Endpoints
Authentication
All requests require an x-api-key header. Generate keys from the API Keys page.
Vault lets you mask and unmask sensitive data in any string or JSON object. Tokens are stored encrypted and tied to your account.
https://ycsummer.vercel.app//api/maskMask sensitive values in a plain text string. Detected values are replaced with vault tokens.
Headers
x-api-keystringrequiredYour Vault API key
Content-Typestringrequiredapplication/json
Body
textstringrequiredThe plain text string to mask
Response
{
"masked": "My card is __CARD_a1b2c3__ and email is __EMAIL_d4e5f6__"
}curl -X POST https://yourdomain.com/api/mask \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"text": "My card is 4111111111111111 and email is john@gmail.com"}'/api/unmaskRestore original values from a string containing vault tokens.
Headers
x-api-keystringrequiredYour Vault API key
Content-Typestringrequiredapplication/json
Body
textstringrequiredThe string containing vault tokens to unmask
Response
{
"unmasked": "My card is 4111111111111111 and email is john@gmail.com"
}curl -X POST https://yourdomain.com/api/unmask \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"text": "My card is __CARD_a1b2c3__ and email is __EMAIL_d4e5f6__"}'/api/mask-deepRecursively mask sensitive values inside any JSON object or array. Every string field is scanned and masked automatically.
Headers
x-api-keystringrequiredYour Vault API key
Content-Typestringrequiredapplication/json
Body
anyobject | arrayrequiredAny valid JSON — objects, arrays, nested structures
Response
{
"masked": {
"name": "John",
"email": "__EMAIL_d4e5f6__",
"payment": {
"card": "__CARD_a1b2c3__",
"cvv": "__CVV_x7y8z9__"
}
}
}curl -X POST https://yourdomain.com/api/mask-deep \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"name":"John","email":"john@gmail.com",
"payment":{"card":"4111111111111111","cvv":"123"}}'