Detokenization
Single
Overview
The Single Detokenization API is used to convert a token back to its original sensitive data value.
This API should only be used by authorized applications or services that are allowed to retrieve the original data based on the configured OneDB policy.
Endpoint
POST https://<onedb-hostname>:8443/api/v1/detokenize?singleRequest Headers
Authorization: Bearer {{ONEDB_BEARER}}
Content-Type: application/jsonRequest Body
{
"trxId": 52,
"templateName": "App_Without_Masking",
"token": "3324-1991-5516-0208"
}Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
trxId |
Number | Yes | Unique transaction ID provided by the client application for tracking and audit reference. |
templateName |
String | Yes | Name of the detokenization template configured in OneDB. |
token |
String | Yes | Token value that will be converted back to the original sensitive data. |
Successful Response
{
"trxId": 52,
"success": true,
"data": "4111-2222-3333-4444"
}Successful Response Fields
| Field | Type | Description |
|---|---|---|
trxId |
Number | Transaction ID returned from the request. |
success |
Boolean | Indicates whether the detokenization request was successful. |
data |
String | Original sensitive data value returned from the token. |
Failed Response
{
"trxId": 52,
"success": false,
"message": "Invalid template name!"
}Failed Response Fields
| Field | Type | Description |
|---|---|---|
trxId |
Number | Transaction ID returned from the request. |
success |
Boolean | Indicates whether the detokenization request was successful. The value is false when the request fails. |
message |
String | Error message describing why the detokenization request failed. |
Example Request Using cURL
curl -X POST "https://<onedb-hostname>:8443/api/v1/detokenize?single" \
-H "Authorization: Bearer {{ONEDB_BEARER}}" \
-H "Content-Type: application/json" \
-d '{
"trxId": 52,
"templateName": "App_Without_Masking",
"token": "3324-1991-5516-0208"
}'Notes
- This API requires a valid Bearer token.
- The
templateNamemust match an existing template configured in OneDB. - The
tokenvalue must be a valid token generated by OneDB. - The
trxIdshould be unique for each request to support tracking, troubleshooting, and audit reference. - If the request fails with
Invalid template name!, verify that the template name exists and is active in OneDB. - Detokenization may expose the original sensitive data, so access to this API should be strictly controlled.
