Keyavi API Resources

The Keyavi API follows REST architecture. The API uses standard HTTP verbs and resource-oriented URLs, returns JSON for all requests, and responds with standard HTTP codes to indicate the success or failure of requests.

A resource is an entity with associated data, relationships to other resources, and a set of methods that operate on it. For example, you can audit the Keyavi-protected files using the logs/full-payload or logs/payload resources or manage your data with the payloads resource.

The Keyavi APIs include the following resources:

  • Payloads

  • Policies

  • Users

  • Groups

Payloads

PayloadsClosed A database entry that carries metadata, access rules, and codes to make possible the protection and controlled sharing of data by authorized users according to the data owner's policies. Payloads enable granular data protection without moving data outside the organization's control. are entities in the Keyavi database that include metadata about each Keyavi-protected file and the code needed to encryptClosed The process of protecting a file and tying access policies to it so that authorized users can access the data securely based on restrictions set by the data owner. or decryptClosed The process of opening a protected, encrypted file and transforming it back into its original, accessible form for authorized users based on policies set for that file. the protectedClosed The process of encrypting a file and tying access policies to it so that authorized users can access the data securely based on restrictions set by the data owner. file. If you protect a file using protect-remote, the payload includes a Base64-encoded copy of the Keyavi-protected file. If you protect locally—where the encryption happens in your integrated app—the payload does not include the Keyavi-protected file. Payload metadata includes information about who the owner is, when the file was protected, device and network details about the machine used to protect the file, and the policiesClosed Rules associated with a protected payload that designate which users can access the encrypted file, from what locations, and for what time periods. tied to the file.

Use the payloads resource to protect files and openClosed The process of decrypting a protected, encrypted file and transforming it back into its original, accessible form for authorized users based on policies set for that file. them, assign policies to restrict access to users or groups, add time frames and geolocations, and revoke access to the file.

Policies

The policies resource allows you to define geolocations that govern access across your organization. You can specify allowed locations—geolocations from which access is allowed. Define allowed locations at the country, state, zip code, address, and latitude and longitude coordinates. You can define excluded location where access is never allowed only at the country level.

You can also define more granular policies at the payload level. The payload policies include geolocations, where you can define where a specific file can be accessed from, so long as it does not conflict with the global policies. You can also add additional payload level policies to define users and groups, create access time framesClosed A specific window of time when access is allowed to a file. The time frames can be open-ended, so you can set just a beginning date and time or ending date and time., and revoke access entirely.

Users

Users are the individuals to whom you can grant access to payloads or manage in groups. The users resource includes two different access levels depending on what you're using the resource for. User administrators can use it to add users and assign them to groups and roles. If you're creating protect and open integrations, you'll want to allow people access to the less restricted user information so they can give users access to protected data.

Audit Logs

Audit logsClosed Detailed records of events and actions taken related to specific payloads such as file access, failed access attempts, file encryption/decryption, and changes. provide audit and forensics information. Use logs/payload to retrieve details about all the events associated with file protect, open, and audit events. Use logs/full-payload to access the same logs, but include sensitive PII data.