This page shows you how to perform basic tasks in the Cloud Data Loss Prevention API by making calls directly to the API.
Before you begin
-
Sign in to your Google Account.
If you don't already have one, sign up for a new account.
-
In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.
- Enable the DLP API.
- Install and initialize the Cloud SDK.
Permissions
Inspecting content requires the serviceusage.services.use
permission for the
project that's specified in parent
. The roles/editor
, roles/owner
,
and roles.dlp.user
roles contain the required permission or you can define
your own custom role.
To give your user the dlp.admin
role at the project level:
Web UI
Open the Identity and Access Management page in the Google Cloud Console.
Click Select a project.
Select your project and click Open.
On the Identity and Access Management page, click Add.
In the Add members dialog:
- For Members type the user email:
test@example.com
. - For Roles, click Select a role and choose Cloud DLP > DLP User.
- For Members type the user email:
Click Add.
Command-line
To add a single binding to the project's IAM policy, type the following command, replacing
[PROJECT_ID]
with your project ID.gcloud projects add-iam-policy-binding [PROJECT_ID] --member user:test@example.com --role roles/dlp.user
The command writes the updated policy to the console window:
bindings: - members: - user:test@example.com role: roles/dlp.user
Inspect a string for sensitive information
This section shows you how to ask the service to scan sample text
using the projects.content.inspect
REST method.
Create a JSON request file with the following text, and save it as
inspect-request.json
.{ "item":{ "value":"My phone number is (206) 555-0123." }, "inspectConfig":{ "infoTypes":[ { "name":"PHONE_NUMBER" }, { "name":"US_TOLLFREE_PHONE_NUMBER" } ], "minLikelihood":"POSSIBLE", "limits":{ "maxFindingsPerItem":0 }, "includeQuote":true } }
This JSON request contains an
InspectConfig
and aContentItem
object. After completing this Quickstart, try adding your own string to theitem
, and try modifying some of theinspectConfig
fields to see their effects.Obtain an authorization token:
gcloud auth print-access-token
Use
curl
to make acontent:inspect
request, passing it the access token you printed and the filename of the JSON request you set up in step 1:curl -s \ -H "Authorization: Bearer [ACCESS_TOKEN]" \ -H "Content-Type: application/json" \ https://dlp.googleapis.com/v2/projects/[PROJECT_ID]/content:inspect \ -d @inspect-request.json
Note that to pass a filename to
curl
you use the-d
option (for "data") and precede the filename with an@
sign. This file should be in the same directory in which you execute thecurl
command.
Cloud DLP responds to your request with the following JSON:
{
"result":{
"findings":[
{
"quote":"(206) 555-0123",
"infoType":{
"name":"PHONE_NUMBER"
},
"likelihood":"LIKELY",
"location":{
"byteRange":{
"start":"19",
"end":"33"
},
"codepointRange":{
"start":"19",
"end":"33"
}
},
"createTime":"2018-11-30T01:01:30.883Z"
}
]
}
}
Congratulations! You've sent your first request to Cloud DLP!
What's next?
- Read How-to guides to get started with inspecting text and images for sensitive data, as well as redacting sensitive data from text and images.
- Read Concepts to better understand inspection, redaction, infoTypes, and likelihood.
- Take a look at the API Reference.