API standard and pre-built SDKs in multi-language
The OpenAPI specification of this product (Sddp/2019-01-03) follows the RPC standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.
Custom signature
If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).
Before you begin
An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. To call APIs securely, create a Resource Access Management (RAM) user with API access only, configure its AccessKey pairs, and implement the principle of least privilege (PoLP) through RAM policies. Use the Alibaba Cloud account only when its permissions are explicitly required for specific scenarios.
Data audit
|
API |
Title |
Description |
| DescribeAuditLogs | DescribeAuditLogs | Retrieves a list of audit alert logs. |
Service-linked roles
|
API |
Title |
Description |
| CreateSlrRole | CreateSlrRole | Call CreateSlrRole to create a service-linked role for Data Security Center (DSC). This role authorizes DSC to access your cloud resources. |
Authorization
|
API |
Title |
Description |
| DeleteDataLimit | DeleteDataLimit | Revokes the scan authorization for a data asset, such as a database, instance, or bucket. |
| DescribeDataLimits | DescribeDataLimits | Queries the list of data assets for authorized instances, databases, and buckets. |
| ModifyDataLimit | ModifyDataLimit | You can call ModifyDataLimit to modify the configuration items of a connection authorization in Data Security Center (DSC). |
| DescribeDataLimitDetail | DescribeDataLimitDetail | Retrieves the details of an authorized data asset, such as a MaxCompute project, ApsaraDB RDS database, or OSS bucket. |
| CreateDataLimit | CreateDataLimit | You can call the CreateDataLimit operation to grant permissions to scan databases, projects, and buckets. |
| DescribeDataLimitSet | DescribeDataLimitSet | Call the DescribeDataLimitSet operation to query the authorization list for unstructured assets or the list of regions supported by Data Security Center. |
| DescribeInstanceSources | DescribeInstanceSources | Queries a list of data assets. |
| DescribeParentInstance | DescribeParentInstance | Lists assets and their authorization status. |
Identification configuration
|
API |
Title |
Description |
| ScanOssObjectV1 | ScanOssObjectV1 | The ScanOssObjectV1 operation creates a scan task to detect sensitive data in a specified object. |
| CreateScanTask | CreateScanTask | You can call the CreateScanTask operation to create a custom scan task to detect sensitive data in authorized assets. |
| ModifyDefaultLevel | ModifyDefaultLevel | Modifies the rules that define threat levels for sensitive data. This includes the default threat level for unidentified data and the threat levels for data that is classified as sensitive. |
| ModifyRuleStatus | ModifyRuleStatus | Enables or disables sensitive data detection rules. |
| ModifyRule | ModifyRule | Modifies a custom sensitive data detection rule in Data Security Center (DSC). |
| DeleteRule | DeleteRule | Deletes a custom sensitive data detection rule. |
| CreateRule | CreateRule | Call CreateRule to create a custom sensitive data detection rule. |
Data detection
|
API |
Title |
Description |
| DescribeRules | DescribeRules | Queries a list of sensitive data detection rules. |
| DescribeRiskLevels | DescribeRiskLevels | Call the DescribeRiskLevels operation to retrieve a list of risk levels for sensitive data. |
| DescribeDataAssets | DescribeDataAssets | Searches for data assets on the Overview page of Data Security Center (DSC). |
| DescribeInstances | DescribeInstances | Retrieves a list of authorized MaxCompute, RDS, and OSS data asset instances. |
| DescribeTables | DescribeTables | Queries tables in data assets, such as MaxCompute and RDS, that Data Security Center is authorized to access. |
| DescribeColumns | DescribeColumns | You can call the DescribeColumns API to query column data in data asset tables, such as MaxCompute and RDS, that are authorized to connect to Data Security Center. |
| DescribeColumnsV2 | Query Data in Columns of Data Assets V2 | The DescribeColumnsV2 operation queries data in the columns of data asset tables, such as those in MaxCompute and RDS, that are authorized in Data Security Center. |
| DescribeOssObjects | DescribeOssObjects | Lists authorized OSS objects. |
| DescribeOssObjectDetail | DescribeOssObjectDetail | Obtains detailed information about an authorized OSS object in Data Security Center. |
| DescribeOssObjectDetailV2 | DescribeOssObjectDetailV2 | Obtains detailed information about an authorized OSS object in Data Security Center. |
| DescribePackages | DescribePackages | Retrieves information about MaxCompute packages authorized for scanning, including package names, owner accounts, and risk levels. |
| DescribeCategoryTemplateList | Query Industry Template List | Lists industry-specific templates. |
| DescribeCategoryTemplateRuleList | DescribeCategoryTemplateRuleList | Queries a paginated list of rules in a data classification template. |
| DescribeTemplateAllRules | Query All Models List of Industry Templates | Lists all rules in an industry-specific template. |
| DescribeDocTypes | DescribeDocTypes | Queries a list of file types supported by Object Storage Service (OSS). |
| DescribeDataObjects | Query Data Object List | Queries data detection results for tables and files across your connected data assets. |
| DescribeDataObjectColumnDetail | Query Data Object Column Details | Queries the detection results for columns in a data table. |
| DescribeDataObjectColumnDetailV2 | Query Data Object Column Details V2 | Queries the detection results for the columns of a data table. |
Security configuration
|
API |
Title |
Description |
| CreateConfig | CreateConfig | Modifies the general alert configuration parameters. |
| DescribeConfigs | DescribeConfigs | Queries common configuration items for anomaly alerts. |
| ModifyReportTaskStatus | ModifyReportTaskStatus | You can call the ModifyReportTaskStatus operation to enable or disable report tasks. |
| DescribeUserStatus | DescribeUserStatus | Queries the status of a user account. |
| DisableUserConfig | DisableUserConfig | You can call the DisableUserConfig operation to disable a user configuration. After a configuration is disabled, you can call the CreateConfig operation and specify the same Code parameter to restore the general anomaly alert configuration. |
Anomaly event
|
API |
Title |
Description |
| ModifyEventTypeStatus | ModifyEventTypeStatus | This operation enables anomalous activity detection for subtypes. |
| ModifyEventStatus | ModifyEventStatus | Handles anomalous activities. |
| DescribeEvents | DescribeEvents | Lists anomalous events. |
| DescribeEventDetail | DescribeEventDetail | Retrieves the details of an anomalous event, including its occurrence time, description, and handling status. |
| DescribeEventTypes | DescribeEventTypes | Queries anomalous activity types. |
Data desensitization
|
API |
Title |
Description |
| DescribeDataMaskingTasks | DescribeDataMaskingTasks | Call DescribeDataMaskingTasks to retrieve a list of data masking tasks. |
| DescribeDataMaskingRunHistory | DescribeDataMaskingRunHistory | You can call DescribeDataMaskingRunHistory to query the execution history of data masking tasks. |
| ExecDatamask | ExecDatamask | You can call the ExecDatamask operation to dynamically mask data. |
| StopMaskingProcess | StopMaskingProcess | You can call the StopMaskingProcess operation to stop a data masking task. You can call the ManualTriggerMaskingProcess operation to restart a stopped task using its unique resource ID. |
| ManualTriggerMaskingProcess | ManualTriggerMaskingProcess | Triggers a data masking task. |
Other
|
API |
Title |
Description |
| DescribeIdentifyTaskStatus | Get Identification Task Status | Retrieves the completion status of a detection task based on the task ID. You can obtain the task ID from the Id field in the return value of a CreateScanTask or ScanOssObjectV1 API call. |
Others
|
API |
Title |
Description |
| MaskOssImage | MaskOssImage | The MaskOssImage operation masks images in OSS objects. |
| RestoreOssImage | RestoreOssImage | You can call the RestoreOssImage operation to restore desensitized images. |
该文章对您有帮助吗?