Using the AP Python APIs

Sample application for the AP Python

The process to use the AP Python protect, unprotect, and reprotect methods is described in this section.

It is assumed that the ESA is already available.

The tasks can be divided in the following order.

  1. Create the data elements and data store in the Policy Management on the ESA Web UI.
  2. Create the member sources and roles.
  3. Configure the policy.
  4. Configure the trusted application.
  5. Add a trusted application to the data store.
  6. Install the AP Python.
  7. Run the sample application.

Creating a Data Element and Data Store

Create a data element and data store in the ESA by performing the following.

Before you run the application, decide on how you would like to protect the data – using encryption or tokenization.Protection and unprotection methods are available for both.

  1. To create a data element, from the ESA Web UI, navigate to Policy ManagementData Elements & MasksData Elements. For more information about creating data elements, refer to Working With Data Elements.
  2. To create a data store, navigate to Policy ManagementData Stores. For more information about creating data stores, refer to Creating a Data Store.

Creating a Member Source and Role

Create a member source and role in the ESA by performing the following.

  1. To create a member source, from the ESA Web UI, navigate to Policy ManagementRoles & Member SourcesMember Sources.
    For more information about creating a member source, refer to Working With Member Sources.
  2. To create a role, from the ESA Web UI, navigate to Policy ManagementRoles & Member SourcesRoles.
    For more information about creating a role, refer to Creating a Role.

Configuring a Policy

Configure a policy in the ESA by performing the following.

  1. From the ESA Web UI, navigate to Policy ManagementPolicies & Trusted ApplicationsPolicies.
  2. Click Add New Policy.
    The New Policy screen appears.
  3. After the policy is configured for the application user, add the permissions, data elements, roles, and data stores to the policy and then save it.
  4. Deploy the policy using the Policy Management Web UI.

For more information about creating a data security policy, refer to Creating Policies.

Configuring a Trusted Application

Only the applications and users configured as trusted applications under the ESA security policy can access the AP APIs.
If a policy is deployed but the application or the user is not trusted, then the AP aborts with the following message while performing the protect or unprotect operations:
API consumer is not part of the trusted applications, please contact the Security Officer

Configure a trusted application in the ESA by performing the following.

  1. From the ESA Web UI, navigate to Policy ManagementPolicies & Trusted ApplicationsTrusted Application.
  2. Create a trusted application.
  3. Deploy the trusted application using the Policy Management Web UI.

For more information about trusted applications, refer to Working With Trusted Applications.

Adding a Trusted Application to Data Store

Add a trusted application to data store by performing the following.

  1. From the ESA Web UI, navigate to Policy ManagementData Stores.
    The list of all the data stores appear.
  2. Select the required data store.
    The screen to edit the data store appears.
  3. Under the Trusted Applications tab, click Add.
    The screen to add the trusted application appears.
  4. Select the required trusted application and click Add.
  5. Select the required policy and deploy it using the Policy Management Web UI.

For more information about adding a trusted application to data store, refer to Linking Data Store to a Trusted Application.

Installing the AP Python

Install the AP Python by performing the following steps.

  1. To install the AP Python, refer to Application Protector Python Installation.

  2. Verify if the AP Python is successfully installed by performing the following.
    a. Initialize the AP Python.
    For more information about the AP Python initialization API, refer to Initialize the protector.
    b. Run the get_version method using the following command to check the version of the installed AP Python.

    The following is a sample code to check the version number of the installed AP Python.

     from appython import Protector
 protector = Protector()
 print(protector.get_version())

    c. Save the sample code and name it .py. d. Run the command python .py to know the version of the installed AP Python.

Running the AP Python APIs

After setting up the policy and trusted application, you can begin testing the AP Python APIs for protection, unprotection, and reprotection.

For more information about the AP Python APIs, refer to Application Protector Python APIs.

For more information about the AP Python return codes, refer to Application Protector API Return Codes.

The following represents a sample AP Python application for performing the protect, unprotect, and reprotect operations.

from appython import Protector
if __name__ == "__main__":

    # Initialize the protector
    protector = Protector()

    # Create session with policy user
    session = protector.create_session("USER1")

    # Protect operation
    p_out = session.protect("Protegrity1", "TE_AN_SLT13_L0R0_N")
    print("Protected Data: %s" %p_out)

    # Reprotect operation
    r_out = session.reprotect(p_out, "TE_AN_SLT13_L0R0_N", "TE_AN_SLT13_L0R0_N")
    print("Reprotected Data: %s" %r_out)

    # Unprotect operation
    org = session.unprotect(r_out, "TE_AN_SLT13_L0R0_N")
    print("Unprotected Data: %s" %org)

Last modified : January 19, 2026