Help Center/ Data Security Center/ API Reference/ Before You Start
Updated on 2025-04-27 GMT+08:00
View PDF
Share

Before You Start

Overview

The Data Security Center (DSC) is a next-generation, cloud-native data security management platform. It offers fundamental data security features, including data classification and grading, data masking, and data watermarking. The DSC visualizes the overall data security posture in the cloud via an asset map and facilitates comprehensive, one-stop data security operations.

This document describes how to use the APIs provided by DSC to perform operations such as database watermarking, image watermarking, and data masking.

API Calling

DSC supports representational state transfer (REST) APIs, allowing you to call APIs using HTTPS.

For details about API calling, see Calling APIs.

Endpoints

An endpoint is the request address for calling an API. Endpoints vary depending on services and regions. For the endpoints of all services, see Regions and Endpoints.

Limitations and Constraints

  • Table 1 lists the document and image watermarks supported by the DSC.
    Table 1 Supported document/image watermark types

    Document/Image Watermark Carrier

    Office (Windows and macOS)

    WPS (Windows, Mac, Linux, and Mobile OSs)

    Adobe Reader

    Chrome and Edge

    Foxit PDF

    PDF

    -

    WORD

    -

    -

    -

    EXCEL

    -

    -

    -

    PPT

    -

    -

    -

    indicates that the function is supported, and - indicates that the function is not supported.

  • DSC APIs do not support inserting or extracting watermarks for OBS data. To perform watermark-related operations on OBS bucket data, store the data to the local PC and then call DSC APIs. The watermarked document will be returned in the response body.
  • For more details of API constraints, see the API Description section.

Basic Concepts

  • Account

    An account is created upon successful registration with the cloud platform. The account has full access permissions for all of its cloud services and resources. It can be used to reset user passwords and grant user permissions. The account is a payment entity and should not be directly used to perform routine management. For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management.

  • User

    An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).

    The account name, username, and password will be required for API authentication.

  • Region

    Regions are divided based on geographical location and network latency. Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region. Regions are classified as universal regions and dedicated regions. A universal region provides universal cloud services for common users. A dedicated region provides services of the same type only or for specific users.

  • Availability Zone (AZ)

    An AZ comprises one or multiple physical data centers equipped with independent ventilation, fire, water, and electricity facilities. Compute, network, storage, and other resources in an AZ are logically divided into multiple clusters. AZs within a region are interconnected using high-speed optical fibers to allow you to build highly available systems across AZs.

  • Project

    A project corresponds to a region. Projects group and isolate resources (including compute, storage, and network resources) across physical regions. Users can be granted permissions in a default project to access all resources in the region associated with the project. For more refined access control, create subprojects under a project and purchase resources in the subprojects. Users can then be assigned permissions to access only specific resources in the subprojects.

    Figure 1 Project isolating model