Quickstart: Using a JSON request

This page shows you how to perform basic tasks in the Cloud Data Loss Prevention API by making calls directly to the API.

Before you begin

  1. Sign in to your Google Account.

    If you don't already have one, sign up for a new account.

  2. In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

    Go to the project selector page

  3. Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.

  4. Enable the DLP API.

    Enable the API

  5. Install and initialize the Cloud SDK.


Inspecting content requires the serviceusage.services.use permission for the project that's specified in parent. The roles/editor, roles/owner, and roles.dlp.user roles contain the required permission or you can define your own custom role.

To give your user the dlp.admin role at the project level:

Web UI

  1. Open the Identity and Access Management page in the Google Cloud Console.

    Open the IAM page

  2. Click Select a project.

  3. Select your project and click Open.

  4. On the Identity and Access Management page, click Add.

  5. In the Add members dialog:

    • For Members type the user email: test@example.com.
    • For Roles, click Select a role and choose Cloud DLP > DLP User.

  6. Click Add.


  1. To add a single binding to the project's IAM policy, type the following command, replacing [PROJECT_ID] with your project ID.

    gcloud projects add-iam-policy-binding [PROJECT_ID] --member user:test@example.com --role roles/dlp.user

  2. The command writes the updated policy to the console window:

    - members:
    - user:test@example.com
    role: roles/dlp.user

Inspect a string for sensitive information

This section shows you how to ask the service to scan sample text using the projects.content.inspect REST method.

  1. Create a JSON request file with the following text, and save it as inspect-request.json.

        "value":"My phone number is (206) 555-0123."

    This JSON request contains an InspectConfig and a ContentItem object. After completing this Quickstart, try adding your own string to the item, and try modifying some of the inspectConfig fields to see their effects.

  2. Obtain an authorization token:

    gcloud auth print-access-token

  3. Use curl to make a content:inspect request, passing it the access token you printed and the filename of the JSON request you set up in step 1:

    curl -s \
    -H "Authorization: Bearer [ACCESS_TOKEN]" \
    -H "Content-Type: application/json" \
    https://dlp.googleapis.com/v2/projects/[PROJECT_ID]/content:inspect \
    -d @inspect-request.json

    Note that to pass a filename to curl you use the -d option (for "data") and precede the filename with an @ sign. This file should be in the same directory in which you execute the curl command.

Cloud DLP responds to your request with the following JSON:

        "quote":"(206) 555-0123",

Congratulations! You've sent your first request to Cloud DLP!

What's next?

  • Read How-to guides to get started with inspecting text and images for sensitive data, as well as redacting sensitive data from text and images.
  • Read Concepts to better understand inspection, redaction, infoTypes, and likelihood.
  • Take a look at the API Reference.