Here are a few key things to know about Skyflow connections:
Connections have the capability to handle the response from a third party service. For example, if you make a call to Stripe and the response contains any PII or PCI data, you could choose to tokenize it in the Skyflow vault so that your backend services only receive the tokens instead of the sensitive data. In this case, the route mapping would look like the following:
When the action is Tokenization, the table and column names are required to store and tokenize the sensitive data in the right vault location.
Outbound encryption is an optional configuration fully dependent on the signing requirements from the third party service. Skyflow connections currently supports three options for signing outbound requests:
To access the outbound encryption settings for a connection, go to the Connections section of the Settings tab and click the connection. Then click Edit and click the Outbound Encryption tab.
Currently, connections don't support the tokenization or insertion of data into a nested field in the vault.
If your request or response body contains a field that is nested, Skyflow connections support accessing the nested elements in the fields to be mapped to a specific column in the vault.
Here is a sample request to explain this concept:
Skyflow connections mappings:
idvalue, enter "data.id" under the field name. To tokenize the
phone_numbervalue, enter "data.phone_numbers.*" under the field name. To tokenize the
addressvalue, enter "data.emails.*.address" under the field name. To tokenize
levels,enter "data.experience..title.levels." under the field name.
Some third party services like Visa may also require Message Level Encryption (MLE) on a per route basis. To configure MLE, enter your key ID, private key, and public key. Then click the Route tab and toggle on the MLE switch for each route you want to encrypt.
In this article
© 2022 Skyflow, Inc. All rights reserved.
Terms and Conditions