Personally identifiable information (PII) learning (Beta)

Privacy laws across the globe require protecting user information in various forms. Our products help you find and manage this information as it passes through the network. Or network continues looking for personal data outside of your API definitions in the event some appears in payloads you didn't expect.

What is PII?

Personally identifiable information (PII) is any information or combination of information that identifies an individual. That includes anything involving personal information: name, social security number, date and place of birth, mother's maiden name, biometric data, or any other data linked to an individual that can be used to identify who they are.

For more information on PII, see What is PII.

How does PII learning work?

The network finds locations in your API that look like they contain PII, for example a parameter that appears to contain an email address or credit card number, and flags the parameter for your review. You'll see the parameter with a PII flag the next time you log in to Control Center and navigate to your api definition. Note that the parameter's value is not visible in Control Center, only the parameter itself.

What PII types are supported?

Currently, email addresses and credit or debit card numbers.

What do I do when PII is found in my API?

While PII discovery finds PII in any of your APIs, you can only take action for PII found in APIs you've registered in API Definitions. See Respond to PII recommendations for more details.

You can still see PII found in APIs that you haven't registered, but you'll need to register them before you respond to the PII recommendations.

Once PII in a parameter is defined and the API is registered, you can choose how the network enforces the PII constraints for that API.