Skip to main content

PrivaceraCloud Documentation

Make encryption API calls on behalf of another user

:

Calling the encryption REST API for somebody else is sometimes called user impersonation.

If you have been given the ROLE_ACCOUNT_ADMIN role by the account administrator, you can make REST API calls on behalf of other users.

In this case, you pass your own username and password on the /protect or /unprotect endpoint and include the username of that other user as the value of the user: field. That other user's password is not required.

In the following example, user <privileged_user> includes his own password and specifies user:<username_being_impersonated> to make the call to /protect on behalf of that user:

curl -k -u <privileged_user>:<privileged_user_password -H "Accept: application/json" \
-d '{"schemelist":["TEST_EMAIL_NEW_30_6"], \
"datalist":[["sally@gmail.com"]], \
"user":"<username_being_impersonated>"}' \ 
-H 'Content-Type: application/json' <peg_server_URL_or_API_endpoint>api/peg/public/protect;

Data services, such as Databricks or Trino, can also take advantage of the privileged user as the service user, allowing the data service to run /protect and /unprotect on behalf of other users of the data service.