Cloud Data Loss Prevention (DLP) API
Cloud Data Loss Prevention (DLP) API
Google Cloud DLP (Data Loss Prevention) API scans and de-identifies sensitive data — detects PII (national IDs, credit cards, emails) and performs masking, encryption, or format-preserving encryption.
Built-in 150+ infoTypes (credit cards, SSN, national IDs by country)
Charged by bytes processed — costly for large datasets
POST /v2/projects/{projectId}/content:inspect to scan for PII; POST /content:deidentify to de-identify.
Uptime · 30-day window
About this API
DLP is GCP's privacy-protection tool. The core problem it solves: "Where is sensitive data in my systems, and how do I handle it?" Built-in infoType detectors cover common PII by country: US SSN, credit cards (issuer-detected), email, phone, Chinese national ID, UK NHS number, etc. Can scan text, tables, images (with auto-OCR), or directly scan BigQuery tables / GCS buckets at scale, producing reports of "which columns have what PII". De-identification methods are flexible — simple mask (XXX-XX-1234), replace (with fake data), encryption (reversible with KMS key), format-preserving encryption (preserves length and format, ideal for database migration). Essential for compliance (GDPR, HIPAA, PCI) and data-governance scenarios.
What you can build
- 1Scan logs/databases to find PII
- 2De-identify production data for dev/test environments
- 3Auto-detect PII in BigQuery tables
- 4Chatbot input filtering
Strengths & limitations
Strengths
- Built-in 150+ infoTypes (credit cards, SSN, national IDs by country)
- Multiple de-identification methods (mask, replace, encrypt, tokenize)
- Direct scan of BigQuery / Cloud Storage / Datastore
Limitations
- Charged by bytes processed — costly for large datasets
- Custom infoTypes require regex or custom-trained models
Example request
curl https://google.com/<endpoint>Getting started
POST /v2/projects/{projectId}/content:inspect to scan for PII; POST /content:deidentify to de-identify.
FAQ
Can it detect Chinese national IDs?+
Yes. CHINA_RESIDENT_ID_NUMBER is a built-in infoType with high accuracy (checksum validation).
When to use format-preserving encryption?+
Database-migration scenarios — encrypted data preserves original length and format (e.g. credit card remains 16 digits), so downstream schemas don't change.
Technical details
- Auth type
- unknown
- Pricing
- unknown
- Protocols
- REST
- SDKs
- python, javascript, go, java
- Response time
- 44 ms
- Last health check
- 5/12/2026, 7:37:31 AM
More from Google
Google Workspace Admin SDK API programmatically manages Workspace organizations — users, groups, devices, domains, audit logs, organizational units.
Retrieve AdMob accounts, apps, ad units, ad sources, and generate mediation or network reports.
Work with AdSense Host accounts, ad clients, ad units, reports, and ad code generation from one API surface.
Programmatically manage Apigee organizations, API proxy deployments, attributes, certificates, and hybrid operations.
Google BigQuery API is the REST interface to GCP's flagship data warehouse — execute SQL queries, manage datasets/tables, stream inserts, and use built-in ML.
Control Binary Authorization attestors and policy checks for container images deployed to GKE and Anthos.
Fetch Business Profile location metrics, daily time series, and monthly search keyword impressions.
Google Calendar API lets apps create, read, and update calendar events programmatically — the go-to integration for scheduling apps.