diff --git a/.claude/CLAUDE.md b/.claude/CLAUDE.md new file mode 100644 index 00000000..ebac26f3 --- /dev/null +++ b/.claude/CLAUDE.md @@ -0,0 +1 @@ +See @../AGENTS.md for documentation on how to configure and use Claude agents in this workspace. \ No newline at end of file diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 00000000..0b0128d6 --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,303 @@ +# Skyflow Node SDK - AI Coding Agent Instructions + +## Project Overview + +The Skyflow Node SDK is a TypeScript-based client library for Skyflow's data privacy vault, supporting Node.js, Deno, Bun, and Cloudflare Workers. It provides three primary API surfaces: **Vault** (data operations), **Detect** (PII detection/masking), and **Connections** (integration gateway). + +**Key Architecture:** +- **Client Layer** (`src/vault/client/`): Manages authentication, API initialization, and HTTP configuration +- **Controller Layer** (`src/vault/controller/`): Business logic for vault, detect, and connection operations +- **Model Layer** (`src/vault/model/`): Request/Response/Options classes for type-safe API interactions +- **Generated Code** (`src/_generated_/`): Auto-generated REST client (do not modify manually) + +## Request/Response Pattern + +All API operations follow a consistent pattern using dedicated classes: + +```typescript +// 1. Create a Request object +const insertReq = new InsertRequest('table_name', [{ field: 'value' }]); + +// 2. Create Options object (if needed) +const insertOptions = new InsertOptions(); +insertOptions.setReturnTokens(true); + +// 3. Call the operation through the client +const response: InsertResponse = await skyflowClient + .vault(vaultId) + .insert(insertReq, insertOptions); +``` + +**Key Classes:** +- Request classes: `InsertRequest`, `GetRequest`, `DetokenizeRequest`, `UpdateRequest`, etc. +- Options classes: `InsertOptions`, `GetOptions`, `DetokenizeOptions` (use setters, not direct property access) +- Response classes: `InsertResponse`, `GetResponse`, `DetokenizeResponse` (readonly data containers) + +## Authentication & Credentials + +The SDK supports five credential types (see `src/vault/config/credentials/index.ts`): + +1. **Bearer Token** (recommended): `{ token: 'token' }` +3. **Path to JSON**: `{ path: '/path/to/creds.json' }` +4. **Credentials String**: `{ credentialsString: JSON.stringify(creds) }` +5. **Environment Variable**: Auto-reads `SKYFLOW_CREDENTIALS` if no credentials provided +2. **API Key**: `{ apiKey: 'key' }` + +**Credentials Hierarchy:** +- Individual vault/connection credentials override common credentials +- Common credentials (`skyflowCredentials`) apply to all vaults/connections +- Use `validateSkyflowCredentials()` from `src/utils/validations/` for validation + +## Client Initialization + +The `Skyflow` class (in `src/vault/skyflow/index.ts`) manages multiple vaults and connections: + +```typescript +const skyflowConfig: SkyflowConfig = { + vaultConfigs: [vaultConfig1, vaultConfig2], + connectionConfigs: [connectionConfig], + logLevel: LogLevel.ERROR // Default: LogLevel.ERROR +}; + +const client = new Skyflow(skyflowConfig); +``` + +**Multi-Vault Access:** +- Access specific vault: `client.vault('vault-id-1')` +- Access first vault: `client.vault()` (no ID defaults to first) +- Same pattern for `.detect()` and `.connection()` + +## Error Handling Pattern + +Always wrap SDK calls in try/catch and check for `SkyflowError`: + +```typescript +try { + const response = await skyflowClient.vault(vaultId).insert(request); +} catch (error) { + if (error instanceof SkyflowError) { + // Structured error from Skyflow + console.error({ + code: error.error?.http_code, + message: error.message, + details: error.error?.details + }); + } else { + // Unexpected error + console.error('Unexpected error:', error); + } +} +``` + +**Error Structure:** See `src/error/index.ts` for `SkyflowError` class and `src/error/codes/` for error constants. + +## Testing Conventions + +- Tests use Jest (see `jest.config.js`) +- Test files: `test/**/*.test.js` (note: `.js` not `.ts`) +- Run tests: `npm test` (includes coverage) +- Coverage excludes: `src/_generated_`, model classes (request/response/options) +- Mock data: `test/mockData/` and `test/demo-credentials/` + +**Test Structure:** +```javascript +describe('ComponentName', () => { + it('should perform specific action', () => { + // Arrange + // Act + // Assert + }); +}); +``` + +## Build & Development Workflow + +**Essential Commands:** +- `npm run build` - Compile TypeScript to `lib/` (CommonJS) +- `npm test` - Run Jest tests with coverage +- `npm run lint` - Run prettier + eslint +- `npm run lint-fix` - Auto-fix formatting issues +- `npm run spellcheck` - Check spelling with cspell +- `npm run docs-gen` - Generate TypeDoc + process markdown + +**Build Output:** +- Compiled JS: `lib/` +- TypeScript config: `tsconfig.json` (target: ES6, module: CommonJS) +- Babel config: `babel.config.js` (for test transpilation) + +## Logging System + +Configure via `LogLevel` enum (in `src/utils/index.ts`): +- `LogLevel.DEBUG` - All logs (verbose) +- `LogLevel.INFO` - Info, warn, error +- `LogLevel.WARN` - Warn and error only +- `LogLevel.ERROR` - Error only (default) +- `LogLevel.OFF` - No logs + +**Usage:** +```typescript +import { printLog, MessageType, LogLevel } from './utils'; +printLog('message', MessageType.LOG, this.logLevel); +``` + +## Validation Pattern + +All inputs are validated using functions in `src/utils/validations/index.ts`: + +- `validateSkyflowConfig()` - Client configuration +- `validateVaultConfig()` - Vault setup +- `validateConnectionConfig()` - Connection setup +- `validateSkyflowCredentials()` - Credential objects + +**When adding new features:** +1. Add validation function in `src/utils/validations/` +2. Call validation early (constructor/method entry) +3. Throw `SkyflowError` with appropriate error code from `src/error/codes/` + +## Important File Locations + +- **Main exports**: `src/index.ts` (public API surface) +- **Client initialization**: `src/vault/skyflow/index.ts` +- **HTTP client**: `src/vault/client/index.ts` +- **Controllers**: `src/vault/controller/{vault,detect,connections}/` +- **Type definitions**: `src/vault/types/index.ts` +- **Utilities**: `src/utils/` (validations, logging, JWT helpers) +- **Service account auth**: `src/service-account/` +- **Sample code**: `samples/` (use as reference for common patterns) + +## Special Considerations + +1. **Bearer Token Expiry**: SDK auto-generates new tokens when expired. Edge case: token expires between validation and API call - solution is to retry the request. + +2. **Generated Code**: `src/_generated_/` contains Fern-generated REST clients. Never modify manually. These are initialized in `VaultClient.initAPI()` based on operation type. + +3. **File Operations**: Require Node.js v20+ for `File` API. See `src/vault/controller/detect/` for file handling examples. + +4. **Async Patterns**: All SDK operations return Promises. Controllers use `async/await`. Always propagate errors to callers. + +5. **V1 to V2 Migration**: See `docs/migrate_to_v2.md` for breaking changes. Key difference: class-based Request/Response/Options objects vs. plain objects. + +## Code Style Guidelines + +- **TypeScript**: Strict mode enabled, no implicit any +- **Naming**: PascalCase for classes, camelCase for functions/variables +- **Imports**: Use absolute paths from `src/`, export via `src/index.ts` +- **Error Messages**: Use parameterized strings from `src/utils/logs/` +- **Comments**: JSDoc for public APIs, inline comments for complex logic +- **Formatting**: Prettier + ESLint (run `npm run lint-fix` before commit) + +## When Adding New Features + +1. Create Request/Response/Options classes in `src/vault/model/` +2. Add controller method in appropriate controller +3. Update `src/index.ts` with exports +4. Add validation in `src/utils/validations/` +5. Write tests in `test/` +6. Add sample in `samples/` directory +7. Update TypeDoc comments for documentation generation + +## Documentation & README Standards + +### Core Writing Principles + +When creating or updating documentation (including README.md, samples, and code comments): + +1. **Research-driven creation**: Thoroughly research existing docs before writing. Create original content that addresses specific user scenarios—don't copy existing material. + +2. **Context-driven updates**: Analyze content structure and identify specific sections requiring changes. Improve clarity, accuracy, and completeness through thoughtful revision. + +3. **Quality assurance**: Resolve all IDE warnings and errors before finalizing. Iterate until documentation passes validation checks. + +4. **Consistency first**: Maintain uniform formatting, terminology, and structure while adapting content to user needs. + +### README.md Maintenance + +The README.md follows specific standards for SDK documentation: + +**Structure requirements:** +- **Project identification**: Name at top, clear owner/author identification, repository URL +- **Project evaluation**: Describe what the project *does* (not what it's *made of*)—focus on user benefits + - Use patterns like: "With Skyflow Node SDK you can securely handle sensitive data..." + - Write in second person (you), use action verbs, avoid passive voice + - Describe who may use it and under what terms (MIT license) +- **Usage help**: Prerequisites, installation steps, quickstart that works on first try +- **Engagement**: Links to docs, support channels, contribution guidelines + +**Writing style:** +- **Voice**: Conversational but professional, use second person ("you") +- **Sentences**: Under 26 words when possible, active voice, present tense +- **Instructions**: Start with verbs ("Create", "Configure", "Call") +- **Code formatting**: Single backticks for inline code (filenames, class names, methods), fenced blocks for multi-line examples +- **Links**: Descriptive text rather than raw URLs +- **Emphasis**: `_italics_` for key terms/concepts, `**bold**` for UI elements + +**Content organization:** +- Lead with most important information +- Break up text with headers, lists, formatting +- Use parallel structure in lists +- Keep README under 10-12 screens—move extensive content to separate docs +- Add table of contents if README exceeds 3-4 screens + +### Code Examples in Documentation + +All code examples must: +- Be **complete and working**—avoid placeholder or empty examples +- Include **realistic values** that demonstrate actual usage +- Add **explanatory comments** for key parts +- Show **error handling patterns** with `SkyflowError` +- Match the **class-based Request/Response/Options pattern** + +**Good example pattern:** +```typescript +// Step 1: Configure credentials +const credentials: Credentials = { + apiKey: 'your-skyflow-api-key', +}; + +// Step 2: Create request with actual data structure +const insertReq = new InsertRequest('table_name', [ + { card_number: '4111111111111112', cardholder_name: 'John Doe' } +]); + +// Step 3: Configure options using setters +const insertOptions = new InsertOptions(); +insertOptions.setReturnTokens(true); + +// Step 4: Execute with error handling +try { + const response = await skyflowClient.vault(vaultId).insert(insertReq, insertOptions); + console.log('Insert response:', response); +} catch (error) { + if (error instanceof SkyflowError) { + console.error({ + code: error.error?.http_code, + message: error.message + }); + } +} +``` + +### Progressive Disclosure Pattern + +When documenting features: +1. **Quickstart**: Minimal working example with most common use case +2. **Basic usage**: Core functionality with clear explanations +3. **Advanced options**: Link to detailed docs for complex scenarios +4. **Related concepts**: Cross-reference to related features + +### Formatting Standards + +- **Line length**: 80-character limit for readability (except URLs/code blocks) +- **Indentation**: 2 spaces (never tabs) +- **Code blocks**: Always include language identifier +- **Tables**: Use for structured comparisons (error codes, options, parameters) +- **Lists**: Use for sequential steps or feature enumerations + +### Testing Documentation + +Before finalizing any documentation: +1. **Test all code examples**—every snippet must execute successfully +2. **Verify all links** work and point to correct locations +3. **Check for consistency** with existing terminology and patterns +4. **Validate formatting** matches project standards +5. **Review for completeness**—ensure all required sections present diff --git a/README.md b/README.md index 715bf998..a1bc7449 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Skyflow Node.js SDK -The Skyflow SDK for Node.js, Deno, Bun, and Cloudflare Workers. +Securely handle sensitive data at rest, in-transit, and in-use with the Skyflow SDK for Node.js, Deno, Bun, and Cloudflare Workers. [![CI](https://img.shields.io/static/v1?label=CI&message=passing&color=green?style=plastic&logo=github)](https://github.com/skyflowapi/skyflow-node/actions) [![GitHub release](https://badge.fury.io/js/skyflow-node.svg)](https://www.npmjs.com/package/skyflow-node) @@ -39,12 +39,12 @@ The Skyflow SDK for Node.js, Deno, Bun, and Cloudflare Workers. - [Delete Records](#delete-records) - [Query](#query) - [Upload File](#upload-file) - - [Get Tokens by Values: `.tokenize(request)`](#get-tokens-by-values-tokenizerequest) + - [Retrieve Existing Tokens: `.tokenize(request)`](#retrieve-existing-tokens-tokenizerequest) - [Construct a `.tokenize()` request](#construct-a-tokenize-request) - [Detect](#detect) - [De-identify Text: `.deidentifyText(request, options)`](#de-identify-text-deidentifytextrequest-options) - [Re-identify Text: `.reidentifyText(request, options)`](#re-identify-text-reidentifytextrequest-options) - - [Deidentify File: `.deidentifyFile(fileReq, options)`](#deidentify-file-deidentifyfilefilereq-options) + - [De-identify File: `.deidentifyFile(fileReq, options)`](#de-identify-file-deidentifyfilefilereq-options) - [Get Run: `.getDetectRun(request)`](#get-run-getdetectrunrequest) - [Connections](#connections) - [Invoke a connection](#invoke-a-connection) @@ -56,7 +56,7 @@ The Skyflow SDK for Node.js, Deno, Bun, and Cloudflare Workers. - [`generateBearerToken(filepath)`](#generatebearertokenfilepath) - [`generateBearerTokenFromCreds(credentials)`](#generatebearertokenfromcredscredentials) - [Generate bearer tokens scoped to certain roles](#generate-bearer-tokens-scoped-to-certain-roles) - - [Generate a bearer tokens with `ctx` for context-aware authorization](#generate-a-bearer-tokens-with-ctx-for-context-aware-authorization) + - [Generate bearer tokens with `ctx` for context-aware authorization](#generate-bearer-tokens-with-ctx-for-context-aware-authorization) - [Generate signed data tokens: `generateSignedDataTokens(filepath, options)`](#generate-signed-data-tokens-generatesigneddatatokensfilepath-options) - [Logging](#logging) - [Example `skyflowConfig.logLevel: LogLevel.INFO`](#example-skyflowconfigloglevel-loglevelinfo) @@ -71,7 +71,7 @@ The Skyflow SDK for Node.js, Deno, Bun, and Cloudflare Workers. The Skyflow SDK enables you to connect to your Skyflow Vault(s) to securely handle sensitive data at rest, in-transit, and in-use. > [!IMPORTANT] -> This readme covers version 2 of the SDK. +> This readme documents SDK version 2. > For version 1 see the [v1.14.2 README](https://github.com/skyflowapi/skyflow-node/tree/1.14.2). > For more information on how to migrate see [MIGRATE_TO_V2.md](docs/migrate_to_v2.md). @@ -109,15 +109,17 @@ import { ## Quickstart -Get started quickly with the essential steps: authenticate, initialize the client, and perform a basic vault operation. This section provides a minimal setup to help you integrate the SDK efficiently. +Get started quickly with the essential steps: authenticate, initialize the client, and perform a basic vault operation. This section shows you a minimal working example. ### Authenticate -You can use an API key or a personal bearer token to directly authenticate and authorize requests with the SDK. +You can use an API key or a personal bearer token to directly authenticate and authorize requests with the SDK. Use API keys for long-term service authentication. Use bearer tokens for optimal security. ### API Key ```typescript +import { Credentials } from 'skyflow-node'; + const credentials: Credentials = { apiKey: "", }; @@ -126,16 +128,18 @@ const credentials: Credentials = { ### Bearer Token (static) ```typescript +import { Credentials } from 'skyflow-node'; + const credentials: Credentials = { token: "", }; ``` -For authenticating via generated bearer tokens including support for scoped tokens, context-aware access tokens, and more refer to the [Authentication & Authorization](#authentication--authorization) section. +For authenticating via generated bearer tokens including support for scoped tokens, context-aware access tokens, and more, refer to the [Authentication & Authorization](#authentication--authorization) section. ### Initialize the client -To get started, you must first initialize the skyflow client. While initializing the skyflow client, you can specify different types of credentials. +Initialize the Skyflow client first. You can specify different credential types during initialization. ```javascript import { Skyflow, SkyflowConfig, VaultConfig, Env, LogLevel } from 'skyflow-node'; @@ -162,15 +166,15 @@ const skyflowConfig: SkyflowConfig = { const skyflowClient: Skyflow = new Skyflow(skyflowConfig); ``` -For advanced initialization examples including examples using multiple vaults and different credential types, see [docs/advanced_initialization.md](docs/advanced_initialization.md). +See [docs/advanced_initialization.md](docs/advanced_initialization.md) for advanced initialization examples including multiple vaults and different credential types. ### Insert data into the vault, get tokens back -To insert data into your vault use the `insert` method. Make sure to set `insertOptions.setReturnTokens(true)` to ensure values are tokenized in the response. +Insert data into your vault using the `insert` method. Set `insertOptions.setReturnTokens(true)` to ensure values are tokenized in the response. -The `InsertRequest` class creates an insert request, which includes the values to be inserted as a list of records. +Create an insert request with the `InsertRequest` class, which includes the values to be inserted as a list of records. -Below is a simple example to get started. For advanced options, check out [Insert data into the vault](#insert-data-into-the-vault-1) section. +Below is a simple example to get started. See the [Insert and tokenize data](#insert-and-tokenize-data-insertrequest) section for advanced options. ```javascript import { InsertRequest, InsertOptions } from "skyflow-node"; @@ -193,7 +197,7 @@ console.log("Insert response:", insertResponse); ## Upgrade from v1 to v2 -For those upgrading from `skyflow-node` v1, we have a dedicated guide in [docs/migrate_to_v2](docs/migrate_to_v2.md). +Upgrade from `skyflow-node` v1 using the dedicated guide in [docs/migrate_to_v2.md](docs/migrate_to_v2.md). ## Vault @@ -201,7 +205,7 @@ The [Vault](https://docs.skyflow.com/docs/vaults) performs operations on the vau ### Insert and tokenize data: `.insert(request)` -Apart from using the `insert` method to insert data into your vault covered in [Quickstart](#quickstart), you can also pass options to `insert` method to enable additional functionality such as returning tokenized data, upserting records, or allowing bulk operations to continue despite errors. +Pass options to the `insert` method to enable additional functionality such as returning tokenized data, upserting records, or allowing bulk operations to continue despite errors. See [Quickstart](#quickstart) for a basic example. ```typescript import { InsertRequest, InsertResponse } from 'skyflow-node'; @@ -226,14 +230,14 @@ console.log('Insert response:', response); #### Insert example with `continueOnError` option -The `continueOnError` flag is a boolean that determines whether insert operation should proceed despite encountering partial errors. Set to `true` to allow the process to continue even if some errors occur. +Set the `continueOnError` flag to `true` to allow insert operations to proceed despite encountering partial errors. > [!TIP] > See the full example in the samples directory: [insert-continue-on-error.ts](samples/vault-api/insert-continue-on-error.ts) #### Upsert request -The upsert option turns an insert into an 'update-or-insert' operation. When enabling this option, the vault checks for an existing record with the same value in the specified column. If a match exists, the record is updated; otherwise, a new record is inserted. +Turn an insert into an 'update-or-insert' operation using the upsert option. The vault checks for an existing record with the same value in the specified column. If a match exists, the record updates; otherwise, a new record inserts. ```typescript // ... @@ -245,11 +249,11 @@ insertOptions.setUpsertColumn("cardholder_name"); ### Detokenize: `.detokenize(request, options)` -To convert tokens back into the plaintext values (or masked values), use the `.detokenize()` method. Detokenization accepts tokens and returns values. +Convert tokens back into plaintext values (or masked values) using the `.detokenize()` method. Detokenization accepts tokens and returns values. -The `DetokenizeRequest` class requires a list of tokens and column groups as input. +Create a detokenization request with the `DetokenizeRequest` class, which requires a list of tokens and column groups as input. -Additionally, you can provide optional parameters, such as the redaction type and the option to continue on error. +Provide optional parameters such as the redaction type and the option to continue on error. #### Construct a detokenize request @@ -281,7 +285,10 @@ console.log("Detokenization response:", response); ### Get Record(s): `.get(request, options)` -To retrieve data using Skyflow IDs or unique column values, use the get method. The `GetRequest` class creates a get request, where you specify parameters such as the table name, redaction type, Skyflow IDs, column names, column values. If you specify Skyflow IDs, you can't use column names and column values, and the inverse is true—if you specify column names and column values, you can't use Skyflow IDs. And `GetOptions` class creates a get options object through which you specify whether to return tokens or not. +Retrieve data using Skyflow IDs or unique column values with the get method. Create a get request with the `GetRequest` class, specifying parameters such as the table name, redaction type, Skyflow IDs, column names, and column values. + +> [!NOTE] +> You can't use both Skyflow IDs and column name/value pairs in the same request. Use the `GetOptions` class to specify whether to return tokens. #### Construct a get request @@ -302,7 +309,7 @@ console.log("Get response:", response); #### Get by Skyflow IDs -Retrieve specific records using skyflow `ids`. Ideal for fetching exact records when IDs are known. +Retrieve specific records using Skyflow IDs. Use this method when you know the exact record IDs. ```typescript import { @@ -341,10 +348,10 @@ console.log("Data retrieval successful:", getResponse); #### Get tokens for records -Return tokens for records. Ideal for securely processing sensitive data while maintaining data privacy. +Return tokens for records to securely process sensitive data while maintaining data privacy. ```ts -getOptions.setReturnTokens(true); // Optional: Set to true to get tokens +getOptions.setReturnTokens(true); // Set to `true` to get tokens ``` > [!TIP] @@ -352,7 +359,7 @@ getOptions.setReturnTokens(true); // Optional: Set to true to get tokens #### Get by column name and column values -Retrieve records by unique column values. Ideal for querying data without knowing Skyflow IDs, using alternate unique identifiers. +Retrieve records by unique column values when you don't know the Skyflow IDs. Use this method to query data with alternate unique identifiers. ```ts const getRequest: GetColumnRequest = new GetColumnRequest( @@ -367,7 +374,7 @@ const getRequest: GetColumnRequest = new GetColumnRequest( #### Redaction Types -Redaction types determine how sensitive data is displayed when retrieved from the vault. +Use redaction types to control how sensitive data displays when retrieved from the vault. **Available Redaction Types** @@ -384,7 +391,9 @@ Redaction types determine how sensitive data is displayed when retrieved from th ### Update Records -To update data in your vault, use the `update` method. The `UpdateRequest` class is used to create an update request, where you specify parameters such as the table name, data (as a dictionary). The `UpdateOptions` class is used to configure update options to returnTokens, tokens, and tokenMode. If `returnTokens` is set to True, Skyflow returns tokens for the updated records. If `returnTokens` is set to False, Skyflow returns IDs for the updated records. +Update data in your vault using the `update` method. Create an update request with the `UpdateRequest` class, specifying parameters such as the table name and data (as a dictionary). + +Configure update options using the `UpdateOptions` class to control returnTokens, tokens, and tokenMode. When `returnTokens` is `true`, Skyflow returns tokens for the updated records. When `false`, Skyflow returns IDs for the updated records. #### Construct an update request @@ -409,7 +418,7 @@ console.log('Update response:', response); ### Delete Records -To delete records using Skyflow IDs, use the `delete` method. The `DeleteRequest` class accepts a list of Skyflow IDs that you want to delete, as shown below: +Delete records using Skyflow IDs with the `delete` method. Create a delete request with the `DeleteRequest` class, which accepts a list of Skyflow IDs: ```typescript import { DeleteRequest, DeleteResponse } from "skyflow-node"; @@ -432,9 +441,9 @@ console.log("Delete response:", response); ### Query -To retrieve data with SQL queries, use the `query` method. `QueryRequest` is class that takes the `query` parameter as follows: +Retrieve data with SQL queries using the `query` method. Create a query request with the `QueryRequest` class, which takes the `query` parameter as follows: + -Refer to [Query your data](https://docs.skyflow.com/query-data/) and [Execute Query](https://docs.skyflow.com/record/#QueryService_ExecuteQuery) for guidelines and restrictions on supported SQL statements, operators, and keywords. ```typescript import { QueryRequest, QueryResponse } from "skyflow-node"; @@ -449,13 +458,14 @@ const response: QueryResponse = await skyflowClient console.log("Query response:", response); ``` - > [!TIP] > See the full example in the samples directory: [query-records.ts](samples/vault-api/query-records.ts) +Refer to [Query your data](https://docs.skyflow.com/query-data/) and [Execute Query](https://docs.skyflow.com/record/#QueryService_ExecuteQuery) for guidelines and restrictions on supported SQL statements, operators, and keywords. + ### Upload File -To upload files to a Skyflow vault, use the `uploadFile` method. The `FileUploadRequest` class accepts parameters such as the table name, column name and skyflow ID. And `FileUploadOptions` class accepts the file object as shown below: +Upload files to a Skyflow vault using the `uploadFile` method. Create a file upload request with the `FileUploadRequest` class, which accepts parameters such as the table name, column name, and Skyflow ID. Configure upload options with the `FileUploadOptions` class, which accepts the file object as shown below: ```typescript // Please use Node version 20 & above to run file upload @@ -497,11 +507,9 @@ console.log("File upload:", response); > [!TIP] > See the full example in the samples directory: [file-upload.ts](samples/vault-api/file-upload.ts) -### Get Tokens by Values: `.tokenize(request)` +### Retrieve Existing Tokens: `.tokenize(request)` -The `.tokenize()` method is used to retrieve tokens for values which already exist in the vault. Think of it as a "Get Tokens by Value" action. - -This method does not generate new tokens, only returns existing tokens from the vault. +Retrieve tokens for values that already exist in the vault using the `.tokenize()` method. This method returns existing tokens only and does not generate new tokens. #### Construct a `.tokenize()` request @@ -525,13 +533,13 @@ console.log("Tokenization Result:", response); ## Detect -Skyflow Detect enables you to deidentify and reidentify sensitive data in text and files, supporting advanced privacy-preserving workflows. +De-identify and reidentify sensitive data in text and files using Skyflow Detect, which supports advanced privacy-preserving workflows. ### De-identify Text: `.deidentifyText(request, options)` -To de-identify or _anonymize_ text, use the `deidentifyText` method. +De-identify or anonymize text using the `deidentifyText` method. -The `DeidentifyTextRequest` class creates a deidentify text request, which includes the text to be deidentified. Additionally, you can provide optional parameters using the `DeidentifyTextOptions` class. +Create a de-identify text request with the `DeidentifyTextRequest` class, which includes the text to be deidentified. Provide optional parameters using the `DeidentifyTextOptions` class. ```typescript import { @@ -551,7 +559,7 @@ const deidentifyTextRequest = new DeidentifyTextRequest( // Configure DeidentifyTextOptions const options = new DeidentifyTextOptions(); -options.setEntities([DetectEntities.ACCOUNT_NUMBER, DetectEntities.SSN]); // Entities to deidentify +options.setEntities([DetectEntities.ACCOUNT_NUMBER, DetectEntities.SSN]); // Entities to de-identify options.setAllowRegexList([""]); // Allowlist regex patterns options.setRestrictRegexList([""]); // Restrict regex patterns @@ -572,7 +580,7 @@ const response = await skyflowClient .detect(primaryVaultConfig.vaultId) .deidentifyText(deidentifyTextRequest, options); -console.log("Deidentify Text Response:", response); +console.log("De-identify Text Response:", response); ``` > [!TIP] @@ -580,7 +588,7 @@ console.log("Deidentify Text Response:", response); ### Re-identify Text: `.reidentifyText(request, options)` -To reidentify text, use the `reidentifyText` method. The `ReidentifyTextRequest` class creates a reidentify text request, which includes the redacted or de-identified text to be re-identified. Additionally, you can provide optional parameters using the `ReidentifyTextOptions` class to control how specific entities are returned (as redacted, masked, or plain text). +Re-identify text using the `reidentifyText` method. Create a reidentify text request with the `ReidentifyTextRequest` class, which includes the redacted or de-identified text to be re-identified. Provide optional parameters using the `ReidentifyTextOptions` class to control how specific entities are returned (as redacted, masked, or plain text). ```typescript import { @@ -611,11 +619,12 @@ console.log("Reidentify Text Response:", response); > [!TIP] > See the full example in the samples directory: [reidentify-text.ts](samples/detect-api/reidentify-text.ts) -### Deidentify File: `.deidentifyFile(fileReq, options)` +### De-identify File: `.deidentifyFile(fileReq, options)` -To deidentify files, use the `deidentifyFile` method. The `DeidentifyFileRequest` class creates a deidentify file request, which includes the file to be deidentified (such as images, PDFs, audio, documents, spreadsheets, or presentations). Additionally, you can provide optional parameters using the `DeidentifyFileOptions` class to control how entities are detected and deidentified, as well as how the output is generated for different file types. +De-identify files using the `deidentifyFile` method. Create a de-identify file request with the `DeidentifyFileRequest` class, which includes the file to be deidentified (such as images, PDFs, audio, documents, spreadsheets, or presentations). Provide optional parameters using the `DeidentifyFileOptions` class to control how entities are detected and deidentified, as well as how the output is generated for different file types. -**Note:** File de-identification requires Node.js v20.x or above. +> [!NOTE] +> File de-identification requires Node.js v20.x or above. ```typescript import { @@ -665,7 +674,7 @@ const response: DeidentifyFileResponse = await skyflowClient .detect(primaryVaultConfig.vaultId) .deidentifyFile(fileReq, options); -console.log('Deidentify File Response:', response); +console.log('De-identify File Response:', response); ``` **Supported file types:** @@ -680,7 +689,7 @@ console.log('Deidentify File Response:', response); **Notes:** -- Transformations cannot be applied to Documents, Images, or PDFs file formats. +- Transformations can't be applied to Documents, Images, or PDFs file formats. - The `waitTime` option must be ≤ 64 seconds; otherwise, an error is thrown. - If the API takes more than 64 seconds to process the file, it will return only the `runId` and `status` in the response. @@ -689,9 +698,7 @@ console.log('Deidentify File Response:', response); ### Get Run: `.getDetectRun(request)` -To retrieve the results of a previously started file de-identification operation - or 'run' - use the `getDetectRun(...)` method. -The `GetDetectRunRequest` class is initialized with the `runId` returned from a prior `.deidentifyFile(fileReq, options)` call. -This method allows you to fetch the final results of the file de-identification operation once they are available. +Retrieve the results of a previously started file de-identification operation (or 'run') using the `getDetectRun(...)` method. Initialize the `GetDetectRunRequest` class with the `runId` returned from a prior `.deidentifyFile(fileReq, options)` call. Fetch the final results of the file de-identification operation once they are available. ```typescript import { @@ -720,14 +727,14 @@ console.log('Get Detect Run Response:', response); ## Connections -Skyflow Connections is a gateway service that uses tokenization to securely send and receive data between your systems and first- or third-party services. The [connections](https://github.com/skyflowapi/skyflow-node/tree/v2/src/vault/controller/connections) module invokes both inbound and/or outbound connections. +Securely send and receive data between your systems and first- or third-party services using Skyflow Connections, a gateway service that uses tokenization. The [connections](https://github.com/skyflowapi/skyflow-node/tree/v2/src/vault/controller/connections) module invokes both inbound and outbound connections. - **Inbound connections**: Act as intermediaries between your client and server, tokenizing sensitive data before it reaches your backend, ensuring downstream services handle only tokenized data. - **Outbound connections**: Enable secure extraction of data from the vault and transfer it to third-party services via your backend server, such as processing checkout or card issuance flows. ### Invoke a connection -To invoke a connection, use the `invoke` method of the Skyflow client. +Invoke a connection using the `invoke` method of the Skyflow client. #### Construct an invoke connection request @@ -774,7 +781,7 @@ The method of `RequestMethod.POST` must be one of: The SDK accepts one of several types of credentials object. 1. **API keys** - A unique identifier used to authenticate and authorize requests to an API. To create an API key you must first create a 'Service Account' in Skyflow and choose the 'API key' option during creation. + A unique identifier used to authenticate and authorize requests to an API. Use for long-term service authentication. To create an API key, first create a 'Service Account' in Skyflow and choose the 'API key' option during creation. ```ts const credentials: Credentials = { @@ -783,7 +790,7 @@ The SDK accepts one of several types of credentials object. ``` 2. **Bearer tokens** - A temporary access token used to authenticate API requests. As a developer with the right access you can generate a temporary personal bearer token in Skyflow in the user menu. + A temporary access token used to authenticate API requests. Use for optimal security. As a developer with the right access, you can generate a temporary personal bearer token in Skyflow in the user menu. ```ts const credentials: Credentials = { @@ -792,8 +799,7 @@ The SDK accepts one of several types of credentials object. ``` 3. **Service account credentials file path** - The file path pointing to a JSON file containing credentials for a service account, used - for secure API access. + The file path pointing to a JSON file containing credentials for a service account. Use when credentials are managed externally or stored in secure file systems. ```ts const credentials: Credentials = { @@ -802,7 +808,7 @@ The SDK accepts one of several types of credentials object. ``` 4. **Service account credentials string** - JSON-formatted string containing service account credentials, often used as an alternative to a file for programmatic authentication. + JSON-formatted string containing service account credentials. Use when integrating with secret management systems or when credentials are passed programmatically. ```ts const credentials: Credentials = { @@ -811,17 +817,18 @@ The SDK accepts one of several types of credentials object. ``` 5. **Environment variables** - If no credentials are explicitly provided the SDK automatically looks for the SKYFLOW_CREDENTIALS environment variable. This variable must return an object like one of the examples above. + If no credentials are explicitly provided, the SDK automatically looks for the SKYFLOW_CREDENTIALS environment variable. Use to avoid hardcoding credentials in source code. This variable must return an object like one of the examples above. -**Note: Only one type of credential can be used at a time. If multiple credentials are provided, the last one added will take precedence.** +> [!NOTE] +> Only one type of credential can be used at a time. If multiple credentials are provided, the last one added will take precedence. ### Generate bearer tokens for authentication & authorization -This section covers methods for generating and managing bearer tokens to authenticate API calls, including options for scoping to certain roles, passing context, and signing data tokens. +Generate and manage bearer tokens to authenticate API calls. This section covers options for scoping to certain roles, passing context, and signing data tokens. #### Generate a bearer token -The [Service Account](https://github.com/skyflowapi/skyflow-node/tree/v2/src/service-account) Node package generates service account tokens using a service account credentials file, which is provided when a service account is created. The tokens generated by this module are valid for 60 minutes and can be used to make API calls to the [Data](https://docs.skyflow.com/record/) and [Management](https://docs.skyflow.com/management/) APIs, depending on the permissions assigned to the service account. +Generate service account tokens using the [Service Account](https://github.com/skyflowapi/skyflow-node/tree/v2/src/service-account) Node package with a service account credentials file provided when a service account is created. Tokens generated by this module are valid for 60 minutes and can be used to make API calls to the [Data](https://docs.skyflow.com/record/) and [Management](https://docs.skyflow.com/management/) APIs, depending on the permissions assigned to the service account. ##### `generateBearerToken(filepath)` @@ -850,7 +857,7 @@ Alternatively, you can also send the entire credentials as string by using `gene #### Generate bearer tokens scoped to certain roles -A service account with multiple roles can generate bearer tokens with access limited to a specific role by specifying the appropriate roleID. This can be used to limit access to specific roles for services with multiple responsibilities, such as segregating access for billing and analytics. The generated bearer tokens are valid for 60 minutes and can only execute operations permitted by the permissions associated with the designated role. +Generate bearer tokens with access limited to a specific role by specifying the appropriate roleID when using a service account with multiple roles. Use this to limit access for services with multiple responsibilities, such as segregating access for billing and analytics. Generated bearer tokens are valid for 60 minutes and can only execute operations permitted by the permissions associated with the designated role. ```ts const options = { @@ -862,11 +869,11 @@ const options = { > See the full example in the samples directory: [scoped-token-generation-example.ts](samples/service-account/scoped-token-generation-example.ts) > See [docs.skyflow.com](https://docs.skyflow.com) for more details on authentication, access control, and governance for Skyflow. -#### Generate a bearer tokens with `ctx` for context-aware authorization +#### Generate bearer tokens with `ctx` for context-aware authorization -**Context-aware authorization** embeds context values into a bearer token during its generation and so you can reference those values in your policies. This enables more flexible access controls, such as helping you track end-user identity when making API calls using service accounts, and facilitates using signed data tokens during detokenization. +Embed context values into a bearer token during generation so you can reference those values in your policies. This enables more flexible access controls, such as tracking end-user identity when making API calls using service accounts, and facilitates using signed data tokens during detokenization. -A service account with the context_id identifier generates bearer tokens containing context information, represented as a JWT claim in a Skyflow-generated bearer token. Tokens generated from such service accounts include a context_identifier claim, are valid for 60 minutes, and can be used to make API calls to the Data and Management APIs, depending on the service account's permissions. +Generate bearer tokens containing context information using a service account with the context_id identifier. Context information is represented as a JWT claim in a Skyflow-generated bearer token. Tokens generated from such service accounts include a context_identifier claim, are valid for 60 minutes, and can be used to make API calls to the Data and Management APIs, depending on the service account's permissions. > [!TIP] > See the full example in the samples directory: [token-generation-with-context-example.ts](samples/service-account/token-generation-with-context-example.ts) @@ -874,7 +881,7 @@ A service account with the context_id identifier generates bearer tokens contain #### Generate signed data tokens: `generateSignedDataTokens(filepath, options)` -Skyflow generates data tokens when sensitive data is inserted into the vault. These data tokens can be digitally signed with a service account's private key, adding an extra layer of protection. Signed tokens can only be detokenized by providing the signed data token along with a bearer token generated from the service account's credentials. The service account must have the necessary permissions and context to successfully detokenize the signed data tokens. +Digitally sign data tokens with a service account's private key to add an extra layer of protection. Skyflow generates data tokens when sensitive data is inserted into the vault. Detokenize signed tokens only by providing the signed data token along with a bearer token generated from the service account's credentials. The service account must have the necessary permissions and context to successfully detokenize the signed data tokens. > [!TIP] > See the full example in the samples directory: [signed-token-generation-example.ts](samples/service-account/signed-token-generation-example.ts) @@ -882,7 +889,7 @@ Skyflow generates data tokens when sensitive data is inserted into the vault. Th ## Logging -The SDK provides useful logging. By default the logging level of the SDK is set to `LogLevel.ERROR`. This can be changed by setting the `logLevel` in Skyflow Config while creating the Skyflow Client as shown below: +The SDK provides useful logging. By default, the logging level is set to `LogLevel.ERROR`. Change this by setting the `logLevel` in Skyflow Config while creating the Skyflow Client as shown below: Currently, the following five log levels are supported: @@ -897,7 +904,8 @@ Currently, the following five log levels are supported: - `OFF`: `LogLevel.OFF` can be used to turn off all logging from the Skyflow Python SDK. -**Note:** The ranking of logging levels is as follows: `DEBUG` < `INFO` < `WARN` < `ERROR` < `OFF`. +> [!NOTE] +> The ranking of logging levels is as follows: `DEBUG` < `INFO` < `WARN` < `ERROR` < `OFF`. ### Example `skyflowConfig.logLevel: LogLevel.INFO` @@ -915,7 +923,7 @@ const skyflowClient: Skyflow = new Skyflow(skyflowConfig); ### Catching `SkyflowError` instances -As a best practice always wrap your calls to the Skyflow SDK in try / catch blocks. The SDK provides the `SkyflowError` type which can be used to identify errors coming from Skyflow versus general request / response errors. +Wrap your calls to the Skyflow SDK in try/catch blocks as a best practice. Use the `SkyflowError` type to identify errors coming from Skyflow versus general request/response errors. ```ts try { @@ -936,7 +944,7 @@ try { ### Bearer token expiration edge cases -When you use bearer tokens for authentication and API requests in SDKs, there's the potential for a token to expire after the token is verified as valid but before the actual API call is made, causing the request to fail unexpectedly due to the token's expiration. An error from this edge case would look something like this: +When using bearer tokens for authentication and API requests, a token may expire after verification but before the actual API call completes. This causes the request to fail unexpectedly. An error from this edge case looks like this: ```txt message: Authentication failed. Bearer token is expired. Use a valid bearer token. See https://docs.skyflow.com/api-authentication/ @@ -952,4 +960,6 @@ If you encounter this kind of error, retry the request. During the retry the SDK ### Reporting a Vulnerability -If you discover a potential security issue in this project, please reach out to us at [mailto:security@skyflow.com](security@skyflow.com). Please do not create public GitHub issues or Pull Requests, as malicious actors could potentially view them. +If you discover a potential security issue in this project, reach out to us at [security@skyflow.com](mailto:security@skyflow.com). + +Don't create public GitHub issues or Pull Requests, as malicious actors could potentially view them. diff --git a/SECURITY.md b/SECURITY.md index 676e66b0..9f012c14 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,6 +2,6 @@ ## Reporting a Vulnerability -If you discover a potential security issue in this project, please reach out to us at [mailto:security@skyflow.com](security@skyflow.com). +If you discover a potential security issue in this project, reach out to us at [security@skyflow.com](mailto:security@skyflow.com). -Please do not create public GitHub issues or Pull Requests, as malicious actors could potentially view them. +Don't create public GitHub issues or Pull Requests, as malicious actors could potentially view them. diff --git a/docs/advanced_initialization.md b/docs/advanced_initialization.md index ecfad035..98bfae63 100644 --- a/docs/advanced_initialization.md +++ b/docs/advanced_initialization.md @@ -2,6 +2,8 @@ This guide demonstrates advanced initialization patterns for the Skyflow Node SDK, including multiple vault configurations and different credential types. +Use multiple vault configurations when your application needs to access data across different Skyflow vaults, such as managing data across different geographic regions. + ## Multiple Vault Configuration Example ```typescript diff --git a/docs/auth_credentials.md b/docs/auth_credentials.md index 698bfac9..b87c1ebd 100644 --- a/docs/auth_credentials.md +++ b/docs/auth_credentials.md @@ -1,6 +1,7 @@ # Authentication credentials options -Note: Only one type of credential can be used at a time. If multiple credentials are provided, the last one added will take precedence. +> [!NOTE] +> Only one type of credential can be used at a time. If multiple credentials are provided, the last one added will take precedence. 1. **API keys** A unique identifier used to authenticate and authorize requests to an API. diff --git a/docs/migrate_to_v2.md b/docs/migrate_to_v2.md index 5371874f..51124d63 100644 --- a/docs/migrate_to_v2.md +++ b/docs/migrate_to_v2.md @@ -16,7 +16,7 @@ These options allow you to choose the authentication method that best suits your ### v1 Authentication: Pass the auth function below as a parameter to the getBearerToken key -```javascript +```typescript // sample function to retrieve a bearer token from an environment variable // customize this according to your environment and security posture const auth = function () { @@ -28,10 +28,12 @@ const auth = function () { #### v2 Authentication: Credentials object -```javascript -{ +```typescript +import { Credentials } from 'skyflow-node'; + +const credentials: Credentials = { apiKey: "" -} +}; ``` // Option 2: Environment Variables (Recommended) @@ -39,22 +41,22 @@ const auth = function () { // Option 3: Credentials File -```js -const credentials = { path: "" }; // Replace with the path to credentials file +```typescript +const credentials: Credentials = { path: "" }; ``` // Option 4: Stringified JSON -```js -const credentials = { +```typescript +const credentials: Credentials = { credentialsString: JSON.stringify(process.env.SKYFLOW_CREDENTIALS), }; ``` // Option 5: Bearer Token -```js -const credentials = { token: "" }; +```typescript +const credentials: Credentials = { token: "" }; ``` ## Initializing the client @@ -78,7 +80,6 @@ const vault = Skyflow.init({ // Id of the vault that the client should connect to. vaultID: "string", // URL of the vault that the client should connect to. - vaultURL: "string", // Helper function generates a Skyflow bearer token. getBearerToken: auth, @@ -87,8 +88,10 @@ const vault = Skyflow.init({ #### V2 (New) -```javascript -// Step 1: Configure Bearer Token Credentials +```typescript +import { Credentials, VaultConfig, SkyflowConfig, Env, LogLevel, Skyflow } from 'skyflow-node'; + +// Step 1: Configure API Key Credentials const credentials: Credentials = { apiKey: '' }; // Step 2: Configure Vault @@ -119,13 +122,16 @@ const skyflowClient: Skyflow = new Skyflow(skyflowConfig); --- -### Request & Response Structure +### Request and Response Structure -In V2, with the introduction of TypeScript support, you can now pass an **InsertRequest** of type **InsertRequest**. This request need +In v2, with the introduction of TypeScript support, you can now pass an **InsertRequest** of type **InsertRequest**. This request requires: - **`tableName`**: The name of the table. - **`insertData`**: An array of objects containing the data to be inserted - The response will be of type InsertResponse, which contains insertedFields and errors. + +The response will be of type InsertResponse, which contains insertedFields and errors. + +**Note:** Similar patterns apply to other operations like Get, Update, Delete. See the [README](../README.md) for complete examples. #### V1 (Old) - Request Building @@ -217,7 +223,9 @@ const options = { #### V2 (New) -```javascript +```typescript +import { InsertOptions } from 'skyflow-node'; + const insertOptions: InsertOptions = new InsertOptions(); insertOptions.setReturnTokens(true); // Optional: Get tokens for inserted data insertOptions.setContinueOnError(true); // Optional: Continue on partial errors @@ -246,7 +254,7 @@ The error response now includes: #### V2 (New) - Error Structure -```javascript +```typescript { http_status?: string | number | null, grpc_code?: string | number | null, diff --git a/samples/README.md b/samples/README.md index 4c9c6046..80cc0efa 100644 --- a/samples/README.md +++ b/samples/README.md @@ -1,6 +1,6 @@ # Node.js SDK samples -Test the SDK by adding `VAULT-ID`, `VAULT-URL`, and `SERVICE-ACCOUNT` details in the required places for each sample. +Explore working examples that demonstrate common SDK operations. Start with basic vault operations like `insert-records.ts`, then explore other samples for specific use cases. ## Prerequisites @@ -9,7 +9,7 @@ Test the SDK by adding `VAULT-ID`, `VAULT-URL`, and `SERVICE-ACCOUNT` details in ## Prepare -- Install the Node SDK: +Install the Node SDK: ```bash npm install skyflow-node @@ -17,104 +17,76 @@ npm install skyflow-node ### Create a vault -1. In a browser, navigate to Skyflow Studio. -2. Create a vault by clicking **Create Vault** > **Start With a Template** > **Quickstart vault**. -3. Once the vault is created, click the gear icon and select **Edit Vault Details**. -4. Note your **Vault URL** and **Vault ID** values, then click **Cancel**. You'll need these later. +1. Navigate to Skyflow Studio in your browser. +2. Click **Create Vault** > **Start With a Template** > **Quickstart vault**. +3. When the vault is ready, click the gear icon and select **Edit Vault Details**. +4. Copy your **Vault URL** and **Vault ID**, then click **Cancel**. ### Create a service account -1. In the side navigation click, **IAM** > **Service Accounts** > **New Service Account**. -2. For **Name**, enter "SDK Samples". For **Roles**, choose **Vault Editor**. -3. Click **Create**. Your browser downloads a **credentials.json** file. Keep this file secure. You'll need it for each of the samples. +1. In the side navigation, click **Access** > **Service Accounts** > **New Service Account**. +2. Enter "SDK Samples" for **Name** and choose **Vault Editor** for **Roles**. +3. Click **Create**. Your browser downloads a **credentials.json** file. Store this file securely. ## The samples -### Detokenize - -Detokenize a data token from the vault. Make sure the specified token is for data that exists in the vault. If you need a valid token, use [Insert.ts](./vault-api/Insert.ts) to insert the data, then use this data's token for detokenization. - -1. Replace `` with **VAULT ID** -2. Replace `` with **VAULT URL**. -3. Replace `` with **COLUMN NAME**. -4. Replace `` with **Data Token 1**. -5. Replace `` with **Data Token 2**. -6. Replace `` with **Data Token 3**. -7. Replace `` with **Data Token 4**. -8. Replace `` with relative path of **SERVICE ACCOUNT CREDENTIAL FILE**. -9. Run the sample - -```bash -ts-node Detokenize.ts -``` - -### GetById - -Get data using skyflow id. - -1. Replace `` with **VAULT ID** -2. Replace `` with **VAULT URL**. -3. Replace `` with **Skyflow Id 1**. -4. Replace `` with **Skyflow Id 2**. -5. Replace `` with **Skyflow Id 3**. -6. Replace `` with relative path of **SERVICE ACCOUNT CREDENTIAL FILE**. -7. Replace `` with **credit_cards**. -8. Run the sample - -```bash -ts-node GetById.ts -``` - -### Insert - -Insert data in the vault. - -1. Replace `` with **VAULT ID**. -2. Replace `` with **VAULT URL**. -3. Replace `` with relative path of **SERVICE ACCOUNT CREDENTIAL FILE**. -4. Replace `` with **credit_cards**. -5. Replace `` with **column name**. -6. Replace `` with **valid value corresponding to column name**. -7. Run the sample - -```bash -ts-node Insert.ts -``` - -### InvokeConnection - -Skyflow Connections is a gateway service that uses Skyflow's underlying tokenization capabilities to securely connect to first-party and third-party services. This way, your infrastructure is never directly exposed to sensitive data, and you offload security and compliance requirements to Skyflow. - -1. Replace `` with **VAULT ID**. -2. Replace `` with **VAULT URL**. -3. Replace `` with relative path of **SERVICE ACCOUNT CREDENTIAL FILE**. -4. Replace `` with **Connection url**. -5. Give **Authorization** value as the tokens. -6. Replace value of **requestBody** with your's request body content. -7. Run the sample - -```bash -ts-node InvokeConnection.ts -``` - -### Service account token generation - -Generates a service account Bearer token using the file path of credentials.json. - -1. Replace `` with relative path of **SERVICE ACCOUNT CREDENTIAL FILE**. -2. Run the sample - -```bash -ts-node TokenGenerationExample.ts -``` - -### Generate a Bearer Token From `credentials.json` - -Generates a service account bearer token using the JSON content of a `credentials.json` file. - -1. Replace **credentials\*** with json data of downloaded credentials file while creation Service account. -2. Run the sample - -```bash -ts-node TokenGenerationUsingCredContent.ts -``` +Sample files are organized by API type: +- `vault-api/` - Vault operations (insert, get, update, delete, tokenize, detokenize) +- `detect-api/` - Detect operations (deidentify, reidentify) +- `service-account/` - Token generation examples + +### Running a sample + +1. Open the sample file you want to run (for example, `vault-api/insert-records.ts`) +2. Update placeholder values: + + | Placeholder | Replace With | + |-------------|--------------| + | `` | Your Vault ID from Skyflow Studio | + | `` | Your Cluster ID from the vault URL | + | `` | Relative path to your actual credentials file | + | `` | The name of a table in your vault (for example, `users`) | + | `` | The name of a column in your table (for example, `name`) | + | ``, ``, etc. | Actual record IDs from your vault | + | `` | Actual values to insert into your vault | + | ``, ``, etc. | Actual tokens from your vault | + | `` | Your connection URL | + +3. Run the sample: + + ```bash + cd samples + npm install + ts-node vault-api/insert-records.ts + ``` + +### Sample files overview + +**Vault API samples** ([`vault-api/`](vault-api/)): +- [`insert-records.ts`](vault-api/insert-records.ts) - Insert data and get tokens +- [`insert-continue-on-error.ts`](vault-api/insert-continue-on-error.ts) - Bulk insert with error handling +- [`insert-byot.ts`](vault-api/insert-byot.ts) - Upsert operations +- [`get-records.ts`](vault-api/get-records.ts) - Retrieve records by Skyflow IDs +- [`get-column-values.ts`](vault-api/get-column-values.ts) - Query by column values +- [`detokenzie-records.ts`](vault-api/detokenzie-records.ts) - Convert tokens to values +- [`tokenize-records.ts`](vault-api/tokenize-records.ts) - Get tokens for existing values +- [`update-record.ts`](vault-api/update-record.ts) - Update existing records +- [`delete-records.ts`](vault-api/delete-records.ts) - Delete records by ID +- [`query-records.ts`](vault-api/query-records.ts) - SQL query operations +- [`file-upload.ts`](vault-api/file-upload.ts) - Upload files to vault +- [`invoke-connection.ts`](vault-api/invoke-connection.ts) - Call external integrations + +**Detect API samples** ([`detect-api/`](detect-api/)): +- [`deidentify-text.ts`](detect-api/deidentify-text.ts) - Anonymize text data +- [`deidentify-file.ts`](detect-api/deidentify-file.ts) - Anonymize file data +- [`reidentify-text.ts`](detect-api/reidentify-text.ts) - Restore original values +- [`get-detect-run.ts`](detect-api/get-detect-run.ts) - Check operation status + +**Service Account samples** ([`service-account/`](service-account/)): +- [`token-generation-example.ts`](service-account/token-generation-example.ts) - Generate bearer tokens +- [`scoped-token-generation-example.ts`](service-account/scoped-token-generation-example.ts) - Role-scoped tokens +- [`token-generation-with-context-example.ts`](service-account/token-generation-with-context-example.ts) - Context-aware tokens +- [`signed-token-generation-example.ts`](service-account/signed-token-generation-example.ts) - Signed data tokens +- [`bearer-token-expiry-example.ts`](service-account/bearer-token-expiry-example.ts) - Handle token expiration + +For detailed API documentation, see the main [README](../README.md).