Core APIs

This guide will help you make your first API call to Skyflow. You'll do this through Postman or using manual cURL requests. By the end of this guide, you’ll have used the Skyflow API to insert and retrieve sensitive data from a vault.


Before you start,

    Log in to your Skyflow account. If you don’t have an account, you can sign up for a free trial account.
      For trial accounts, log in to For production accounts, log in to your dedicated sign in URL.
    Complete the Create a vault guide and the API authentication guide.(Optional) Complete the Postman collection setup guide if you want to use Postman to store and send API calls.


This guide will use the Quickstart vault to show you how to insert and retrieve data from a Skyflow vault.

infoYou can follow along with your own vault as well, but keep in mind that the example code may differ slightly from what you would use.

Insert data into the vault

To start, we’ll insert some fake data into the vault using the Insert Record API. The guide below explains how to do this using the Postman Collection or with a manual cURL request.

Follow the instructions below to use Postman to submit the Insert Record API.

    Click the arrow beside your collection name to expand it, then click Data APIs > credit cards CRUD APIs > insert credit_cards as shown below.

    Click the Body tab on the right, and fill in some sample data to insert into the vault (including a card number, name, expiration month, and expiration year). Then click Send.


    Notice a skyflow_id gets returned. This is a unique ID created for the record that you just inserted. Copy it for the next step.

Read data from the vault

To read data from the vault, use the Get Record API in Postman, or enter a manual cURL request.

Follow the instructions below to use Postman to submit the Get Record API.

    Click get credit_cards.

    In the Params tab on the right, paste the skyflow_id into the Value column as shown below.

    Click Save, and then click Send.


Add dynamic data redaction

Skyflow applies dynamic data redaction whenever data is retrieved from a vault. Data can be returned in one of the following redaction formats:

Redaction Type




The value will be fully redacted in the response.

“John Doe” → “REDACTED


The value will be partially redacted (masked) in the response. The masking format for a given data field is configured in the vault schema.

“4111111111111111” → “****1111


The value will be returned in plain text in the response.

“11/25” → “11/25”


The value will be redacted using the default redaction format defined in the vault schema. Fields may have different default redaction formats.

To redact the data, use the Get Record API in Postman, or enter a manual cURL request.

    In Postman, enter DEFAULT into the redaction Value column and click Save.


    Click Send.

    You should get back a response that looks similar to the one below:

        "fields": {
            "card_number": "XXXXXXXXXXXX1111",
            "cardholder_name": "*REDACTED*",
            "exp_month": "11",
            "exp_year": "2025",
            "skyflow_id": "df38cdf0-701f-43b5-b954-4dbe9873b0f0"

    Notice the field redaction levels.

      The card_number field is masked so that only the last 4 digits are visible.The cardholder_name field is fully redacted.The expiry_date is returned in plain text.

    These defaults are configured in the vault schema. You can learn more about this in the the Create a vault guide for creating a custom vault.

    Send the same request but this time, enter PLAIN_TEXT into the redaction Value column and click Save.

    infoYou must select the checkbox to the left of the redaction to enable the change.

    Click Send.

    You’ll get back a response like the following:

        "fields": {
            "card_number": "411111111111",
            "cardholder_name": "John Doe",
            "exp_month": "11",
            "exp_year": "2025",
            "skyflow_id": "df38cdf0-701f-43b5-b954-4dbe9873b0f0"
    infoThis only works if you have permission to read the data in plain text. As the Vault Owner, you have plain text access by default. To learn more about data governance and how you can configure access control policies, see the Data governance documentation.

Next steps

Congratulations! You’re ready to start storing sensitive data in a secure vault!

As next steps, check out the other Data APIs or one of the articles below:

In this article