DEKDecryptor import DEKDecryptor

"""
Sample Decryptor class for decrypting the encrypted DEK using Azure Key Vault

[Azure Prerequisite]
* Install azure cli
* Login to azure : az login --use-device-code

[Protegrity Prerequisite]
* For creating a key in Azure Key Vault using Azure CLI, refer :
  https://learn.microsoft.com/en-us/azure/key-vault/keys/quick-create-cli 
* Download the public key from the key vault : 
  az keyvault key download --vault-name test -n testkey -e PEM -f publickey.pem
* Replace all the new lines with '\n' in publickey.pem
* Public key is now ready to be used for downloading the ESA policy
* Azure supports RSA1_5, RSA_OAEP and RSA_OAEP_256 algorithms, whose 
  correspoding names in REST API call are RSA1_5, RSA-OAEP-SHA1 and 
  RSA-OAEP-256 respectively. Refer: 
  https://azuresdkdocs.blob.core.windows.net/$web/python/azure-keyvault-keys/latest/azure.keyvault.keys.crypto.html
* Make sure that decrypt permission is present for the key vault : 
  az keyvault set-policy -n "test" --key-permissions decrypt --object-id 7e821e4c-e0ad-4a6f-aa26-f445c7c7e3ea
* To get the private key URI from azure key vault, refer :
  https://learn.microsoft.com/en-us/azure/key-vault/keys/quick-create-cli
[Python Prerequisite]
* Refer the minimum required python version from here -
  https://learn.microsoft.com/en-us/python/api/overview/azure/keyvault-keys-readme?view=azure-python
* pip install azure-keyvault-keys azure-identity cryptography

"""

class AzureKeyVaultDecryptor(DEKDecryptor):
    key_id = "https://automation-cntrs.vault.azure.net/keys/testkey/aaf3861366a24b1bb4f6871eb11afafe"

    def decrypt(self,keyLabel,algorithmID,encDek):
        credential = DefaultAzureCredential()        
        crypto_client = CryptographyClient(AzureKeyVaultDecryptor.key_id, credential=credential)
        decrypted = crypto_client.decrypt(EncryptionAlgorithm.rsa_oaep_256, encDek)
        return decrypted.plaintext

Using GCP

The following is a sample implementation using the private key from Google Cloud KMS.

from pycoreprovider.utils.DEKDecryptor import DEKDecryptor

# Import the client library.
from google.cloud import kms

def decrypt_asymmetric(
    project_id: str,
    location_id: str,
    key_ring_id: str,
    key_id: str,
    version_id: str,
    ciphertext: bytes,
) -> kms.DecryptResponse:
    """
    Decrypt the ciphertext using an asymmetric key.

    Args:
        project_id (string): Google Cloud project ID (e.g. 'my-project').
        location_id (string): Cloud KMS location (e.g. 'us-east1').
        key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').
        key_id (string): ID of the key to use (e.g. 'my-key').
        version_id (string): ID of the key version to use (e.g. '1').
        ciphertext (bytes): Encrypted bytes to decrypt.

    Returns:
        DecryptResponse: Response including plaintext.

    """

    # Create the client.
    client = kms.KeyManagementServiceClient()

    # Build the key version name.
    key_version_name = client.crypto_key_version_path(
        project_id, location_id, key_ring_id, key_id, version_id
    )

    # Optional, but recommended: compute ciphertext's CRC32C.
    # See crc32c() function defined below.
    ciphertext_crc32c = crc32c(ciphertext)

    # Call the API.
    decrypt_response = client.asymmetric_decrypt(
        request={
            "name": key_version_name,
            "ciphertext": ciphertext,
            "ciphertext_crc32c": ciphertext_crc32c,
        }
    )

    # Optional, but recommended: perform integrity verification on decrypt_response.
    # For more details on ensuring E2E in-transit integrity to and from Cloud KMS visit:
    # https://cloud.google.com/kms/docs/data-integrity-guidelines
    if not decrypt_response.verified_ciphertext_crc32c:
        raise Exception("The request sent to the server was corrupted in-transit.")
    if not decrypt_response.plaintext_crc32c == crc32c(decrypt_response.plaintext):
        raise Exception(
            "The response received from the server was corrupted in-transit."
        )
    # End integrity verification

    print(f"Plaintext: {decrypt_response.plaintext!r}")
    return decrypt_response


def crc32c(data: bytes) -> int:
    """
    Calculates the CRC32C checksum of the provided data.
    Args:
        data: the bytes over which the checksum should be calculated.
    Returns:
        An int representing the CRC32C checksum of the provided bytes.
    """
    import crcmod  # type: ignore

    crc32c_fun = crcmod.predefined.mkPredefinedCrcFun("crc-32c")
    return crc32c_fun(data)

class GCPKMSDecryptor(DEKDecryptor):
    def decrypt(self,keyLabel,algorithmID,encDek):
        print(keyLabel,algorithmID,encDek)
        decDek=decrypt_asymmetric("project_id","location_id","key_ring_id","key_id","version_id","ciphertext")
        return decDek.plaintext

7.5 - Application Protector API Return Codes

Learn about the Application Protector API Return Codes.

When an application is developed using the APIs of the Protegrity Application Protector Suite, you may encounter the Application Protector API Return Codes. For more information about log return codes, refer to Log return codes.

Sample Log for AP Return Codes

The following is a sample log generated in Discover on the Audit Store Dashboards in the ESA.

Sample log for AP return codes

Protection audit logs are stored in the Audit Store. Select the pty_insight_*audit* index to view the protection logs.

For more information about viewing the logs, refer to Working with Discover.

7.6 - Config.ini file for Application Protector

Sample config.ini file for Application Protector.

The Application Protector can be configured using the config.ini file. By default, this file is located in the <installation directory>/sdk/<protector>/data/ directory.

The various configurations required for setting up the Application Protector are described in this section.

Sample config.ini file

The following represents a sample config.ini file.

# -----------------------------
# Protector configuration
# ----------------------------- 
[protector]

# Cadence determines how often the protector connects with shared memory to fetch the policy updates in background.
# Default is 60 seconds. So by default, every 60 seconds protector tries to fetch the policy updates.
#
# Default 60.
cadence = 60

# The time during which an session object is valid. Default = 15 minutes.
session.sessiontimeout = 15

###############################################################################
# Log Provider Config
###############################################################################
[log]

# In case that connection to fluent-bit is lost, set how audits/logs are handled
# 
# drop  : (default) Protector throws logs away if connection to the fluentbit is lost
# error : Protector returns error without protecting/unprotecting 
#         data if connection to the fluentbit is lost
mode = drop

# Host/IP to fluent-bit where audits/logs will be forwarded from the protector
#
# Default localhost
host = localhost

Different configurations for Application Protector

The following are the various configurations:

Protector configurations

cadence: The interval at which the protector synchronizes with the shared memory for fetching the package with policy. The default value for cadence is 60 seconds. The maximum and minimum value that can be set for cadence are 86400 seconds (24 hours) and 1 respectively.
For more information about the policy deployment with different cadence configurations, refer to Policy Deployment.
For more information about the Resilient Package sync configuration parameters, refer to Resilient Package Sync Configuration Parameters.
For more information about changing protector status interval, refer to Resilient Package Status Configuration Parameter.
session.sessiontimeout: The time during which a session object is valid. The default value for session.sessiontimeout is 15 minutes.
Note: The session.sessiontimeout parameter is a feature of AP Java and not valid for AP Python and AP .Net.

Log Provider configurations

mode: This describes how the protector logs are handled if you lose connection to the Log Forwarder host, can be set to one of the following values:
- drop: The logs are dropped when the connection to the Log Forwarder is lost. The default mode is drop.
- error: The data security operations are stopped and an error is generated when the connection to the Log Forwarder is lost.
host: The Log Forwarder hostname or IP address where the logs will be forwarded from the protector. The default host for Log Forwarder is localhost.

For more information about the configuration parameters for forwarding the audits and logs, refer to Configuration Parameters for Forwarding Audits and Logs.

7.7 - Multi-node Application Protector Architecture

Architecture for multi-node Application Protector.

The multi-node Application Protector (AP) architecture, its individual components, and how logs are collected using the Log Forwarder are described in this section.

The following figure describes the multi-node AP architecture.

Multi-node AP architecture

For example, some AP nodes are connected to an ESA, which includes the Audit Store component. Each AP node contains a Log Forwarder, RP Agent, and AP instance for sending logs to the ESA.

Protector: The AP can be configured using the config.ini file.
For more information about the configurations, refer to Config.ini file for Application Protector.

RP Agent: The RP Agent downloads the package with policy from the ESA, which is used by the protector to perform the protect, unprotect, or reprotect operations. It checks for the updates in the policy at set intervals and downloads the latest policy package when an update is detected.

Log Forwarder: The Log Forwarder component collects the logs from the AP and forwards them to the Audit Store. The Log Forwarder uses the 15780 port which is configurable to transport protection and audit logs to the ESA. The ESA receives the logs and stores it in the Audit Store.