Configure Whitelist Endpoints
Reduce false positives for custom PII detection by providing a known-valid values endpoint.
{
"data": {
"tag_type": "CUSTOMER_ID",
"pi_elements_list_endpoint_details": {
"url": "https://example.com/custom-pii/list",
"method": "GET",
"headers": {
"Authorization": "Bearer <access_token>"
}
}
}
}
curl -X PUT https://<domain>/api/vault/metadata/add-or-update/custom-tag/pi-list-endpoint \
-H "Authorization: Bearer <NAMESPACE_ADMIN_API_KEY>" \
-H "Content-Type: application/json; charset=utf-8" \
-d '{
"data": {
"tag_type": "CUSTOMER_ID",
"pi_elements_list_endpoint_details": {
"url": "https://example.com/custom-pii/list",
"method": "GET",
"headers": {
"Authorization": "Bearer <access_token>"
}
}
}
}'
Whitelist endpoints return a list of valid values for a custom tag. Protecto uses this list as an additional signal during detection to reduce false positives.
When to use a whitelist endpoint
A whitelist endpoint is useful when:
- Your custom identifier has a known, bounded set of valid values (e.g., a customer ID database)
- Detection generates false positives on values that look like your identifier but aren't
- You want detection to confirm a value is real before masking it
Endpoint
| Method | Endpoint |
|---|---|
PUT | https://<domain>/api/vault/metadata/add-or-update/custom-tag/pi-list-endpoint |
Request body
body
tag_typestring
RequiredCustom tag to configure the whitelist for.
body
pi_elements_list_endpoint_details.urlstring
RequiredURL of your whitelist service.
body
pi_elements_list_endpoint_details.methodstring
RequiredHTTP method (typically "GET").
body
pi_elements_list_endpoint_details.headersobject
Authentication headers for your whitelist endpoint.
The whitelist endpoint is optional. If not configured, Protecto relies entirely on the identification endpoint for detection. The whitelist is an additional signal, not a replacement.
Was this page helpful?
Last updated 1 day ago
Built with Documentation.AI