Query submissions

Most applications (or software) need to access information that is predominantly stored in a relational database. Since these databases, in many cases, store sensitive or personal data, not only does this information need to be safeguarded, but also the access of this information needs to be monitored.

Therefore, the first step is to extract information about how users of a given application access personal or sensitive data.

In this section, we describe our endpoint to submit queries (information on how data is being accessed), we show some examples on how to use it and we also explain how it can be integrated by the applications.

post

https://api-staging.privata.ai/databases/{db-key}/queries
In the body request you should send an array of JSON objects, each one corresponding to a query captured when your application accesses personal or sensitive information. A query can be represented by specifying the tables and columns being accessed.
Request
Response
Request
Path Parameters
db-key
required
string
The Database Key
Headers
Authorization
required
string
Bearer token as described in Authentication section
Body Parameters
tables *
required
array
An array of objects containing information about the tables and their columns being accessed
action
required
string
Type of access being performed by the query Possible values: Create, Read, Update, Delete Only required when tables exist
timestamp
required
number
Unix timestamp (UTC) when the query was performed
user
required
string
Unique ID that represents the user in your application that performs the SQL query
group
required
string
Role(s) of the user in your application
returnedRows
required
number
Number of returned results/rows by the query that is performed inside of the application
Response
200: OK
Success! 🎉

Table object

If you are able to get the tables and columns being accessed by the users of your application, you can send us only that information.

Therefore, you will only need to specify for each table: the table name and the names of the columns or attributes of the table being accessed.

Key

Type

Description

table

string

Table name

columns

array of strings

Column names

Examples

Use Case #1 - Healthcare

  • Two users use our custom application to access Personal Information:

    • User 1 with ID 4353479, belonging to Medical staff

    • User 2 with ID 1293234, belonging to Administrative staff

  • User 1 performs 2 queries to access personal information of 3 patients (3 results were returned by each query) in a Hospital:

    • On table Patient the user accessed the columns/attributes: first_name, last_name, phone_number and email.

    • On table Medical_Record the user accessed the columns/attributes: blood_typeand notes.

  • User 2 performs 1 query to access personal information of 1 patient in a Hospital:

    • On table Patient_Receipts the user accessed the columns/attributes: address, vat_number, social_security_number and email.

You can see the body request that your application should send depending if it's possible to specify the tables/columns or a Raw SQL:

Body request (if specifying tables)
Body request (if specifying tables)
[
{
"tables": [
{
"table": "Patient",
"columns": [
"first_name",
"last_name",
"phone_number",
"email"
]
}
],
"action": "Read",
"timestamp": 1567493198,
"user": "4353479",
"group": "Medics",
"returnedRows": 3
},
{
"tables": [
{
"table": "Medical_Record",
"columns": [
"blood_type",
"notes"
]
}
],
"action": "Read",
"timestamp": 1567493198,
"user": "4353479",
"group": "Medics",
"returnedRows": 3
},
{
"tables": [
{
"table": "Patient_Receipts",
"columns": [
"address",
"vat_number",
"social_security_number",
"email"
]
}
],
"action": "Read",
"timestamp": 1293234,
"user": "4353479",
"group": "Administrative",
"returnedRows": 1
}
]

Software Development Kits

With our SDKs you can more easily integrate with our services.