Tokenization Vault Example Use Case

This is an overview of how a business application, such as a banking application, interacts with the Tokenization Vault to tokenize data.

In summary:

  • You add the relevant user (user account for the business application) to the list of vault users. This user must also be added to the relevant access policy.

  • You set up the required tokenization policies.

  • The keys for each policy are stored on KeyControl Vault or, optionally, an HSM.

  • The business application interacts with the vault through REST API calls.

  • The business application sends data to the vault, for tokenization using the relevant policy.

  • The data is tokenized and the token returned to the business application.

  • The business application stores and uses the token as needed.

Note that the original data and tokenized data is not stored in the vault.

REST API

Applications interact with the vault using REST API calls.

For example, an application sends token data to the vault to be tokenized using a specific policy:

Copy 
    {
        "policyName" :"CreditCard-1",
        "tokenData" : "1234-1234-1234-1238"
    }

In this example, the tokenization policy is 'CreditCard-1' and the data to be tokenized is '1234-1234-1234-1238'.

For full details of the available API calls, see KeyControl Vault Tokenization Vault APIs.