Skip to main content

Privacera Platform

Table of Contents

Make encryption API calls on behalf of another user


Calling the encryption REST API for somebody else is sometimes called user impersonation.

If you have been granted privileged user status by the account administrator, you can make REST API calls on behalf of other users.

In this case, you pass your own username and password on the /protect or /unprotect endpoint and include the username of that other user as the value of the user: field. That other user's password is not required.

In the following example, user <privileged_user> includes his own password and specifies user:<username_being_impersonated> to make the call to /protect on behalf of that user:

curl -k -u <privileged_user>:<privileged_user_password -H "Accept: application/json" \
-d '{"schemelist":["TEST_EMAIL_NEW_30_6"], \
"datalist":[[""]], \
"user":"<username_being_impersonated>"}' \ 
-H 'Content-Type: application/json' <peg_server_URL_or_API_endpoint>api/peg/public/protect;

Data services, such as Databricks or Trino, can also take advantage of the privileged user as the service user, allowing the data service to run /protect and /unprotect on behalf of other users of the data service.