=begin #Vault HTTP API #Storing, retrieving, and managing sensitive data within a VGS organization. **NOTE:** _The Vault API is intended only for environments that are already PCI-compliant. If you want to use this API, but are not yet PCI-compliant, you can use [VGS Collect](https://www.verygoodsecurity.com/docs/vgs-collect/what-is-it) or VGS Proxy with [Inbound Routes](https://www.verygoodsecurity.com/docs/getting-started/quick-integration#securing-inbound-connection) to quickly and seamlessly achieve compliance._ Looking for the old version of the API? Find it [here](https://www.verygoodsecurity.com/docs/api/1/vault). # Introduction Each encrypted value stored in a VGS vault has one or multiple _aliases_ associated with it. These aliases are fully opaque and retain no information about the underlying data. The user may safely store aliases without compromising data security. **NOTE:** The API works with persistent storage only. Unlike volatile storage, this means that the data is stored permanently, without any implicit TTL. Aliases are not valuable on their own. However, they can be used to decrypt the associated value and pass it to another service via the [forward proxy](https://www.verygoodsecurity.com/docs/guides/outbound-connection). ## Alias Formats Each alias corresponds to a certain format. There are several alias formats suitable for different kinds of sensitive data. For example, `UUID` produces a random Base58-encoded UUID string with an environment-dependent prefix: ``` tok_sandbox_bhtsCwFUzoJMw9rWUfEV5e ``` This format is generic and suitable for any kind of data. The tables below contain descriptions of all alias formats recognized by the API. ### Generic Formats | Value | Description | |-------------------------|-------------------------------------------------------| | `NUM_LENGTH_PRESERVING` | Length-Preserving, Numeric | | `RAW_UUID` | UUID | | `UUID` | UUID (Prefixed, Base58-Encoded) | | `GENERIC_T_FOUR` | UUID (Prefixed, Base58-Encoded, Last four preserving) | ### Account Number Formats | Value | Description | |-----------------------------------|--------------------------------------| | `FPE_ACC_NUM_T_FOUR` | Length-Preserving, Numeric (A4) | | `FPE_ALPHANUMERIC_ACC_NUM_T_FOUR` | Length-Preserving, Alphanumeric (A4) | ### Payment Card Formats | Value | Description | |------------------|---------------------------------------------| | `FPE_SIX_T_FOUR` | Format-Preserving, Luhn Valid (6T4) | | `FPE_T_FOUR` | Format-Preserving, Luhn Valid (T4) | | `PFPT` | Prefixed, Luhn Valid, 19-Digit Fixed Length | ### SSN Formats | Value | Description | |------------------|------------------------| | `FPE_SSN_T_FOUR` | Format-Preserving (A4) | # Authentication This API uses `Basic` authentication. Credentials to access the API can be generated on the [dashboard](https://dashboard.verygoodsecurity.com) by going to the Settings section of the vault of your choosing. [Docs » Guides » Access credentials](https://www.verygoodsecurity.com/docs/settings/access-credentials) # Rate Limiting The API allows up to 3,000 requests per minute. Requests are associated with the vault, regardless of the access credentials used to authenticate the request. Your current rate limit is included as HTTP headers in every API response: | Header Name | Description | |-------------------------|----------------------------------------------------------| | `x-ratelimit-remaining` | The number of requests remaining in the 1-minute window. | If you exceed the rate limit, the API will reject the request with HTTP [429 Too Many Requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/429). # Errors The API uses standard HTTP status codes to indicate whether the request succeeded or not. In case of failure, the response body will be JSON in a predefined format. For example, trying to create too many aliases at once results in the following response: ```json { \"errors\": [ { \"status\": 400, \"title\": \"Bad request\", \"detail\": \"Too many values (limit: 20)\", \"href\": \"https://api.sandbox.verygoodvault.com/aliases\" } ] } ``` The version of the OpenAPI document: 1.0.0 Contact: support@verygoodsecurity.com Generated by: https://openapi-generator.tech OpenAPI Generator version: 6.0.0-SNAPSHOT =end module VgsapiClient class Configuration # Defines url scheme attr_accessor :scheme # Defines url host attr_accessor :host # Defines url base path attr_accessor :base_path # Define server configuration index attr_accessor :server_index # Define server operation configuration index attr_accessor :server_operation_index # Default server variables attr_accessor :server_variables # Default server operation variables attr_accessor :server_operation_variables # Defines API keys used with API Key authentications. # # @return [Hash] key: parameter name, value: parameter value (API key) # # @example parameter name is "api_key", API key is "xxx" (e.g. "api_key=xxx" in query string) # config.api_key['api_key'] = 'xxx' attr_accessor :api_key # Defines API key prefixes used with API Key authentications. # # @return [Hash] key: parameter name, value: API key prefix # # @example parameter name is "Authorization", API key prefix is "Token" (e.g. "Authorization: Token xxx" in headers) # config.api_key_prefix['api_key'] = 'Token' attr_accessor :api_key_prefix # Defines the username used with HTTP basic authentication. # # @return [String] attr_accessor :username # Defines the password used with HTTP basic authentication. # # @return [String] attr_accessor :password # Defines the access token (Bearer) used with OAuth2. attr_accessor :access_token # Set this to enable/disable debugging. When enabled (set to true), HTTP request/response # details will be logged with `logger.debug` (see the `logger` attribute). # Default to false. # # @return [true, false] attr_accessor :debugging # Defines the logger used for debugging. # Default to `Rails.logger` (when in Rails) or logging to STDOUT. # # @return [#debug] attr_accessor :logger # Defines the temporary folder to store downloaded files # (for API endpoints that have file response). # Default to use `Tempfile`. # # @return [String] attr_accessor :temp_folder_path # The time limit for HTTP request in seconds. # Default to 0 (never times out). attr_accessor :timeout # Set this to false to skip client side validation in the operation. # Default to true. # @return [true, false] attr_accessor :client_side_validation ### TLS/SSL setting # Set this to false to skip verifying SSL certificate when calling API from https server. # Default to true. # # @note Do NOT set it to false in production code, otherwise you would face multiple types of cryptographic attacks. # # @return [true, false] attr_accessor :verify_ssl ### TLS/SSL setting # Set this to false to skip verifying SSL host name # Default to true. # # @note Do NOT set it to false in production code, otherwise you would face multiple types of cryptographic attacks. # # @return [true, false] attr_accessor :verify_ssl_host ### TLS/SSL setting # Set this to customize the certificate file to verify the peer. # # @return [String] the path to the certificate file # # @see The `cainfo` option of Typhoeus, `--cert` option of libcurl. Related source code: # https://github.com/typhoeus/typhoeus/blob/master/lib/typhoeus/easy_factory.rb#L145 attr_accessor :ssl_ca_cert ### TLS/SSL setting # Client certificate file (for client certificate) attr_accessor :cert_file ### TLS/SSL setting # Client private key file (for client certificate) attr_accessor :key_file # Set this to customize parameters encoding of array parameter with multi collectionFormat. # Default to nil. # # @see The params_encoding option of Ethon. Related source code: # https://github.com/typhoeus/ethon/blob/master/lib/ethon/easy/queryable.rb#L96 attr_accessor :params_encoding attr_accessor :inject_format attr_accessor :force_ending_format def initialize @scheme = 'https' @host = 'api.sandbox.verygoodvault.com' @base_path = '' @server_index = 0 @server_operation_index = {} @server_variables = {} @server_operation_variables = {} @api_key = {} @api_key_prefix = {} @client_side_validation = true @verify_ssl = true @verify_ssl_host = true @params_encoding = nil @cert_file = nil @key_file = nil @timeout = 0 @debugging = false @inject_format = false @force_ending_format = false @logger = defined?(Rails) ? Rails.logger : Logger.new(STDOUT) yield(self) if block_given? end # The default Configuration object. def self.default @@default ||= Configuration.new end def configure yield(self) if block_given? end def scheme=(scheme) # remove :// from scheme @scheme = scheme.sub(/:\/\//, '') end def host=(host) # remove http(s):// and anything after a slash @host = host.sub(/https?:\/\//, '').split('/').first end def base_path=(base_path) # Add leading and trailing slashes to base_path @base_path = "/#{base_path}".gsub(/\/+/, '/') @base_path = '' if @base_path == '/' end # Returns base URL for specified operation based on server settings def base_url(operation = nil) index = server_operation_index.fetch(operation, server_index) return "#{scheme}://#{[host, base_path].join('/').gsub(/\/+/, '/')}".sub(/\/+\z/, '') if index == nil server_url(index, server_operation_variables.fetch(operation, server_variables), operation_server_settings[operation]) end # Gets API key (with prefix if set). # @param [String] param_name the parameter name of API key auth def api_key_with_prefix(param_name, param_alias = nil) key = @api_key[param_name] key = @api_key.fetch(param_alias, key) unless param_alias.nil? if @api_key_prefix[param_name] "#{@api_key_prefix[param_name]} #{key}" else key end end # Gets Basic Auth token string def basic_auth_token 'Basic ' + ["#{username}:#{password}"].pack('m').delete("\r\n") end # Returns Auth Settings hash for api client. def auth_settings { 'basicAuth' => { type: 'basic', in: 'header', key: 'Authorization', value: basic_auth_token }, } end # Returns an array of Server setting def server_settings [ { url: "https://api.sandbox.verygoodvault.com", description: "Sandbox", }, { url: "https://api.live.verygoodvault.com", description: "Live", }, { url: "https://api.live-eu-1.verygoodvault.com", description: "Live EU", } ] end def operation_server_settings { } end # Returns URL based on server settings # # @param index array index of the server settings # @param variables hash of variable and the corresponding value def server_url(index, variables = {}, servers = nil) servers = server_settings if servers == nil # check array index out of bound if (index < 0 || index >= servers.size) fail ArgumentError, "Invalid index #{index} when selecting the server. Must be less than #{servers.size}" end server = servers[index] url = server[:url] return url unless server.key? :variables # go through variable and assign a value server[:variables].each do |name, variable| if variables.key?(name) if (!server[:variables][name].key?(:enum_values) || server[:variables][name][:enum_values].include?(variables[name])) url.gsub! "{" + name.to_s + "}", variables[name] else fail ArgumentError, "The variable `#{name}` in the server URL has invalid value #{variables[name]}. Must be #{server[:variables][name][:enum_values]}." end else # use default value url.gsub! "{" + name.to_s + "}", server[:variables][name][:default_value] end end url end end end