This document describes the different types of API endpoints available with Sensitive Data Protection. This document also provides points to consider when deciding which endpoint type to use in your Sensitive Data Protection requests. For general information about the different types of API endpoints, see API endpoint types in the Assured Workloads documentation.
An API endpoint (or service endpoint) is a base URL that specifies the network address of a Google Cloud API service like Sensitive Data Protection. Sensitive Data Protection has global and regional endpoints.
Global API endpoint
The global endpoint of Sensitive Data Protection is dlp.googleapis.com.
Globally scoped endpoints provide highly available service endpoints that terminate the TLS session as close to the client as possible, which minimizes latency when serving API calls from a dispersed client population over the internet.
When you send a request to a global endpoint, you can specify the location where
you want to process the request. If you don't specify a location in your
request, the request is processed in the global region. For example, if you
send a POST request to the following URL, the request is sent to the global
endpoint and processed in the global region.
https://dlp.googleapis.com/v2/projects/example-project/content:inspect
If you specify a location in your request to a global endpoint, the request
is sent to the global endpoint and processed in the region that you specified.
For example, if you send a POST request to the following
URL, the request is sent to the global endpoint and processed in the us-west1
region.
https://dlp.googleapis.com/v2/projects/example-project/locations/us-west1/content:inspect
There is no guarantee that the data in transit remains in the processing region that you specified. If you aren't required to keep in-transit data within a specific region, then calling the global endpoint in this manner is sufficient.
Regional API endpoints
Regional endpoints (REP) let you keep in-transit data within a specific
region. A regional endpoint specifies the location as a subdomain—for
example, dlp.us-west1.rep.googleapis.com.
A regional endpoint for Sensitive Data Protection follows this format:
dlp.REP_REGION.rep.googleapis.com
Replace REP_REGION with a regional endpoint available
for Sensitive Data Protection.
Regional endpoints terminate TLS sessions in the location specified by the endpoint for requests received from the public internet or from private connectivity.
Regional endpoints guarantee data residency by ensuring that your data at rest, in use, and in transit isn't moved out of the location specified by the endpoint. This guarantee excludes Service Data. For more information, see Note on Customer Data and Service Data.
Choosing between the global and regional endpoints
Consider the following when choosing between global and regional endpoints:
If your organization is required to keep data at rest, in use, and in transit within a specific region, then you must use regional endpoints. If you aren't required to keep in-transit data within a specific region, then you can use global endpoints.
Regional endpoints are supported by a limited number of regions. For a full list of regions where Sensitive Data Protection is available, see Sensitive Data Protection locations.
Sensitive Data Protection has separate sets of quotas for the following:
- Request to global endpoints
- Requests to global endpoints where a processing location is specified
- Requests to regional endpoints
The quotas for regional endpoints are lower than the quotas for the other two.
If your client application is configured to use global endpoints and you want to start using regional endpoints, you need to configure your client application to specify the REP-supported region in the subdomain and the path of each hostname that you use in your requests. For more information, see Specify a region in a request to a regional endpoint.
What's next
- Refer to a list of locations where Sensitive Data Protection is available.
- Learn how to specify a location in your
request.