🔗
Linker Studio
  • Welcome!!
  • 🚀GETTING STARTED
    • Set up your custom project from Linker Studio
    • How to run the project
    • Linker Features
      • Glossary
      • Web
      • Mobile
        • Aggregators
        • Analytics
        • Authentication
        • BaaS
        • Carousel
        • Client Support
        • Error and Crash Reporting
        • Info Onboarding
        • KYC
        • Payroll
        • Pii Onboarding
        • Push Notifications - OneSignal
        • Settings
        • Subscriptions
      • Backend
        • Authentication
        • MFA
        • BaaS
        • Aggregators
        • Notifications
        • Payments
        • Deposit Switching
        • Support
        • Vault
        • Storage
        • Monitoring
        • Analytics
  • 🖥️WEB FEATURES
    • Page 2
  • 📱Mobile App Features
    • Project File Structure
    • Figma Tokens Integration
    • Core Module
      • Core UI Components
        • Atoms
        • Molecules
        • Organisms
        • Templates
      • Core Elements
      • Hooks
        • Force update
      • Endpoints used
      • States And Selectors
        • contentsDocuments
    • Modules
      • [New Feature Template]- Feature Name
        • UI Components - Template
          • Atoms
          • Molecules
          • Organisms
          • Templates
        • Hooks - Template
        • Endpoints Used
        • States and Selectors - Template
      • 📥KYC
        • Alloy
        • Baas
          • UI Components
            • Templates
          • Hooks - Template
          • Endpoints Used
          • States and Selectors - Template
        • common
          • UI Components
            • Templates
          • Endpoints Used
      • 🤝Aggregators
        • Plaid
          • Plaid/Rize notification before disabling account
      • 🤖Analytics
        • Amplitude
      • 🔐Authentication
        • Hooks
        • Auth0
          • Hooks
            • Login
            • Forgot password
          • 📧Verify Email
            • Hooks
        • Biometrics
          • Hooks
        • Auto Logout
        • States And Selectors
          • Authentication
      • 💰BaaS
        • Common
          • BaaS Navigation
          • External Accounts
          • UI Components
            • Molecules
            • Organisms
            • Templates
          • Hooks
            • Statements
            • Recurrent Transfers
            • Cards
              • Get Full Card
              • Lock and Unlock
              • Request Physical Debit Card
              • Reissue Debit Card
              • Set / Reset Debit Card Pin
            • Transfer
          • States And Selectors
            • Customer
            • Accounts
            • Cards
            • Transactions
          • Endpoints used
          • Constants
            • ACH_SERVICES
        • treasury
          • Constants
            • CONFIG_VALUES
      • 🛂Client Support
      • 🐛Error and Crash Reporting
        • Crashlytics
      • ℹ️Info Onboarding
        • States and Selectors
        • Hooks
          • Physical Card Request
      • 🌯Linker Wrapper
        • Linker Wrapper Messages Structure
        • Linker Wrapper Features
          • Push Notifications
            • Braze
          • In-App Purchase
      • 🛗MFA Verification Code
        • UI Components
          • Molecules
          • Templates
        • Hooks
        • Endpoints used
        • Configurable Constants
      • 🗞️Payroll
        • UI Components
          • Organisms
          • Templates
        • Hooks
        • States and Selectors
      • 📋PII Onboarding
        • UI Components
          • Atoms
          • Molecules
          • Organisms
          • Templates
        • Hooks
        • States and Selectors
      • 🔔Push Notifications
        • OneSignal
      • 🔧Settings
      • 🗄️Vault
        • VGS Show
        • VGS Collect
    • Cookbook
      • 🏦Neobank
        • Linked Functionalities
          • Edit Personal Details Linking
          • Request Physical Debit Card Linking
          • Get customer Data after SignUp/Login
  • ⛓️Backend API
    • Environments
    • Migrations
      • Configuration
      • Migration Commands
      • Base Model
      • Migration Structure
    • Seeds and Factories
      • Configuration
      • Seeds And Factories
    • SoftDelete
    • DB Fields Encryption
    • DB Structure
    • DB Configuration Table
      • API Endpoints
    • Orchestrator
    • Swagger
      • Setup
      • Decorators for Requests and Responses
      • Decorators for Controllers and HTTP Responses
      • Auth Decorator
      • Multiple Decorators
  • 🪙Finance Integrations
    • Recurring Transfers
      • Architecture
      • Jobs Server
      • Functionality
      • BaaS
        • Rize API Endpoints
        • Treasury Prime API Endpoints
        • Business Treasury Prime API Endpoints
    • BaaS
      • Rize
        • Env Variables
        • Rize API authentication
        • Onboarding
          • Customer Enrollment
          • Get Compliance Workflow
          • Acknowledge Compliance Workflow
          • Customer Complete Enrollment
        • KYC - Know Your Customer
          • Get KYC Documents
          • Upload KYC Document
        • Accounts
          • Get Customer Accounts
          • Get Customer Account By ID
          • Create Customer Account
          • Archive Customer Account
          • Get ACH Customer Accounts
        • Debit Cards
          • Get Debit Cards
          • Get Debit Card Image
          • Lock Debit Card
          • Unlock Debit Card
          • Create Physical Card
          • Activate Debit Card
          • Get Debit Card Set-Pin URL
          • Reissue Debit Card
        • Transactions
          • Get Transactions
        • Transfers
          • Internal Transfers
          • ACH transfers
        • Statements
          • Get Statements
          • Get Statement Document
        • Fake Transactions
        • Message Queue
        • Web Sockets
        • API Endpoints
          • Account Enums
          • Debit Card Enums
          • Transaction Enums
          • KYC Enums
      • Galileo
        • Environment Variables
        • Onboarding
          • Get Customer
          • Customer Enrollment
          • Customer Complete Enrollment
        • Customer Management
          • Get Profile
          • Update Profile
        • Accounts
        • Add Accounts
        • Card Management
          • Get Debit Cards
          • Get Image Card
          • Card Statuses
          • Debit Card Activation
          • Request Physical Card
          • Set PIN
          • Lock/Unlock
        • Transfer
        • Transactions
          • Get Transactions
          • Filter Transactions
        • ACH
          • Add ACH Account
          • Get ACH Accounts
          • Remove ACH Account
          • ACH Transactions
        • Statements
        • Plaid Integration
      • Synapse
        • Environment Variables
        • Terminology
        • Resources
        • API Endpoints
    • Aggregators
      • Add Account Service and new DB Table
      • Plaid
        • Plaid Configuration
        • Application Creation
        • Custom Application
        • Configure Single or Multi Accounts
        • Security Settings
        • Verification of Environment Variables
        • API Endpoints
        • Resources
        • Integrations
          • Rize
      • MX
        • Env Configuration
        • API Endpoints
  • 🔐Authentication
    • Auth0
      • Configuration
      • Protecting an endpoint
      • Email verification
      • API Reference
    • Twilio
      • 2FA
        • Verify Service Configuration
        • Verification Workflow
        • API Endpoints
  • 🪪 KYC
    • Persona
      • Configuration
      • Environment Variables
      • KYC Flow
  • ✉️ Mailings
    • Sendgrid
      • Configuration
      • Environment Variables
      • Send Email with Attachments
  • 🆘Supports
    • Zendesk
      • Configuration
      • API Endpoints
  • 📳NOTIFICATIONS
    • OneSignal
      • Schema
      • Setup
      • Environment Variables
      • API Endpoints
  • 🔐Security
    • VGS
      • Configuration
      • Rize Route Configuration
      • VGS Vault Basics
      • VGS Show
  • 🖥️MONITORING
    • New Relic
      • Configuration
      • Interceptor
  • 🧑‍🔧CONTENT ADMINISTRATOR
    • Notifications
    • Onboardings
      • DB Schema
      • Admin - API Endpoints
      • Client - API Endpoints
    • Documents
      • Document Category
      • Document
      • Client - API Endpoints
      • Admin - API Endpoints
    • App Versions
      • Device App Versions
      • API - Administrator
      • API - Client
  • 💵Payments
    • Stripe
      • Configuration
      • Customers
      • Sources
      • Authorization
      • Charges
      • API Endpoints
Powered by GitBook
On this page
  • What is VGS Vault?
  • Routes
  • Phases
  • Operation
  • Storage
  • Practical example

Was this helpful?

  1. Security
  2. VGS

VGS Vault Basics

What is VGS Vault?

VGS Vault helps us operate with sensitive data without the need to save that information ourselves.

It helps as an intermediary to send that sensitive information between the app and an external service without passing that raw information in our API.

For that, VGS tokenizes with aliases the sensitive information.

Routes

To tell VGS what information to tokenize and in which endpoints, we have to create rules also called routes, which will tell VGS which requests it has to intercept and what data has to be tokenized.

Inbound Routes

In inbound routes, VGS sits between your client (app / web) and your API.

That means it can intercept the requests that your client does to your API. It can also intercept the response that your API gives to your client.

Outbound Routes

In outbound routes VGS sits between your API and an external service (example: Rize, Unit, etc).

That means it can intercept the requests that your API does to the external service. It can also intercept the responses that the external services give to your API.

Phases

Each message passed through a route has a phase that can be On request or On response.

On request

When you set a rule to On request, it means that you want to intercept a request.

  • If done in an inbound route, it will intercept the request made by the client.

  • If done in an outbound route, it will intercept the request made by the API.

On response

When you set a rule to On response, it means that you want to intercept a response.

  • If done in an inbound route, it will intercept the response made by the API.

  • If done in an outbound route, it will intercept the response made by the external service.

Operation

Redact

When selecting redact, you are tokenizing the data you have set in the body.

Reveal

When selecting reveal, you are revealing the raw information of the token you have set in the body.

Storage

Persistent

Persistent storage means that VGS will keep the relation of the token and the data permanently.

IMPORTANT: If you redacted a token with a persistent storage and you want to reveal it, the reveal rule has to have persistent storage too.

Volatile

Volatile storage means that the VGS token of the data will expire in 1 hour.

Practical example

Let's say you want to tokenize the SSN the client sends to an external service and that external service returns the SSN in the same request and you want to show it on the client.

For that you will have to do the following:

  • Create an inbound rule that:

    • Has redact operation because you want to tokenize the SSN that the client sends so your API doesn't receive the raw data.

    • Has On request because the client is making a request to your API.

  • Create another inbound rule that:

    • Has reveal operation because you want to show back the SSN that the external service is sending in the response to your API in the client.

    • Has On response because you are responding from your API to the client an SSN token that VGS will provide you.

  • Create an outbound rule that:

    • Has reveal operation because you want to reveal the raw SSN of the token that your API is sending to the external service.

    • Has On request because your API is sending the SSN token to the external service with a request.

  • Create another outbound rule that:

    • Has redact operation because you want to tokenize back the SSN the external service is sending to your API.

    • Has On response because the external service is sending back a response to your API.

PreviousRize Route ConfigurationNextVGS Show

Last updated 2 years ago

Was this helpful?

🔐