Skyflow connections is a gateway service that uses Skyflow’s underlying tokenization capabilities to securely connect to first party and third party services. This way, your infrastructure is never directly exposed to sensitive data, and you offload security and compliance requirements to Skyflow.
A Skyflow connection can be set up in two modes:
Outbound connection: An outbound Skyflow connection sits between your backend server and a third party service provider. It is typically configured in a way that allows sensitive data to be securely extracted from the vault and sent outbound to third party services for processing. This enables your infrastructure to not have to process or store sensitive data.Inbound connection: An inbound Skyflow connection typically sits in front of your backend server. Client services can invoke an inbound connection to tokenize sensitive data so that data being sent to downstream services doesn’t contain sensitive data. This enables your infrastructure to not have to process or store sensitive data.
Let’s look at how each connection works with a specific use case example.
For outbound connections, the request originates from your environment and is outbound to an external service.
You’re a credit card issuing company with a VISA partnership. You need to securely integrate with VISA DPS to issue debit card IDs on behalf of your end customer.
An end user applies for a new card from your app.Your app backend uses tokens that reference PII data stored in the Skyflow vault and makes a call to the outbound connection endpoint.The outbound VISA DPS connection detokenizes and retrieves PII data from the vault.The outbound VISA DPS connection sends the PII data to the specific VISA endpoint to issue a new card.(Optional) You may be able to tokenize the response from VISA, such as PAN, exp_date, etc.The connection returns the response to your app backend along with the tokenized fields (if configured).
For inbound connections, the request originates from your frontend and is inbound to your server.
You’re a company that collects PII data, and you use MuleSoft as the middleware through which all your data flows. You need to natively integrate your MuleSoft API gateway with Skyflow so that all sensitive data that flows through it is tokenized and securely stored in a Skyflow vault.
An end user enters PII into a service that is backed by a MuleSoft API gateway.MuleSoft identifies PII data using pre-defined mappings (DataWeave), and routes the sensitive data to Skyflow for tokenization.The Skyflow connection receives the request and securely stores the sensitive data in a vault under the appropriate column.The Skyflow connection returns the tokens that represent sensitive data to the MuleSoft Gateway.Your backend data store can now store tokens instead of PII.