Lookup a specific group.

  • Published on Jul 8, 2025
  • 156 minute(s) read
Prev Next
Get
/sys/v1/groups/{group_id}

Lookup a specific group.

Security
HTTP
Type bearer
API Key: apiKeyAuth
Header parameter nameAuthorization
Path parameters
group_id
string (uuid) Required
Responses
2XX

Success result

object
acct_id
string (uuid)
approval_policy
object
protect_manage_operations
boolean | null

Deprecated, left this for backward compatibility. When this is true, manage operations on security objects require approval.

protect_permissions
Array of string (QuorumGroupPermissions) | null

Use QuorumGroupPermissions to represent operations that require approval.

string

Subset of GroupPermissions to represent GroupPermissions flags in use

GET_SOBJECTS:

ROTATE_SOBJECTS:

REVOKE_SOBJECTS:

REVERT_SOBJECTS:

DELETE_KEY_MATERIAL:

DELETE_SOBJECTS:

DESTROY_SOBJECTS:

MOVE_SOBJECTS:

CREATE_SOBJECTS:

UPDATE_SOBJECTS_PROFILE:

UPDATE_SOBJECTS_ENABLED_STATE:

UPDATE_SOBJECT_POLICIES:

ACTIVATE_SOBJECTS:

UPDATE_KEY_OPS:

Valid values[ "GET_SOBJECTS", "ROTATE_SOBJECTS", "REVOKE_SOBJECTS", "REVERT_SOBJECTS", "DELETE_KEY_MATERIAL", "DELETE_SOBJECTS", "DESTROY_SOBJECTS", "MOVE_SOBJECTS", "CREATE_SOBJECTS", "UPDATE_SOBJECTS_PROFILE", "UPDATE_SOBJECTS_ENABLED_STATE", "UPDATE_SOBJECT_POLICIES", "ACTIVATE_SOBJECTS", "UPDATE_KEY_OPS" ]
protect_crypto_operations
boolean | null

When this is true, cryptographic operations on security objects require approval.

quorum
object
n
integer
members
Array of object (QuorumPolicy)
object Recursive
require_password
boolean | null
require_2fa
boolean | null
user
string (uuid) | null
app
string (uuid) | null
auto_scan
object
scan_interval_hours
integer

The number of hours between successive automatic scans. Must be greater than 0.

Minimum0
Maximum255
client_configurations
object
common
object
retry_timeout_millis
integer | null
cache_ttl
integer | null
log
object
system
boolean | null
file
OneOf
object
object
mode
string
Valid values[ "enabled" ]
path
string | null
file_size_kb
integer | null
max_files
integer | null
Minimum0
Maximum4294967295
object
object
mode
string
Valid values[ "disabled" ]
level
string | null
h2_num_connections
integer | null
quorum_approval
object
wait_for_quorum_approval
object
enabled
boolean

Indicates whether waiting for quorum approval is activated or disabled

poll_interval_secs
integer | null

Time interval in seconds for client lib to check quorum status.

max_wait_for_secs
integer | null

Maximum time in seconds for client lib to wait for quorum reply.

pkcs11
object
fake_rsa_x9_31_keygen_support
boolean | null
signing_aes_key_as_hmac
boolean | null
exact_key_ops
boolean | null
prevent_duplicate_opaque_objects
boolean | null
opaque_objects_are_not_certificates
boolean | null
max_concurrent_requests_per_slot
integer | null
kmip
object
ignore_unknown_key_ops_for_secrets
boolean | null

Use ignore_unknown_key_ops_for with [SECRET] instead of `ignore_unknown_key_ops_for_secrets``

ignore_unknown_key_ops_for
OneOf
object
object
$type
string
Valid values[ "All" ]
object
object
$type
string
Valid values[ "Selection" ]
selection
Array of string (ObjectType)
string

Type of security object.

Valid values[ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "EC", "KCDSA", "ECKCDSA", "BIP32", "BLS", "OPAQUE", "HMAC", "LEDABETA", "ROUND5BETA", "SECRET", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "CERTIFICATE", "PBE" ]
key_ops_override
object
add_key_ops
Array of string (KeyOperations) | null

The operations to add to any key creation request (only supported in KMIP).

The following operations can be specified:

  • EXPORT
  • APPMANAGEABLE
  • HIGHVOLUME

The operations specified cannot conflict with what's specified in the key_ops field of account and/or group policies (where applicable).

Note: This is only enforced on (KMIP) creation requests since we assume updates removing key operations are intentional.

string

Operations allowed to be performed on a given key.

SIGN: If this is set, the key can be used to for signing.

VERIFY: If this is set, the key can used for verifying a signature.

ENCRYPT: If this is set, the key can be used for encryption.

DECRYPT: If this is set, the key can be used for decryption.

WRAPKEY: If this is set, the key can be used wrapping other keys. The key being wrapped must have the EXPORT operation enabled.

UNWRAPKEY: If this is set, the key can be used to unwrap a wrapped key.

DERIVEKEY: If this is set, the key can be used to derive another key.

TRANSFORM: If this is set, the key can be transformed.

MACGENERATE: If this is set, the key can be used to compute a cryptographic Message Authentication Code (MAC) on a message.

MACVERIFY: If they is set, the key can be used to verify a MAC.

EXPORT: If this is set, the value of the key can be retrieved with an authenticated request. This shouldn't be set unless required. It is more secure to keep the key's value inside DSM only.

APPMANAGEABLE: Without this operation, management operations like delete, destroy, rotate, activate, restore, revoke, revert, update, remove_private, etc. cannot be performed by a crypto App. A user with access or admin app can still perform these operations. This option is only relevant for crypto apps.

HIGHVOLUME: If this is set, audit logs will not be recorded for the key. High volume here tries to signify a key that is being used a lot and will produce lots of logs. Setting this operation disables audit logs for the key.

AGREEKEY: If this is set, the key can be used for key agreement. Both the private and public key should have this option enabled to perform an agree operation.

ENCAPSULATE: If this is set, the key can be used for key encapsulation. The result is a new symmetric key and a ciphertext.

DECAPSULATE: If this is set, the key can be used for key decapsulation. If decapsulation succeeds, the result is a new symmetric key.

Valid values[ "SIGN", "VERIFY", "ENCRYPT", "DECRYPT", "WRAPKEY", "UNWRAPKEY", "DERIVEKEY", "TRANSFORM", "MACGENERATE", "MACVERIFY", "EXPORT", "APPMANAGEABLE", "HIGHVOLUME", "AGREEKEY", "ENCAPSULATE", "DECAPSULATE" ]
tep
object
schema
OneOf
object
object
$type
string
Valid values[ "OpenAPI" ]
openapi
string
key_map
Array of object
object
path
object
api_path
string
method
string
context
string
Valid values[ "request", "response" ]
key_path
string
kid
string (uuid)
mode
string

Cipher mode used for symmetric key algorithms.

Valid values[ "ECB", "CBC", "CBCNOPAD", "CFB", "OFB", "CTR", "GCM", "CCM", "KW", "KWP", "FF1" ]
created_at
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
creator

A security principal.

OneOf
PrincipalVariantApp
object (PrincipalVariantApp)
app
string (uuid)
PrincipalVariantUser
object (PrincipalVariantUser)
user
string (uuid)
PrincipalVariantPlugin
object (PrincipalVariantPlugin)
plugin
string (uuid)
PrincipalVariantUserViaApp
object (PrincipalVariantUserViaApp)
userviaapp
object
user_id
string (uuid)
scopes
Array of string (OauthScope)
string

OAuth scope.

Valid values[ "app", "openid", "email", "profile" ]
string
string
Valid values[ "system" ]
string
string
Valid values[ "unregistereduser" ]
cryptographic_policy
object
aes
object
key_sizes
Array of integer | null
integer
Minimum0
Maximum4294967295
random_iv
boolean | null
fpe

FPE-specific options (for specifying the format of the data to be encrypted)

OneOf
object
object
radix
integer

The FPE base for the input data (i.e., the size of the character set of the datatype). This must be an integer from 2 to 36.

This also implicitly defines the alphabet of the datatype. A base from 2 to 10 implies ASCII digits (e.g., a radix of 3 can be used to represent a ternary string), and a base from 11 to 36 implies ASCII digits and uppercase letters (e.g., a radix of 16 can be

Minimum0
Maximum4294967295
min_length
integer

The minimum allowed length for the input data.

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for the input data.

Minimum0
Maximum4294967295
preserve
Array of integer

The list of indices of characters to be preserved while performing encryption/decryption. Indices are Python-like; i.e., nonnegative indices index from the beginning of the input (where 0 is the first character), and negative indices index from the end of the input. (where -1 is the last character, -2 is second to last, and so on).

Any preserved characters will be concatenated together and used as an FF1 tweak. For example, if the input data is "abcd", and the first and last characters are to be preserved, the FF1 tweak will be the ASCII bytes of the string "ad".

integer (int64)
mask
Array of integer | null

The list of indices of characters to be masked while performing masked decryption. Indices are Python-like; i.e., nonnegative indices index from the beginning of the input (where 0 is the first character), and negative indices index from the end of the input. (where -1 is the last character, -2 is second to last, and so on).

integer (int64)
luhn_check
boolean | null

Whether the encrypted/decrypted data contains a checksum digit that satisfies the Luhn formula. (The output ciphertext/plaintext will also contain a Luhn checksum digit.)

name
string | null

The user-provided name for the data type that represents the input data.

object
object
format

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object
or
Array of object (FpeDataPart)

The actual subparts that make up this compound part.

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object Recursive
object
object
concat
Array of object (FpeDataPart)

The actual subparts that make up this compound part, in order.

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object Recursive
object
object Recursive
object
object
multiple

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object Recursive
object
object Recursive
object
object Recursive
min_repetitions
integer | null

The minimum number of times the subpart may occur. (A value of 1 marks a single occurrence.)

max_repetitions
integer | null

The maximum number of times the subpart may occur. (A value of 1 marks a single occurrence.)

constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire Multiple should be preserved as-is (i.e., not tokenized). If this is set, the multiple subpart and its descendants cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire Multiple should be masked when doing masked decryption. If this is set, the multiple subpart and its descendants cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire concat should be preserved as-is (i.e., not tokenized). If this is set, any descendant subparts cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire concat should be masked when doing masked decryption. If this is set, any descendant subparts cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
object
object
multiple

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object Recursive
object
object
concat
Array of object (FpeDataPart)

The actual subparts that make up this compound part, in order.

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object Recursive
object
object Recursive
object
object Recursive
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire concat should be preserved as-is (i.e., not tokenized). If this is set, any descendant subparts cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire concat should be masked when doing masked decryption. If this is set, any descendant subparts cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
object
object Recursive
min_repetitions
integer | null

The minimum number of times the subpart may occur. (A value of 1 marks a single occurrence.)

max_repetitions
integer | null

The maximum number of times the subpart may occur. (A value of 1 marks a single occurrence.)

constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire Multiple should be preserved as-is (i.e., not tokenized). If this is set, the multiple subpart and its descendants cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire Multiple should be masked when doing masked decryption. If this is set, the multiple subpart and its descendants cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire OR should be preserved as-is (i.e., not tokenized). If this is set, any descendant subparts cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire OR should be masked when doing masked decryption. If this is set, any descendant subparts cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
object
object
concat
Array of object (FpeDataPart)

The actual subparts that make up this compound part, in order.

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object
or
Array of object (FpeDataPart)

The actual subparts that make up this compound part.

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object Recursive
object
object Recursive
object
object
multiple

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object Recursive
object
object Recursive
object
object Recursive
min_repetitions
integer | null

The minimum number of times the subpart may occur. (A value of 1 marks a single occurrence.)

max_repetitions
integer | null

The maximum number of times the subpart may occur. (A value of 1 marks a single occurrence.)

constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire Multiple should be preserved as-is (i.e., not tokenized). If this is set, the multiple subpart and its descendants cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire Multiple should be masked when doing masked decryption. If this is set, the multiple subpart and its descendants cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire OR should be preserved as-is (i.e., not tokenized). If this is set, any descendant subparts cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire OR should be masked when doing masked decryption. If this is set, any descendant subparts cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
object
object Recursive
object
object
multiple

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object
or
Array of object (FpeDataPart)

The actual subparts that make up this compound part.

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object Recursive
object
object Recursive
object
object Recursive
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire OR should be preserved as-is (i.e., not tokenized). If this is set, any descendant subparts cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire OR should be masked when doing masked decryption. If this is set, any descendant subparts cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
object
object Recursive
object
object Recursive
min_repetitions
integer | null

The minimum number of times the subpart may occur. (A value of 1 marks a single occurrence.)

max_repetitions
integer | null

The maximum number of times the subpart may occur. (A value of 1 marks a single occurrence.)

constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire Multiple should be preserved as-is (i.e., not tokenized). If this is set, the multiple subpart and its descendants cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire Multiple should be masked when doing masked decryption. If this is set, the multiple subpart and its descendants cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire concat should be preserved as-is (i.e., not tokenized). If this is set, any descendant subparts cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire concat should be masked when doing masked decryption. If this is set, any descendant subparts cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
object
object
multiple

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object
or
Array of object (FpeDataPart)

The actual subparts that make up this compound part.

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object Recursive
object
object
concat
Array of object (FpeDataPart)

The actual subparts that make up this compound part, in order.

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object Recursive
object
object Recursive
object
object Recursive
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire concat should be preserved as-is (i.e., not tokenized). If this is set, any descendant subparts cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire concat should be masked when doing masked decryption. If this is set, any descendant subparts cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
object
object Recursive
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire OR should be preserved as-is (i.e., not tokenized). If this is set, any descendant subparts cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire OR should be masked when doing masked decryption. If this is set, any descendant subparts cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
object
object
concat
Array of object (FpeDataPart)

The actual subparts that make up this compound part, in order.

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object
or
Array of object (FpeDataPart)

The actual subparts that make up this compound part.

Structure for specifying (part of) a complex tokenization data type.

OneOf
object
object
min_length
integer

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
cipher_char_set
Array of array

The alphabet to use for an encrypted portion of a complex tokenization data type. Characters should be specified as a list of pairs, where each pair [a, b] represents the range of Unicode code points from a to b, with both bounds being inclusive. A single code point can be specified as [c, c].

Normally, each character is assigned a numeric value for FF1. The first character is assigned a value of 0, and subsequent characters are assigned values of 1, 2, and so on, up to the size of the alphabet. Note that the order of the ranges matters; characters appearing in later ranges are assigned higher numerical values compared to earlier characters. For instance, in the FpeCharSet [['a', 'z'], ['0', '9']], the digits '0' to '9' are assigned values from 26 to 35, since they are listed after the 'a' to 'z' range.

In any case, ranges should not overlap with each other, and should not contain surrogate code points.

Array of string
Min items2
Max items2
string
Min length1
Max length1
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
mask

A structure indicating which indices in an encrypted part to mask or preserve.

OneOf
string
string
Valid values[ "all" ]
array
array
integer (int64)
object
object
literal
Array of string

The list of possible strings that make up this literal portion of the token. For example, if a delimiter can either be a space or a dash, the list would be [" ", "-"].

Implementation note: the backend will pick the first choice that matches when when parsing the input. If this results in an invalid parse of the rest of the input, the backend will not backtrack and will simply return with an error.

string
object
OneOf
object
object Recursive
object
object Recursive
object
object Recursive
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire OR should be preserved as-is (i.e., not tokenized). If this is set, any descendant subparts cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire OR should be masked when doing masked decryption. If this is set, any descendant subparts cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
object
object Recursive
object
object Recursive
constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire concat should be preserved as-is (i.e., not tokenized). If this is set, any descendant subparts cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire concat should be masked when doing masked decryption. If this is set, any descendant subparts cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
object
object Recursive
min_repetitions
integer | null

The minimum number of times the subpart may occur. (A value of 1 marks a single occurrence.)

max_repetitions
integer | null

The maximum number of times the subpart may occur. (A value of 1 marks a single occurrence.)

constraints
object
luhn_check
boolean | null

Whether the token part contains a checksum that satisfies the Luhn formula. It is an error to apply this constraint to non-numeric parts, or to have an encrypted part be under more than one Luhn check constraint. Also, if an encrypted part has a Luhn check constraint applied to it and may contain at least one digit that is not preserved, it must not specify any other constraints.

num_gt
integer | null

Number that the token part should be greater than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_lt
integer | null

Number that the token part should be smaller than.

This constraint can only be specified on (non-compound) numeric encrypted parts guaranteed to preserve either everything or nothing at all. (For example, if an encrypted part consists of 5 to 10 digits, a preserve list that covers only the first five digits is not guaranteed to preserve everything, because if the input happens to be six or more digits long, there will be at least one digit that remains unpreserved.)

num_ne
Array of integer | null

Numbers that the token part should not be equal to. It is an error to apply this constraint to non-numeric parts.

integer
date

Possible date-related constraint types for a portion of a complex tokenization data type.

OneOf
object
OneOf
FpeDateVariantDayMonthYear
object (FpeDateVariantDayMonthYear)
dmy_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 28, 29, 30, or 31, depending on the month and year.

Minimum0
Maximum255
FpeDateVariantMonthDay
object (FpeDateVariantMonthDay)
month_day_date
object
before
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
after
object
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
day
integer

The day, which should be an integer from 1 to either 29, 30, or 31, depending on the month and year. Here, February is treated as having 29 days.

Minimum0
Maximum255
FpeDateVariantMonthYear
object (FpeDateVariantMonthYear)
month_year_date
object
before
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
after
object
year
integer

The year, which should be an integer less than 100000. Zero is treated as a leap year.

Minimum0
Maximum4294967295
month
integer

The month, which should be an integer from 1 to 12.

Minimum0
Maximum255
string
string
Valid values[ "month", "day", "year" ]
applies_to

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object
property*

A structure indicating which subparts to which to apply a set of constraints.

OneOf
string
string
Valid values[ "all" ]
object
object Recursive
preserve
boolean | null

Whether the entire Multiple should be preserved as-is (i.e., not tokenized). If this is set, the multiple subpart and its descendants cannot contain any preserve-related fields set.

mask
boolean | null

Whether the entire Multiple should be masked when doing masked decryption. If this is set, the multiple subpart and its descendants cannot contain any mask-related fields set.

min_length
integer | null

The minimum allowed length for this part (in chars).

Minimum0
Maximum4294967295
max_length
integer | null

The maximum allowed length for this part (in chars).

Minimum0
Maximum4294967295
description
string | null

The user-provided name for the data type.

aria
object
key_sizes
Array of integer | null
integer
Minimum0
Maximum4294967295
random_iv
boolean | null
des3
object
key_sizes
Array of integer | null
integer
Minimum0
Maximum4294967295
random_iv
boolean | null
rsa
object
encryption_policy
Array of object (RsaEncryptionPolicy) | null
object
padding

RSA encryption padding policy.

OneOf
RsaEncryptionPaddingPolicyVariantOaep
object (RsaEncryptionPaddingPolicyVariantOaep)
OAEP
object
mgf

MGF policy.

OneOf
MgfPolicyVariantMgf1
object (MgfPolicyVariantMgf1)
mgf1
object
hash
string

A hash algorithm.

Valid values[ "BLAKE2B256", "BLAKE2B384", "BLAKE2B512", "BLAKE2S256", "RIPEMD160", "SSL3", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", "STREEBOG256", "STREEBOG512", "SHA3_224", "SHA3_256", "SHA3_384", "SHA3_512" ]
RsaEncryptionPaddingPolicyVariantPkcs1V15
object (RsaEncryptionPaddingPolicyVariantPkcs1V15)
PKCS1_V15
object
RsaEncryptionPaddingPolicyVariantRawDecrypt
object (RsaEncryptionPaddingPolicyVariantRawDecrypt)
RAW_DECRYPT
object
signature_policy
Array of object (RsaSignaturePolicy) | null

Signature policy for an RSA key. When doing a signature operation, the policies are evaluated against the specified parameters one by one. If one matches, the operation is allowed. If none match, including if the policy list is empty, the operation is disallowed. Missing optional parameters will have their defaults specified according to the matched policy. The default for new keys is [{}] (no constraints). If (part of) a constraint is not specified, anything is allowed for that constraint.

object
padding

RSA signature padding policy.

OneOf
RsaSignaturePaddingPolicyVariantPss
object (RsaSignaturePaddingPolicyVariantPss)
PSS
object
mgf

MGF policy.

OneOf
MgfPolicyVariantMgf1
object (MgfPolicyVariantMgf1)
mgf1
object
hash
string

A hash algorithm.

Valid values[ "BLAKE2B256", "BLAKE2B384", "BLAKE2B512", "BLAKE2S256", "RIPEMD160", "SSL3", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", "STREEBOG256", "STREEBOG512", "SHA3_224", "SHA3_256", "SHA3_384", "SHA3_512" ]
RsaSignaturePaddingPolicyVariantPkcs1V15
object (RsaSignaturePaddingPolicyVariantPkcs1V15)
PKCS1_V15
object
minimum_key_length
integer | null

The minimum allowed key length. This is only relevant for group or account cryptographic policies (and hence has no effect in an RSA policy on a specific key).

Minimum0
Maximum4294967295
hmac
object
minimum_key_length
integer | null
Minimum0
Maximum4294967295
ec
object
elliptic_curves
Array of string (EllipticCurve) | null
string

Identifies a standardized elliptic curve.

Valid values[ "X25519", "Ed25519", "X448", "SecP192K1", "SecP224K1", "SecP256K1", "NistP192", "NistP224", "NistP256", "NistP384", "NistP521", "Gost256A" ]
legacy_policy
string
Valid values[ "allowed", "prohibited", "unprotect_only" ]
key_ops
Array of string (KeyOperations) | null
string

Operations allowed to be performed on a given key.

SIGN: If this is set, the key can be used to for signing.

VERIFY: If this is set, the key can used for verifying a signature.

ENCRYPT: If this is set, the key can be used for encryption.

DECRYPT: If this is set, the key can be used for decryption.

WRAPKEY: If this is set, the key can be used wrapping other keys. The key being wrapped must have the EXPORT operation enabled.

UNWRAPKEY: If this is set, the key can be used to unwrap a wrapped key.

DERIVEKEY: If this is set, the key can be used to derive another key.

TRANSFORM: If this is set, the key can be transformed.

MACGENERATE: If this is set, the key can be used to compute a cryptographic Message Authentication Code (MAC) on a message.

MACVERIFY: If they is set, the key can be used to verify a MAC.

EXPORT: If this is set, the value of the key can be retrieved with an authenticated request. This shouldn't be set unless required. It is more secure to keep the key's value inside DSM only.

APPMANAGEABLE: Without this operation, management operations like delete, destroy, rotate, activate, restore, revoke, revert, update, remove_private, etc. cannot be performed by a crypto App. A user with access or admin app can still perform these operations. This option is only relevant for crypto apps.

HIGHVOLUME: If this is set, audit logs will not be recorded for the key. High volume here tries to signify a key that is being used a lot and will produce lots of logs. Setting this operation disables audit logs for the key.

AGREEKEY: If this is set, the key can be used for key agreement. Both the private and public key should have this option enabled to perform an agree operation.

ENCAPSULATE: If this is set, the key can be used for key encapsulation. The result is a new symmetric key and a ciphertext.

DECAPSULATE: If this is set, the key can be used for key decapsulation. If decapsulation succeeds, the result is a new symmetric key.

Valid values[ "SIGN", "VERIFY", "ENCRYPT", "DECRYPT", "WRAPKEY", "UNWRAPKEY", "DERIVEKEY", "TRANSFORM", "MACGENERATE", "MACVERIFY", "EXPORT", "APPMANAGEABLE", "HIGHVOLUME", "AGREEKEY", "ENCAPSULATE", "DECAPSULATE" ]
des
object
random_iv
boolean | null
seed
object
random_iv
boolean | null
dsa
object
kcdsa
object
eckcdsa
object
lms
object
xmss
object
mldsa
object
mlkem
object
bip32
object
bls
object
opaque
object
secret
object
certificate
object
custodian_policy
object
quorum
object
n
integer
members
Array of object (QuorumPolicy)
object Recursive
require_password
boolean | null
require_2fa
boolean | null
user
string (uuid) | null
app
string (uuid) | null
custom_metadata
object | null
property*
string additionalProperties
description
string | null
export_policy
OneOf
object
object
$type
string
Valid values[ "Wrapped" ]
by
OneOf
object
object
$type
string
Valid values[ "Only" ]
keys
Array of object (SobjectDescriptorPersisted)

Uniquely identifies a persisted sobject.

OneOf
SobjectDescriptorPersistedVariantKid
object (SobjectDescriptorPersistedVariantKid)
kid
string (uuid)
SobjectDescriptorPersistedVariantName
object (SobjectDescriptorPersistedVariantName)
name
string
Max length4096
Pattern^[^\n]*[^\s\n][^\n]*$
object
object
$type
string
Valid values[ "Any" ]
object
object
$type
string
Valid values[ "Unrestricted" ]
google_access_reason_policy
object
allow
Array of string (GoogleAccessReason)

Set of allowed Google Access reasons.

string

An access reason provided by Google when making EKMS API calls.

Valid values[ "REASON_UNSPECIFIED", "CUSTOMER_INITIATED_SUPPORT", "GOOGLE_INITIATED_SERVICE", "THIRD_PARTY_DATA_REQUEST", "GOOGLE_INITIATED_REVIEW", "CUSTOMER_INITIATED_ACCESS", "GOOGLE_INITIATED_SYSTEM_OPERATION", "REASON_NOT_EXPECTED", "MODIFIED_CUSTOMER_INITIATED_ACCESS", "MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION", "GOOGLE_RESPONSE_TO_PRODUCTION_ALERT", "CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING" ]
allow_missing_reason
boolean

Accept incoming requests which do not specify any access reasons.

group_id
string (uuid)
hmg
object | null
property*
OneOf
object
object
kind
string
Valid values[ "Ncipher" ]
url
string
tls

TLS client settings.

OneOf
object
object
mode
string
Valid values[ "disabled" ]
object
object
mode
string
Valid values[ "opportunistic" ]
object
object
mode
string
Valid values[ "required" ]
validate_hostname
boolean
ca

CA settings.

OneOf
CaConfigVariantCaSet
object (CaConfigVariantCaSet)
ca_set
string

Predefined CA sets.

Valid values[ "global_roots" ]
CaConfigVariantPinned
object (CaConfigVariantPinned)
pinned
Array of string
string (byte)
client_key
string (byte)
client_cert
string (byte)
slot
integer
pin
string
hsm_order
integer (int32) | null

The priority of this HmgConfig. This is used when a group is configured with an HmgRedundancyScheme, and is otherwise unused. (See the docs for HmgRedundancyScheme for more information about the interpretation of this field.)

object
object
kind
string
Valid values[ "Safenet" ]
url
string
tls

TLS client settings.

OneOf
object
object
mode
string
Valid values[ "disabled" ]
object
object
mode
string
Valid values[ "opportunistic" ]
object
object
mode
string
Valid values[ "required" ]
validate_hostname
boolean
ca

CA settings.

OneOf
CaConfigVariantCaSet
object (CaConfigVariantCaSet)
ca_set
string

Predefined CA sets.

Valid values[ "global_roots" ]
CaConfigVariantPinned
object (CaConfigVariantPinned)
pinned
Array of string
string (byte)
client_key
string (byte)
client_cert
string (byte)
slot
integer
pin
string
hsm_order
integer (int32) | null

The priority of this HmgConfig. This is used when a group is configured with an HmgRedundancyScheme, and is otherwise unused. (See the docs for HmgRedundancyScheme for more information about the interpretation of this field.)

object
object
kind
string
Valid values[ "AwsCloudHsm" ]
url
string
tls

TLS client settings.

OneOf
object
object
mode
string
Valid values[ "disabled" ]
object
object
mode
string
Valid values[ "opportunistic" ]
object
object
mode
string
Valid values[ "required" ]
validate_hostname
boolean
ca

CA settings.

OneOf
CaConfigVariantCaSet
object (CaConfigVariantCaSet)
ca_set
string

Predefined CA sets.

Valid values[ "global_roots" ]
CaConfigVariantPinned
object (CaConfigVariantPinned)
pinned
Array of string
string (byte)
client_key
string (byte)
client_cert
string (byte)
slot
integer
pin
string
hsm_order
integer (int32) | null

The priority of this HmgConfig. This is used when a group is configured with an HmgRedundancyScheme, and is otherwise unused. (See the docs for HmgRedundancyScheme for more information about the interpretation of this field.)

object
object
kind
string
Valid values[ "AwsKms" ]
url
string
tls

TLS client settings.

OneOf
object
object
mode
string
Valid values[ "disabled" ]
object
object
mode
string
Valid values[ "opportunistic" ]
object
object
mode
string
Valid values[ "required" ]
validate_hostname
boolean
ca

CA settings.

OneOf
CaConfigVariantCaSet
object (CaConfigVariantCaSet)
ca_set
string

Predefined CA sets.

Valid values[ "global_roots" ]
CaConfigVariantPinned
object (CaConfigVariantPinned)
pinned
Array of string
string (byte)
client_key
string (byte)
client_cert
string (byte)
access_key
string | null
secret_key
string
region
string

AWS KMS resources are hosted in multiple locations world-wide and each AWS Region is a separate geographic area https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html

Valid values[ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "af-south-1", "ap-east-1", "ap-southeast-3", "ap-southeast-4", "ap-south-1", "ap-south-2", "ap-northeast-3", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ca-central-1", "ca-west-1", "eu-central-1", "eu-central-2", "eu-west-1", "eu-west-2", "eu-south-1", "eu-south-2", "eu-west-3", "eu-north-1", "me-south-1", "me-central-1", "sa-east-1", "us-gov-east-1", "us-gov-west-1", "il-central-1" ]
service
string

Specifies the AWS service. Only kms is supported for now.

Valid values[ "kms", "kms-fips" ]
account_id
string | null
object
object
kind
string
Valid values[ "Fortanix" ]
url
string
tls

TLS client settings.

OneOf
object
object
mode
string
Valid values[ "disabled" ]
object
object
mode
string
Valid values[ "opportunistic" ]
object
object
mode
string
Valid values[ "required" ]
validate_hostname
boolean
ca

CA settings.

OneOf
CaConfigVariantCaSet
object (CaConfigVariantCaSet)
ca_set
string

Predefined CA sets.

Valid values[ "global_roots" ]
CaConfigVariantPinned
object (CaConfigVariantPinned)
pinned
Array of string
string (byte)
client_key
string (byte)
client_cert
string (byte)
pin
string
object
object
kind
string
Valid values[ "FortanixFipsCluster" ]
url
string
tls

TLS client settings.

OneOf
object
object
mode
string
Valid values[ "disabled" ]
object
object
mode
string
Valid values[ "opportunistic" ]
object
object
mode
string
Valid values[ "required" ]
validate_hostname
boolean
ca

CA settings.

OneOf
CaConfigVariantCaSet
object (CaConfigVariantCaSet)
ca_set
string

Predefined CA sets.

Valid values[ "global_roots" ]
CaConfigVariantPinned
object (CaConfigVariantPinned)
pinned
Array of string
string (byte)
client_key
string (byte)
client_cert
string (byte)
pin
string
credentials
Array of string | null
string
hsm_order
integer (int32) | null

The priority of this HmgConfig. This is used when a group is configured with an HmgRedundancyScheme, and is otherwise unused. (See the docs for HmgRedundancyScheme for more information about the interpretation of this field.)

object
object
kind
string
Valid values[ "AzureKeyVault" ]
url
string
tls

TLS client settings.

OneOf
object
object
mode
string
Valid values[ "disabled" ]
object
object
mode
string
Valid values[ "opportunistic" ]
object
object
mode
string
Valid values[ "required" ]
validate_hostname
boolean
ca

CA settings.

OneOf
CaConfigVariantCaSet
object (CaConfigVariantCaSet)
ca_set
string

Predefined CA sets.

Valid values[ "global_roots" ]
CaConfigVariantPinned
object (CaConfigVariantPinned)
pinned
Array of string
string (byte)
client_key
string (byte)
client_cert
string (byte)
auth_config
OneOf
object
object
mode
string
Valid values[ "client_secret" ]
client_secret
string
object
object
mode
string
Valid values[ "token_auth_config" ]
client_cert
string (byte)
client_key
string (byte)
secret_key
string

Deprecated, left this for backward compatibility. Should use auth_config.

tenant_id
string (uuid)

A tenant ID is a unique way to identify an Azure AD instance within an Azure subscription.

client_id
string (uuid)

The client ID is the unique Application ID assigned to your app by Azure AD when the app was registered.

subscription_id
string (uuid)

A subscription ID is a unique alphanumeric string that identifies your Azure subscription.

key_vault_type
string

Types of Azure Key Vault based on the protection level.

Valid values[ "STANDARD", "PREMIUM", "MANAGED" ]
endpoints
object
management
string

The API endpoint for managing Azure APIs and resources.

key_vault
string

The API endpoint for Azure Key Vault (for Standard and Premium SKUs).

key_vault_managed_hsm
string

The API endpoint for Azure Key Vault Managed HSM.

iam
string

The API endpoint for Azure AD (and authentication).

object
object
kind
string
Valid values[ "GcpKeyRing" ]
service_account_email
string

Email for the service account to be used.

project_id
string

The project ID is a unique identifier for a project

location
string

For a given project in GCP KMS, resources can be created in one of many locations. These represent the geographical regions where a resource is stored and can be accessed. A key's location impacts the performance of applications using the key. https://cloud.google.com/kms/docs/locations

key_ring
string | null

A key ring organizes keys in a specific GCP location and allows you to manage access control on groups of keys. https://cloud.google.com/kms/docs/resource-hierarchy#key_rings

private_key
string (byte)

Private component of the service account key pair that can be obtained from the GCP cloud console. It is used to authenticate the requests made by DSM to the GCP cloud.

hmg_redundancy
string

The scheme for determining how multiple HmgConfigs on a group should behave. If not specified, the backend will go through the list in random order, and use the first HmgConfig that works.

Valid values[ "PriorityFailover" ]
hmg_segregation
boolean | null
hmg_sync
boolean | null
key_history_policy
object
undo_time_window
integer
key_metadata_policy
object
base
object
custom_metadata
object
property*
OneOf
MetadataStringConstraintVariantForbidden
object (MetadataStringConstraintVariantForbidden)
forbidden
object
MetadataStringConstraintVariantRequired
object (MetadataStringConstraintVariantRequired)
required
object
non_empty_after_trim
boolean | null

If set to true, the value must have a length > 0 after trimming leading and trailing whitespace characters.

allowed_values
Array of string | null

If not specified or empty, it will not impose any restrictions on the value.

string
description
OneOf
MetadataStringConstraintVariantForbidden
object (MetadataStringConstraintVariantForbidden)
forbidden
object
MetadataStringConstraintVariantRequired
object (MetadataStringConstraintVariantRequired)
required
object
non_empty_after_trim
boolean | null

If set to true, the value must have a length > 0 after trimming leading and trailing whitespace characters.

allowed_values
Array of string | null

If not specified or empty, it will not impose any restrictions on the value.

string
deactivation_date
OneOf
MetadataDurationConstraintVariantForbidden
object (MetadataDurationConstraintVariantForbidden)
forbidden
object
MetadataDurationConstraintVariantRequired
object (MetadataDurationConstraintVariantRequired)
required
object
allowed_values
object
min
OneOf
TimeSpanVariantSeconds
object (TimeSpanVariantSeconds)
seconds
integer
Minimum0
Maximum4294967295
TimeSpanVariantMinutes
object (TimeSpanVariantMinutes)
minutes
integer
Minimum0
Maximum4294967295
TimeSpanVariantHours
object (TimeSpanVariantHours)
hours
integer
Minimum0
Maximum4294967295
TimeSpanVariantDays
object (TimeSpanVariantDays)
days
integer
Minimum0
Maximum4294967295
max
OneOf
TimeSpanVariantSeconds
object (TimeSpanVariantSeconds)
seconds
integer
Minimum0
Maximum4294967295
TimeSpanVariantMinutes
object (TimeSpanVariantMinutes)
minutes
integer
Minimum0
Maximum4294967295
TimeSpanVariantHours
object (TimeSpanVariantHours)
hours
integer
Minimum0
Maximum4294967295
TimeSpanVariantDays
object (TimeSpanVariantDays)
days
integer
Minimum0
Maximum4294967295
activation_date
OneOf
MetadataDurationConstraintVariantForbidden
object (MetadataDurationConstraintVariantForbidden)
forbidden
object
MetadataDurationConstraintVariantRequired
object (MetadataDurationConstraintVariantRequired)
required
object
allowed_values
object
min
OneOf
TimeSpanVariantSeconds
object (TimeSpanVariantSeconds)
seconds
integer
Minimum0
Maximum4294967295
TimeSpanVariantMinutes
object (TimeSpanVariantMinutes)
minutes
integer
Minimum0
Maximum4294967295
TimeSpanVariantHours
object (TimeSpanVariantHours)
hours
integer
Minimum0
Maximum4294967295
TimeSpanVariantDays
object (TimeSpanVariantDays)
days
integer
Minimum0
Maximum4294967295
max
OneOf
TimeSpanVariantSeconds
object (TimeSpanVariantSeconds)
seconds
integer
Minimum0
Maximum4294967295
TimeSpanVariantMinutes
object (TimeSpanVariantMinutes)
minutes
integer
Minimum0
Maximum4294967295
TimeSpanVariantHours
object (TimeSpanVariantHours)
hours
integer
Minimum0
Maximum4294967295
TimeSpanVariantDays
object (TimeSpanVariantDays)
days
integer
Minimum0
Maximum4294967295
for_obj_type
object

Each entry in this map fully overrides base for a particular object type.

property*
object additionalProperties
custom_metadata
object
property*
OneOf
MetadataStringConstraintVariantForbidden
object (MetadataStringConstraintVariantForbidden)
forbidden
object
MetadataStringConstraintVariantRequired
object (MetadataStringConstraintVariantRequired)
required
object
non_empty_after_trim
boolean | null

If set to true, the value must have a length > 0 after trimming leading and trailing whitespace characters.

allowed_values
Array of string | null

If not specified or empty, it will not impose any restrictions on the value.

string
description
OneOf
MetadataStringConstraintVariantForbidden
object (MetadataStringConstraintVariantForbidden)
forbidden
object
MetadataStringConstraintVariantRequired
object (MetadataStringConstraintVariantRequired)
required
object
non_empty_after_trim
boolean | null

If set to true, the value must have a length > 0 after trimming leading and trailing whitespace characters.

allowed_values
Array of string | null

If not specified or empty, it will not impose any restrictions on the value.

string
deactivation_date
OneOf
MetadataDurationConstraintVariantForbidden
object (MetadataDurationConstraintVariantForbidden)
forbidden
object
MetadataDurationConstraintVariantRequired
object (MetadataDurationConstraintVariantRequired)
required
object
allowed_values
object
min
OneOf
TimeSpanVariantSeconds
object (TimeSpanVariantSeconds)
seconds
integer
Minimum0
Maximum4294967295
TimeSpanVariantMinutes
object (TimeSpanVariantMinutes)
minutes
integer
Minimum0
Maximum4294967295
TimeSpanVariantHours
object (TimeSpanVariantHours)
hours
integer
Minimum0
Maximum4294967295
TimeSpanVariantDays
object (TimeSpanVariantDays)
days
integer
Minimum0
Maximum4294967295
max
OneOf
TimeSpanVariantSeconds
object (TimeSpanVariantSeconds)
seconds
integer
Minimum0
Maximum4294967295
TimeSpanVariantMinutes
object (TimeSpanVariantMinutes)
minutes
integer
Minimum0
Maximum4294967295
TimeSpanVariantHours
object (TimeSpanVariantHours)
hours
integer
Minimum0
Maximum4294967295
TimeSpanVariantDays
object (TimeSpanVariantDays)
days
integer
Minimum0
Maximum4294967295
activation_date
OneOf
MetadataDurationConstraintVariantForbidden
object (MetadataDurationConstraintVariantForbidden)
forbidden
object
MetadataDurationConstraintVariantRequired
object (MetadataDurationConstraintVariantRequired)
required
object
allowed_values
object
min
OneOf
TimeSpanVariantSeconds
object (TimeSpanVariantSeconds)
seconds
integer
Minimum0
Maximum4294967295
TimeSpanVariantMinutes
object (TimeSpanVariantMinutes)
minutes
integer
Minimum0
Maximum4294967295
TimeSpanVariantHours
object (TimeSpanVariantHours)
hours
integer
Minimum0
Maximum4294967295
TimeSpanVariantDays
object (TimeSpanVariantDays)
days
integer
Minimum0
Maximum4294967295
max
OneOf
TimeSpanVariantSeconds
object (TimeSpanVariantSeconds)
seconds
integer
Minimum0
Maximum4294967295
TimeSpanVariantMinutes
object (TimeSpanVariantMinutes)
minutes
integer
Minimum0
Maximum4294967295
TimeSpanVariantHours
object (TimeSpanVariantHours)
hours
integer
Minimum0
Maximum4294967295
TimeSpanVariantDays
object (TimeSpanVariantDays)
days
integer
Minimum0
Maximum4294967295
legacy_objects
string
Valid values[ "allowed", "prohibited", "unprotect_only" ]
name
string
Max length4096
Pattern^[^\n]*[^\s\n][^\n]*$
wrapping_key_name
OneOf
string | null
string
Max length4096
Pattern^[^\n]*[^\s\n][^\n]*$