<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Michele</title>
    <description>The latest articles on DEV Community by Michele (@mmichele1).</description>
    <link>https://dev.to/mmichele1</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3962183%2Fe99816db-d7c7-4875-ab31-6bcb00e20504.jpg</url>
      <title>DEV Community: Michele</title>
      <link>https://dev.to/mmichele1</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/mmichele1"/>
    <language>en</language>
    <item>
      <title>How to Anonymize PII in Text with an API</title>
      <dc:creator>Michele</dc:creator>
      <pubDate>Thu, 09 Jul 2026 21:48:22 +0000</pubDate>
      <link>https://dev.to/mmichele1/how-to-anonymize-pii-in-text-with-an-api-1p69</link>
      <guid>https://dev.to/mmichele1/how-to-anonymize-pii-in-text-with-an-api-1p69</guid>
      <description>&lt;h2&gt;
  
  
  What Is Data Masking?
&lt;/h2&gt;

&lt;p&gt;Data masking is a technique that replaces sensitive information with realistic but fictitious data, preserving the format and structure of the original while removing its identifiable meaning. The goal is to keep data usable for development, testing, analytics, or sharing — without exposing real personally identifiable information (PII).&lt;/p&gt;

&lt;p&gt;Common masking techniques include:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Substitution&lt;/strong&gt; — Replace a real value with a plausible fake (e.g., &lt;code&gt;Alice Smith&lt;/code&gt; → &lt;code&gt;Jane Doe&lt;/code&gt;).&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Masking (partial obscuring)&lt;/strong&gt; — Show only a portion of the value (e.g., &lt;code&gt;4111-1111-1111-1234&lt;/code&gt; → &lt;code&gt;****-****-****-1234&lt;/code&gt;).&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Redaction&lt;/strong&gt; — Remove the value entirely.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Hashing&lt;/strong&gt; — Replace with a cryptographic hash. Irreversible, but deterministic when salted.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Data masking is widely used in non-production environments, analytics pipelines, data marketplaces, and any scenario where real PII is not needed but structural fidelity is.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Is Dynamic Data Masking?
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Static data masking (SDM)&lt;/strong&gt; applies transformations to data at rest — you clone a production database, mask it, and ship the masked copy to a lower environment. The masking happens once, and the result is a permanent dataset.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Dynamic data masking (DDM)&lt;/strong&gt; applies transformations &lt;em&gt;on the fly&lt;/em&gt;, at query or API time, based on who is asking. The original data stays untouched; the masking rules are applied in the response layer. This means:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Different roles see different levels of detail (e.g., support agents see the last 4 digits of a credit card; auditors see the full number).&lt;/li&gt;
&lt;li&gt;No masked copies to maintain — one source of truth, many views.&lt;/li&gt;
&lt;li&gt;Masking policies are centralized and enforceable without application changes.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://veramask.com" rel="noopener noreferrer"&gt;Veramask&lt;/a&gt; implements a DDM-style model over an API: you send a request with payload and settings, and receive back the transformed result in real time. No data is persisted on the server — each call is independent and stateless.&lt;/p&gt;

&lt;h2&gt;
  
  
  Anonymizing PII with the Veramask API
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://veramask.com" rel="noopener noreferrer"&gt;Veramask&lt;/a&gt; exposes two endpoints for dynamic PII masking:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Endpoint&lt;/th&gt;
&lt;th&gt;Input&lt;/th&gt;
&lt;th&gt;Use Case&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;POST /v1/anonymizeText&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Raw string&lt;/td&gt;
&lt;td&gt;Free-text fields, log lines, chat messages, documents&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;POST /v1/anonymizeJSON&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;JSON object&lt;/td&gt;
&lt;td&gt;Structured payloads, API responses, database records&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Both accept a common set of controls: &lt;code&gt;settings&lt;/code&gt; for global behavior (locale, confidence threshold, consistency salt) and &lt;code&gt;overrides&lt;/code&gt; for per-entity-type strategy selection.&lt;/p&gt;

&lt;h3&gt;
  
  
  Step 1: Get an API Key
&lt;/h3&gt;

&lt;p&gt;Sign up through the &lt;a href="https://veramask-gateway-3irxmt23.uc.gateway.dev" rel="noopener noreferrer"&gt;Veramask Developer Portal&lt;/a&gt; to obtain an API key. You will include this key in the &lt;code&gt;x-api-key&lt;/code&gt; header of every request.&lt;/p&gt;

&lt;h3&gt;
  
  
  Step 2: Make Your First Anonymization Request
&lt;/h3&gt;

&lt;p&gt;The simplest call sends raw text and relies on default strategies for each detected entity type.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-X&lt;/span&gt; POST https://veramask-gateway-3irxmt23.uc.gateway.dev/v1/anonymizeText &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"x-api-key: YOUR_API_KEY"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{
    "data": "Alice Smith can be reached at alice@example.com or +1 555 123 9999"
  }'&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Response:&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"masked_data"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Jane Doe can be reached at fake_user@example.com or +1 555 482 7714"&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Notice that &lt;code&gt;PERSON&lt;/code&gt;, &lt;code&gt;EMAIL_ADDRESS&lt;/code&gt;, and &lt;code&gt;PHONE_NUMBER&lt;/code&gt; were all detected and replaced with synthetic substitutes — the names are swapped, the email faked, and the phone number replaced — while the sentence structure is preserved.&lt;/p&gt;

&lt;h3&gt;
  
  
  Step 3: Choose Your Anonymization Strategy Per Entity Type
&lt;/h3&gt;

&lt;p&gt;You can override the default behavior for any entity type using the &lt;code&gt;overrides&lt;/code&gt; object. Five strategies are available:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Strategy&lt;/th&gt;
&lt;th&gt;Behavior&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;mask&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Partially obscures the value (configurable character, count, direction)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;redact&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Removes the value entirely&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;replace&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Substitutes with a fixed caller-provided value&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;hash&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Replaces with a SHA-256 digest (salted when &lt;code&gt;consistency_salt&lt;/code&gt; is set)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;substitute&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Replaces with realistic synthetic data via the Faker library&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;&lt;strong&gt;Example — Mask email addresses, hash phone numbers, substitute person names:&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-X&lt;/span&gt; POST https://veramask-gateway-3irxmt23.uc.gateway.dev/v1/anonymizeText &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"x-api-key: YOUR_API_KEY"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{
    "data": "Alice Smith can be reached at alice@example.com or +1 555 123 9999",
    "overrides": {
      "PERSON": { "type": "substitute", "attribute": "name" },
      "EMAIL_ADDRESS": {
        "type": "mask",
        "masking_char": "*",
        "chars_to_mask": 10,
        "from_end": false
      },
      "PHONE_NUMBER": { "type": "hash" }
    }
  }'&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Response:&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"masked_data"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Christopher Taylor can be reached at **********@example.com or a1b2c3d4e5f6..."&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Step 4: Enable Deterministic (Repeatable) Output
&lt;/h3&gt;

&lt;p&gt;By default, Veramask produces different synthetic values on each call. If you need consistent anonymization — for example, to join datasets across time without leaking identity — provide a &lt;code&gt;consistency_salt&lt;/code&gt;.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-X&lt;/span&gt; POST https://veramask-gateway-3irxmt23.uc.gateway.dev/v1/anonymizeText &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"x-api-key: YOUR_API_KEY"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{
    "data": "Alice Smith can be reached at alice@example.com",
    "settings": {
      "consistency_salt": "0123456789abcdef"
    }
  }'&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The same input with the same salt always produces the same output. This is &lt;strong&gt;deterministic pseudonymization&lt;/strong&gt; — the transformation is repeatable without maintaining a lookup table.&lt;/p&gt;

&lt;h3&gt;
  
  
  Step 5: Anonymize Structured JSON
&lt;/h3&gt;

&lt;p&gt;For JSON payloads, use &lt;code&gt;/v1/anonymizeJSON&lt;/code&gt;. Veramask traverses all string values recursively.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-X&lt;/span&gt; POST https://veramask-gateway-3irxmt23.uc.gateway.dev/v1/anonymizeJSON &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"x-api-key: YOUR_API_KEY"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{
    "data": {
      "customer": {
        "name": "Alice Smith",
        "email": "alice@example.com"
      },
      "notes": [
        "Home address: 7211 Jewel Lake Rd, Anchorage, Alaska"
      ]
    },
    "settings": {
      "confidence_threshold": 0.7
    },
    "overrides": {
      "EMAIL_ADDRESS": { "type": "substitute", "attribute": "email" }
    }
  }'&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Response:&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"masked_data"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"customer"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"name"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Christopher Taylor"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"email"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"pespinoza@example.com"&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"notes"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="s2"&gt;"Home address: 7211 Lake Brentland, Kathymouth, Rowehaven"&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The JSON structure is preserved exactly — keys, nesting, and non-string types are untouched. Only string values containing PII are transformed.&lt;/p&gt;

&lt;h3&gt;
  
  
  Step 6: Tune Detection Sensitivity
&lt;/h3&gt;

&lt;p&gt;The &lt;code&gt;confidence_threshold&lt;/code&gt; (range &lt;code&gt;0.0&lt;/code&gt;–&lt;code&gt;1.0&lt;/code&gt;, default &lt;code&gt;0.4&lt;/code&gt;) controls how aggressively Veramask flags tokens as PII:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Lower values&lt;/strong&gt; (e.g., &lt;code&gt;0.2&lt;/code&gt;) — more aggressive; catches borderline cases but may over-mask.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Higher values&lt;/strong&gt; (e.g., &lt;code&gt;0.8&lt;/code&gt;) — conservative; only masks high-confidence detections, reducing false positives.
&lt;/li&gt;
&lt;/ul&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="s2"&gt;"settings"&lt;/span&gt;: &lt;span class="o"&gt;{&lt;/span&gt;
  &lt;span class="s2"&gt;"confidence_threshold"&lt;/span&gt;: 0.8
&lt;span class="o"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  End-to-End Workflow Summary
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Client App                  Veramask Gateway              Anonymization Engine
    │                             │                              │
    │  POST /v1/anonymizeText     │                              │
    │  x-api-key: ...             │                              │
    │  { data, settings, ... }    │                              │
    │────────────────────────────&amp;gt;│                              │
    │                             │  1. Authenticate API key     │
    │                             │  2. Check subscription       │
    │                             │  3. Validate features        │
    │                             │  4. Attach GCP key           │
    │                             │                              │
    │                             │  POST /anonymizeText         │
    │                             │  { data, settings, ... }     │
    │                             │─────────────────────────────&amp;gt;│
    │                             │                              │
    │                             │    NER → strategy → mask     │
    │                             │                              │
    │                             │  { masked_data }             │
    │                             │&amp;lt;─────────────────────────────│
    │                             │                              │
    │                             │  5. Strip internal fields    │
    │  { masked_data }            │                              │
    │&amp;lt;────────────────────────────│                              │
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Default Entity Strategies (No Overrides)
&lt;/h2&gt;

&lt;p&gt;When you don't specify &lt;code&gt;overrides&lt;/code&gt;, Veramask applies sensible defaults per entity type:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Entity Type&lt;/th&gt;
&lt;th&gt;Default&lt;/th&gt;
&lt;th&gt;Example Output&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;CREDIT_CARD&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Mask (last 4)&lt;/td&gt;
&lt;td&gt;&lt;code&gt;****1234&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;CRYPTO&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Hash&lt;/td&gt;
&lt;td&gt;&lt;code&gt;e3b0c442...&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;DATE_TIME&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Jitter (±7 days)&lt;/td&gt;
&lt;td&gt;Date shifted deterministically&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;EMAIL_ADDRESS&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Substitute&lt;/td&gt;
&lt;td&gt;&lt;code&gt;fake_user@example.com&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;IBAN_CODE&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Partial hash&lt;/td&gt;
&lt;td&gt;&lt;code&gt;DE******9999&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;IP_ADDRESS&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Mask (last octet)&lt;/td&gt;
&lt;td&gt;&lt;code&gt;192.168.1.0&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;MAC_ADDRESS&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Mask (last 3 octets)&lt;/td&gt;
&lt;td&gt;&lt;code&gt;AD:F3:7A:00:00:00&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;PERSON&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Substitute&lt;/td&gt;
&lt;td&gt;Synthetic name&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;LOCATION&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Substitute&lt;/td&gt;
&lt;td&gt;Synthetic state/region&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;PHONE_NUMBER&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Substitute&lt;/td&gt;
&lt;td&gt;Synthetic phone number&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;URL&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Redact (query strings)&lt;/td&gt;
&lt;td&gt;Keeps base domain&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;h2&gt;
  
  
  Error Handling
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Status&lt;/th&gt;
&lt;th&gt;Meaning&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;400&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Malformed request or validation failure&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;403&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Feature not in subscription plan&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;413&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Payload exceeds size limit&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;422&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Request model validation errors&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;500&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Internal server error&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;h2&gt;
  
  
  Key Takeaways
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Data masking&lt;/strong&gt; obscures PII while preserving structure; &lt;strong&gt;dynamic data masking&lt;/strong&gt; does this at request time with no persistent copy.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Veramask&lt;/strong&gt; gives you an API-first DDM layer: send data, get it back anonymized, no storage involved.&lt;/li&gt;
&lt;li&gt;Five strategies (&lt;code&gt;mask&lt;/code&gt;, &lt;code&gt;redact&lt;/code&gt;, &lt;code&gt;replace&lt;/code&gt;, &lt;code&gt;hash&lt;/code&gt;, &lt;code&gt;substitute&lt;/code&gt;) give per-entity-type control.&lt;/li&gt;
&lt;li&gt;A &lt;code&gt;consistency_salt&lt;/code&gt; enables deterministic pseudonymization for referential integrity.&lt;/li&gt;
&lt;li&gt;The &lt;code&gt;/v1/anonymizeText&lt;/code&gt; endpoint handles free text; &lt;code&gt;/v1/anonymizeJSON&lt;/code&gt; handles structured objects.&lt;/li&gt;
&lt;li&gt;Zero retention means no long-term PII liability on the service side.&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>api</category>
      <category>privacy</category>
      <category>security</category>
      <category>tutorial</category>
    </item>
  </channel>
</rss>
