Vault Operations
Store, retrieve, verify, and delete PII in the encrypted vault. All data is encrypted with AES-256-CBC. Vault references follow the format vault:{pii_type}:{uuid}. Requires mTLS + API key authentication.
/api/v1/vaultEndpoints
POST
/api/v1/vault/storeStore encrypted PII and receive a vault reference
GET
/api/v1/vault/{vault_ref}Retrieve decrypted PII (fresh decryption, never cached)
POST
/api/v1/vault/{vault_ref}/verifyVerify a field value without returning plaintext
GET
/api/v1/vault/{vault_ref}/maskedGet masked display values for UI rendering
POST
/api/v1/vault/batch-retrieveBulk retrieve multiple vault references
DELETE
/api/v1/vault/{vault_ref}Permanently delete PII (GDPR erasure)
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| pii_type | string | Required | One of 12 PII types (user_email, employee_bank, etc.) |
| data | object | Required | PII data object — schema depends on pii_type |
| owner_id | string | Required | ID of the entity that owns this PII |
| metadata | object | Optional | Additional context (audit trail) |
| field | string | Required | Field name to verify (for verify endpoint) |
| value | string | Required | Value to compare (for verify endpoint) |
Example
Request
http
POST /api/v1/vault/store HTTP/1.1
Host: api.tpay365.com
X-Vault-API-Key: abc123def456abc123def456abc123de
Content-Type: application/json
{
"pii_type": "employee_bank",
"data": {
"sort_code": "123456",
"account_number": "87654321",
"account_holder_name": "Alice Smith"
},
"owner_id": "emp_8821-9920",
"metadata": { "context": "employee_profile_creation" }
}Response
json
{
"vault_ref": "vault:employee_bank:a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"created_at": "2026-02-10T14:30:00Z"
}