Now that you’ve defined your solution, you can start building it. During this stage, you’ll build your solution in your Sandbox instance of Skyflow, test integrations with the other components of your architecture, and review the security of your solution with Skyflow to harden compliance requirements before moving to production.
Integrating Skyflow into your systems is a multi-step process that involves setting up authentication, configuring roles and policies, integrating server-side and client-side components, and implementing additional processing/external integration features as needed.
Implement authentication and configure data governance together to minimize gaps in access control and data management. Start by identifying the necessary personas or roles for your solution and set up users or service accounts accordingly. This approach allows you to define specific roles and permissions, ensuring users access only the data and functionalities they need. As you establish authentication, you may uncover additional needs or constraints that can refine your data governance policies, and vice versa.
Comprehensive reference for all Skyflow API endpoints.
Explore and test APIs using OpenAPI definitions and Postman collections.
To use Skyflow’s Management API, Data API, or SDKs, you need a JWT bearer token (recommended) or an API Key to authenticate your API calls.
You can generate a bearer token using one of the following:
Unless your use case requires you to use an API key, use bearer tokens. Bearer tokens are time-limited—they’re valid for only 60 minutes—and are therefore considered more secure than traditional API keys, which are long-lived.
An overview of authentication in Skyflow.
Learn how to generate a bearer token using an SDK, a Python script, or Studio.
Data Governance is a set of capabilities that enable customers to finely control access to sensitive data. Skyflow lets you define custom roles and policies for access control to ensure compliance and security.
During this process, you must do the following:
Create new custom roles as needed to specify exactly who gets which privileges.
Refer to the policy expression language reference and define custom access policies in Skyflow Studio or via the Create Policy API.
Sample policies:
A frontend service account with permissions to create/insert and tokenize:
A back-end service account with permissions to read and detokenize:
For more examples of policies to use, refer to the policy catalog.
Attach your policies to your roles.
Assign your custom roles to users and service accounts, as needed.
If you generate a bearer token with a Get Bearer Token request, you can enhance security by limiting the token’s permissions through role specification. Define the scope of the request by specifying a subset of available roles, using a string format to include the desired roles, such as ‘role:{roleID1} role:{roleID2}’.
Security tip: As you define additional access controls for your data, keep the following best practices in mind:
When it comes to integrating Skyflow with server-side components, you have two options:
You also have two options available when integrating Skyflow in client-side components:
Elements: Skyflow Elements are building blocks for creating UI forms that collect sensitive data, such as credit card information, without exposing it to the back-end.
Security tip: If your use case requires storing payment data, Skyflow Elements, client-side SDKs, and Server-side SDKs can help reduce the complexity of PCI compliance and enhance data security.
Client-Side SDKs: Skyflow’s client-side SDKs enable you to securely collect, tokenize, and reveal sensitive data directly in the browser, all without exposing your frontend infrastructure to any sensitive information.
Learn how to handle sensitive data in your client-side applications.
Learn how to collect and reveal sensitive data using Skyflow Elements.
Skyflow offers various options to easily get data into vaults, providing various ways to control data ingestion. You can transfer data into vaults with Skyflow Studio, APIs or SDKs.
You can import data into your vault in several ways:
Important: When you add data to your Sandbox vault for testing, only include data necessary for testing purposes. Don’t use production data.
Implement processing and integration features as needed to meet your solution requirements.
Skyflow Connections is an HTTPS gateway service that uses Skyflow’s tokenization capabilities to securely connect to first-party and third-party services. You can configure a Skyflow Connection in two modes:
Note: Skyflow needs to review and whitelist all third-party URLs (outbound base URLs) for Connections before you can use them in production environments. If your solution uses Connections, reach out to your point of contact at Skyflow to whitelist the required outbound third-party URLs.
Functions let you process sensitive data by adding custom logic to your Connections. With functions, you can develop custom code using Node.js to perform tasks such as:
Once you upload your custom code, you can deploy this code to your environment and invoke the deployment using a Connection.
Pipelines are a prescriptive solution that can securely transfer large volumes of sensitive data from a source system to your vault. Pipelines enable batch workflows that securely transfer large volumes of sensitive data from a source system to a vault.
Pipelines can also de-identify sensitive data during migration. By calling Skyflow APIs, you can create and trigger pipelines without hosting or provisioning compute resources while minimizing the risk of exposing your infrastructure to sensitive data.
Pipelines support the following features:
Here are some examples of how you can use pipelines:
Once you have completed development, test your solution to make sure it meets security and compliance requirements.
While you should be testing throughout the development process, it’s especially important to thoroughly test everything in Sandbox before you can move to Production. Comprehensive testing validates that your solution functions as needed and fits securely into your architecture.
During this process, you must do the following:
After testing your solution, the next step is to conduct a quick security review with Skyflow to review your solution and security best practices.
Understand and troubleshoot common errors encountered while using Skyflow.
Before you migrate to your production instance, it’s important make your solution is as secure as possible before going live.
During this process, you must do the following:
Review the recommended security best practices checklist for your solution.
Note: See PCI compliance walkthrough if you store payment data.
After you complete the checklist, schedule a security review with Skyflow to validate compliance with security standards. During this meeting, Skyflow reviews your solution and provides guidance to help improve compliance and security.
Implement the suggested changes.
Once you’ve built and tested your end-to-end solution in your Sandbox instance of Skyflow, the final step is to go live.