Skyflow Connections is a tokenization and connectivity service that lets you securely share data between your Skyflow vault and third party services. With Skyflow Connections, you can create your own custom connections to third party services to ensure that your systems and services aren't directly storing or processing sensitive data. By doing so, you offload compliance requirements to Skyflow.
A Skyflow Connection can be set up in two modes:
- Outbound connection
- Inbound connection
Let’s look at how each works with a specific use case example:
|Connection Modes||Example Use Case|
The request originates from your environment and is outbound to an external service
|Scenario: You are a credit card issuing company with a partnership with VISA. You need to securely integrate with VISA DPS to issue debit card IDs on behalf of your end customer.
2. Your app backend uses tokens that reference PII data stored in the Skyflow vault and makes a call to the Outbound Connection endpoint.
3. The Outbound VISA DPS connection detokenizes and retrieves PII data from the vault.
4. It then sends the PII data to the specific VISA endpoint to issue a new card.
5. Optionally, you may be able to tokenize the response from VISA, such as PAN, exp_date, etc.
6. The connection then returns the response to your app backend along with tokenized fields (if configured).
The request originates from an external service and is inbound to your environment
|Scenario: You are a company that collects PII data, and you use MuleSoft as the middleware through which all your data flows. You need to natively integrate with Skyflow in your MuleSoft API gateway so that all sensitive data that flows through it is tokenized and securely stored in a Skyflow vault.
2. MuleSoft identifies PII data using pre-defined mappings (DataWeave), and routes the sensitive data to Skyflow for tokenization.
3. Skyflow Connection receives the request and securely stores the sensitive data in a vault under the appropriate column.
4. Skyflow Connection returns the tokens that represent sensitive data to your backend endpoint.
5. Your backend data store can now store tokens instead of storing PII.
Here are a few key things to know about Skyflow Connections:
- Each vault can have multiple connections associated with it.
- Connections can also handle tokenization actions that may need to be performed on fields contained in the headers, URL, and path parameters in addition to the request body and the response body.
- Only the vault owner for each vault can create and manage the vault’s connections.
- To make a request to the connection endpoint, you need a distinct service account created at the connection level. Additionally, this service account needs to be assigned the Connection Invoker role.