DLP API Client Libraries

This page shows how to get started with the Cloud Client Libraries for the Cloud Data Loss Prevention API. Read more about the client libraries for Cloud APIs, including the older Google APIs Client Libraries, in Client Libraries Explained.

The DLP API client libraries mentioned on this page are supported on Compute Engine, App Engine - Flexible Environment, Google Kubernetes Engine, and Cloud Functions. The DLP API client library for Java is supported on Java 8 on App Engine standard environment.

If you are using Java 7 on App Engine standard environment, or App Engine - Standard environment with Go, PHP, or Python, use the REST Interface to access the DLP API.

Installing the client library

C#

For more information, see Setting Up a C# Development Environment. To build and run a sample, open the solution file (Dlp.sln) with Visual Studio 2015 or later and build it.

For more information, see the README.

Go

go get -u github.com/GoogleCloudPlatform/golang-samples/dlp

Java

For more information, see Setting Up a Java Development Environment. If you are using Maven, add this to your pom.xml file:

<dependency>
    <groupId>com.google.cloud</groupId>
    <artifactId>google-cloud-dlp</artifactId>
    <version></version>
</dependency>

If you are using Gradle, add this to your dependencies:

compile group: 'com.google.cloud', name: 'google-cloud-dlp', version: ''

Node.js

For more information, see Setting Up a Node.js Development Environment.
npm install --save @google-cloud/dlp

PHP

composer require google/cloud-dlp

Python

For more information, see Setting Up a Python Development Environment.
  1. Install pip and virtualenv if you do not already have them. You may want to refer to the Python Development Environment Setup Guide for Google Cloud Platform for instructions.
  2. Clone or download the Google Cloud Platform Python Docs Samples on GitHub.
  3. Create a virtualenv. Samples are compatible with Python 2.7.x and 3.4 and higher.
    $ virtualenv env
    $ source env/bin/activate
  4. From the dlp directory within the cloned or unzipped Google Cloud Platform Python Docs Samples directory, install the dependencies needed to run the samples.
    $ pip install -r requirements.txt

Ruby

For more information, see Setting Up a Ruby Development Environment.
gem install google-api-client

Setting up authentication

To run the client library, you must first set up authentication by creating a service account and setting an environment variable. Complete the following steps to set up authentication. For more information, see the GCP authentication documentation .

GCP Console

  1. Go to the Create service account key page in the GCP Console.

    Go to the Create Service Account Key page
  2. From the Service account drop-down list, select New service account.
  3. Enter a name into the Service account name field.
  4. From the Role drop-down list, select Project > Owner.

    Note: The Role field authorizes your service account to access resources. You can view and change this field later using GCP Console. If you are developing a production application, specify more granular permissions than Project > Owner. For more information, see granting roles to service accounts.
  5. Click Create. A JSON file that contains your key downloads to your computer.

Command line

You can run the following commands using the Cloud SDK on your local machine, or within Cloud Shell.

  1. Create the service account. Replace [NAME] with your desired service account name.

    gcloud iam service-accounts create [NAME]
  2. Grant permissions to the service account. Replace [PROJECT_ID] with your project ID.

    gcloud projects add-iam-policy-binding [PROJECT_ID] --member "serviceAccount:[NAME]@[PROJECT_ID].iam.gserviceaccount.com" --role "roles/owner"
    Note: The Role field authorizes your service account to access resources. You can view and change this field later using GCP Console. If you are developing a production application, specify more granular permissions than Project > Owner. For more information, see granting roles to service accounts.
  3. Generate the key file. Replace [FILE_NAME] with a name for the key file.

    gcloud iam service-accounts keys create [FILE_NAME].json --iam-account [NAME]@[PROJECT_ID].iam.gserviceaccount.com

Provide authentication credentials to your application code by setting the environment variable GOOGLE_APPLICATION_CREDENTIALS. Replace [PATH] with the file path of the JSON file that contains your service account key, and [FILE_NAME] with the filename. This variable only applies to your current shell session, so if you open a new session, set the variable again.

Linux or macOS

export GOOGLE_APPLICATION_CREDENTIALS="[PATH]"

For example:

export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/[FILE_NAME].json"

Windows

With PowerShell:

$env:GOOGLE_APPLICATION_CREDENTIALS="[PATH]"

For example:

$env:GOOGLE_APPLICATION_CREDENTIALS="C:\Users\username\Downloads\[FILE_NAME].json"

With command prompt:

set GOOGLE_APPLICATION_CREDENTIALS=[PATH]

Using the client library

The following example shows how to use the client library.

Go

func main() {
	ctx := context.Background()

	projectID := "PROJECT_ID"

	// Creates a DLP client.
	client, err := dlp.NewClient(ctx)
	if err != nil {
		log.Fatalf("error creating DLP client: %v", err)
	}

	// The string to inspect.
	input := "Robert Frost"

	// The minimum likelihood required before returning a match.
	minLikelihood := dlppb.Likelihood_POSSIBLE

	// The maximum number of findings to report (0 = server maximum).
	maxFindings := int32(0)

	// Whether to include the matching string.
	includeQuote := true

	// The infoTypes of information to match.
	infoTypes := []*dlppb.InfoType{
		{
			Name: "PERSON_NAME",
		},
		{
			Name: "US_STATE",
		},
	}

	// Construct item to inspect.
	item := &dlppb.ContentItem{
		DataItem: &dlppb.ContentItem_Value{
			Value: input,
		},
	}

	// Construct request.
	req := &dlppb.InspectContentRequest{
		Parent: "projects/" + projectID,
		InspectConfig: &dlppb.InspectConfig{
			InfoTypes:     infoTypes,
			MinLikelihood: minLikelihood,
			Limits: &dlppb.InspectConfig_FindingLimits{
				MaxFindingsPerRequest: maxFindings,
			},
			IncludeQuote: includeQuote,
		},
		Item: item,
	}

	// Run request.
	resp, err := client.InspectContent(ctx, req)
	if err != nil {
		log.Fatal(err)
	}
	findings := resp.GetResult().GetFindings()
	if len(findings) == 0 {
		fmt.Println("No findings.")
	}
	fmt.Println("Findings:")
	for _, f := range findings {
		if includeQuote {
			fmt.Println("\tQuote: ", f.GetQuote())
		}
		fmt.Println("\tInfo type: ", f.GetInfoType().GetName())
		fmt.Println("\tLikelihood: ", f.GetLikelihood())
	}
}

Java

public class QuickStart {

  /** Quick start to DLP API : inspects a given string for an InfoType. */
  public static void main(String[] args) throws Exception {

    // string to inspect
    String text = "His name was Robert Frost";

    // The minimum likelihood required before returning a match:
    // LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY, UNRECOGNIZED
    Likelihood minLikelihood = Likelihood.POSSIBLE;

    // The maximum number of findings to report (0 = server maximum)
    int maxFindings = 0;

    // The infoTypes of information to match
    List<InfoType> infoTypes =
        Arrays.asList(
            InfoType.newBuilder().setName("PERSON_NAME").build(),
            InfoType.newBuilder().setName("US_STATE").build());

    // Whether to include the matching string
    boolean includeQuote = true;

    // instantiate a client
    try (DlpServiceClient dlpServiceClient = DlpServiceClient.create()) {

      InspectConfig.FindingLimits findingLimits =
          InspectConfig.FindingLimits.newBuilder().setMaxFindingsPerItem(maxFindings).build();

      InspectConfig inspectConfig =
          InspectConfig.newBuilder()
              .addAllInfoTypes(infoTypes)
              .setMinLikelihood(minLikelihood)
              .setLimits(findingLimits)
              .setIncludeQuote(includeQuote)
              .build();

      ByteContentItem byteContentItem =
          ByteContentItem.newBuilder()
              .setType(ByteContentItem.BytesType.TEXT_UTF8)
              .setData(ByteString.copyFromUtf8(text))
              .build();
      ContentItem contentItem = ContentItem.newBuilder().setByteItem(byteContentItem).build();

      String projectId = ServiceOptions.getDefaultProjectId();
      InspectContentRequest request =
          InspectContentRequest.newBuilder()
              .setParent(ProjectName.of(projectId).toString())
              .setInspectConfig(inspectConfig)
              .setItem(contentItem)
              .build();

      // Inspect the text for info types
      InspectContentResponse response = dlpServiceClient.inspectContent(request);

      InspectResult result = response.getResult();
      if (result.getFindingsCount() > 0) {
        System.out.println("Findings: ");
        for (Finding finding : result.getFindingsList()) {
          if (includeQuote) {
            System.out.print("\tQuote: " + finding.getQuote());
          }
          System.out.print("\tInfo type: " + finding.getInfoType().getName());
          System.out.println("\tLikelihood: " + finding.getLikelihood());
        }
      } else {
        System.out.println("No findings.");
      }
    } catch (Exception e) {
      System.out.println("Error in inspectString: " + e.getMessage());
    }
  }
}

Node.js

// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');

// Instantiates a client
const dlp = new DLP.DlpServiceClient();

// The string to inspect
const string = 'Robert Frost';

// The project ID to run the API call under
const projectId = process.env.GCLOUD_PROJECT;

// The minimum likelihood required before returning a match
const minLikelihood = 'LIKELIHOOD_UNSPECIFIED';

// The maximum number of findings to report (0 = server maximum)
const maxFindings = 0;

// The infoTypes of information to match
const infoTypes = [{name: 'PERSON_NAME'}, {name: 'US_STATE'}];

// Whether to include the matching string
const includeQuote = true;

// Construct item to inspect
const item = {value: string};

// Construct request
const request = {
  parent: dlp.projectPath(projectId),
  inspectConfig: {
    infoTypes: infoTypes,
    minLikelihood: minLikelihood,
    limits: {
      maxFindingsPerRequest: maxFindings,
    },
    includeQuote: includeQuote,
  },
  item: item,
};

// Run request
dlp
  .inspectContent(request)
  .then(response => {
    const findings = response[0].result.findings;
    if (findings.length > 0) {
      console.log(`Findings:`);
      findings.forEach(finding => {
        if (includeQuote) {
          console.log(`\tQuote: ${finding.quote}`);
        }
        console.log(`\tInfo type: ${finding.infoType.name}`);
        console.log(`\tLikelihood: ${finding.likelihood}`);
      });
    } else {
      console.log(`No findings.`);
    }
  })
  .catch(err => {
    console.error(`Error in inspectString: ${err.message || err}`);
  });

PHP

use Google\Cloud\Dlp\V2\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\InspectConfig_FindingLimits;

// Instantiate a client.
$dlp = new DlpServiceClient();

// The infoTypes of information to match
$usNameInfoType = (new InfoType())
    ->setName('PERSON_NAME');
$phoneNumberInfoType = (new InfoType())
    ->setName('PHONE_NUMBER');
$infoTypes = [$usNameInfoType, $phoneNumberInfoType];

// Set the string to inspect
$stringToInspect = 'Robert Frost';

// Only return results above a likelihood threshold, 0 for all
$minLikelihood = likelihood::LIKELIHOOD_UNSPECIFIED;

// Limit the number of findings, 0 for no limit
$maxFindings = 0;

// Whether to include the matching string in the response
$includeQuote = true;

// Specify finding limits
$limits = (new InspectConfig_FindingLimits())
    ->setMaxFindingsPerRequest($maxFindings);

// Create the configuration object
$inspectConfig = (new InspectConfig())
    ->setMinLikelihood($minLikelihood)
    ->setLimits($limits)
    ->setInfoTypes($infoTypes)
    ->setIncludeQuote($includeQuote);

$content = (new ContentItem())
    ->setValue($stringToInspect);

$parent = $dlp->projectName(getEnv('GOOGLE_PROJECT_ID'));

// Run request
$response = $dlp->inspectContent($parent, array(
    'inspectConfig' => $inspectConfig,
    'item' => $content
));

$likelihoods = ['Unknown', 'Very unlikely', 'Unlikely', 'Possible',
                'Likely', 'Very likely'];

// Print the results
$findings = $response->getResult()->getFindings();
if (count($findings) == 0) {
    print('No findings.' . PHP_EOL);
} else {
    print('Findings:' . PHP_EOL);
    foreach ($findings as $finding) {
        if ($includeQuote) {
            print('  Quote: ' . $finding->getQuote() . PHP_EOL);
        }
        print('  Info type: ' . $finding->getInfoType()->getName() . PHP_EOL);
        $likelihoodString = $likelihoods[$finding->getLikelihood()];
        print('  Likelihood: ' . $likelihoodString . PHP_EOL);
    }
}

Python

# Import the client library
import google.cloud.dlp

# Edit this with your Google Cloud Project ID.
project = 'your-project'

# Instantiate a client.
dlp = google.cloud.dlp.DlpServiceClient()

# The string to inspect
content = 'Robert Frost'

# Construct the item to inspect.
item = {'value': content}

# The info types to search for in the content. Required.
info_types = [{'name': 'FIRST_NAME'}, {'name': 'LAST_NAME'}]

# The minimum likelihood to constitute a match. Optional.
min_likelihood = 'LIKELIHOOD_UNSPECIFIED'

# The maximum number of findings to report (0 = server maximum). Optional.
max_findings = 0

# Whether to include the matching string in the results. Optional.
include_quote = True

# Construct the configuration dictionary. Keys which are None may
# optionally be omitted entirely.
inspect_config = {
    'info_types': info_types,
    'min_likelihood': min_likelihood,
    'include_quote': include_quote,
    'limits': {'max_findings_per_request': max_findings},
}

# Convert the project id into a full resource id.
parent = dlp.project_path(project)

# Call the API.
response = dlp.inspect_content(parent, inspect_config, item)

# Print out the results.
if response.result.findings:
    for finding in response.result.findings:
        try:
            print('Quote: {}'.format(finding.quote))
        except AttributeError:
            pass
        print('Info type: {}'.format(finding.info_type.name))
        # Convert likelihood value to string respresentation.
        likelihood = (google.cloud.dlp.types.Finding.DESCRIPTOR
                      .fields_by_name['likelihood']
                      .enum_type.values_by_number[finding.likelihood]
                      .name)
        print('Likelihood: {}'.format(likelihood))
else:
    print('No findings.')

Additional Resources

Was this page helpful? Let us know how we did:

Send feedback about...

Data Loss Prevention API