Resolve a token

UserClouds allows you to tokenize sensitive data on its way out of the store. This provides a simple, efficient way to improve your data security & reduce your compliance workload. This article covers

Generating tokens

There are two ways to generate tokens in UserClouds:

• Pass raw data, a data transformer and an access policy to the CreateToken API
• Execute an accessor that uses a tokenizing transformer on outbound data

In the latter case, you may choose to use a TokenizeByValue transformer, or a TokenizeByReference transformer.

• Tokenize By Value Transformers create a resolvable token with an associated access policy. If the value of the raw data later changes, the token will resolve to the value of the data at the point of transformation.
• Tokenize By Reference Transformers create a resolvable token with an associated access policy. If the value of the raw data later changes, the token will resolve to the latest value of the data. Tokens generated by reference also respect user consent changes.

Resolving tokens

To resolve a token, call the ResolveToken API. This API receives a token and context, evaluates the tokens access policy and returns the raw data if the access policy is met.

If the token was generated with a Tokenize By Value Transformer, the token will resolve to the value of the data as it was at the time of the tokenization.

If the token was generated with a Tokenize By Reference Transformer, the token will resolve to the latest value of the data. Furthermore, the resolution will only succeed if the user still consents to the data accessor's data processing purpose(s).