Configuring Any API Field Encryption

The API encryption and field mapping will instead be performed in the Any API app you added.

1. Back on the API application settings page, click the green plus icon to add a new Endpoint.
   
   
   
   1. First provide a name and enter the request URI.
   2. Select the format which you will be sending data for this endpoint (JSON, XML, CSV).
   3. Select the action that you are taking (inline, batch, decrypt).
   4. Click the Sample Request option and enter an example of a data request that will be uploaded using this API and click Save at the bottom.
      
      
      

      
      
      
   5. Click Save at the top right of the Request Setup page.
      
      
      
2. After uploading the Sample Request, you are presented some new fields to configure:
   1. Match Requests On: This table allows you to select which field and value needs to be present before performing any actions. Click the Green Plus icon to add a new line and select the Field from the drop-down and select the appropriate Value that needs to be present before you take actions.

      If an API request contains a field name such as Content Type and values of Account Name, Client Name, and Social Security Number, then the actions configured on the Actions Taken on Matched Requests card will be applied. If no fields are configured in the Match Requests On table, then the actions will be applied during all API requests based on the selected fields in the Actions Taken On Matched Requests card. In my example. I have input a field of decrypt with a value of false. Meaning if I include that field and value in my post then the data I am pushing will follow the action in the field mapping (in this case encrypt). If I don't include that then no actions will be taken.

      
      
      
   2. Field Mapping: This card will let you select which particular fields will be encrypted or tokenized. Click the Green Plus to add a new line and select the JSONPath you wish to take an action on. Then select the encryption Object you created above in step 2 of the main encryption setup as well as the field to specify the exact action being taken. Again actions will only be taken if a particular value is matched based on the Match Requests On table. If nothing was filled out for Match Requests On then your configured fields will always be encrypted or tokenized in your API requests.

      

   3. Transaction Log Settings: Here you can specify a HTTP Header Field that will appear in your logs and will allow you to track and/or debug requests. You can add as many header fields as you would like to add them as items that can be tracked and filtered in your Dashboard logs.

   

3. Once you have configured the field mapping you are now set and can move on to pushing data via the API and having it be encrypted or tokenized as desired.
   Note:

   When making API calls you must ensure the following two items:

   1. The API endpoint you are posting to equals the Forcepoint ONE SSE API Domain URL you find in the API app settings appended by the API endpoint URI you are trying to post to. For example with our app we created the URL would be "https://bg-u9mbigyfzk-874.api.bitglass.onpremise2.net" and the endpoint URI is "/api/now/table/incident/" so combined we would get "https://bg-u9mbigyfzk-874.api.bitglass.onpremise2.net/api/now/table/incident"
      
      
      

      

   2. You must also ensure that your API calls include a custom Forcepoint ONE SSE header "X-BG-SIGV2" with the value of the header being the signature key generated on your API app. Please see the example Postman calls below if you would like to see an example of data being pushed through this API flow to be encrypted in ServiceNow.