Understanding Forcepoint DLP data pattern in API setup and policies

After uploading and validating DPS license JSON, you can select Forcepoint DLP data pattern from the Data Patterns section while configuring API scanning of files for any of the following supported applications:

  • Microsoft 365
  • Google Workspace
  • Salesforce
  • ServiceNow
  • Box
  • Dropbox
  • AWS S3
  • Cisco Webex


Forcepoint DLP currently supports scanning of File objects for API Scanning.

While configuring the application, you can select either Forcepoint DLP data pattern or other Forcepoint ONE SSE data patterns available under Protect > Objects > DLP Objects page.

Forcepoint ONE SSE executes the action returned by Forcepoint DLP.

Following are the limitations if FSM-based DLP policy control is used for API scanning:

  • You cannot configure Forcepoint ONE SSE data patterns alongside Forcepoint DLP data pattern. If you configure Forcepoint ONE SSE data patterns alongside Forcepoint DLP data pattern and save the application API setup, then an error message “Forcepoint DLP data pattern cannot be configured with other data patterns in API setup” appears.

  • When the application API setup contains only Forcepoint DLP data pattern and when you configure a new API policy on the Protect > Policies page and save it, then an error message “API policy actions cannot be configured on Forcepoint ONE and are controlled via the FSM. Please configure actions in the FSM” appears.

  • Any existing API policies if present will not be enforced if the API setup is later changed to contain only the Forcepoint DLP data pattern. These API policies will become read-only and will display a message saying they are not enforced.