Aadhaar (PII) Protection Endpoint
METHOD: POST
ENDPOINT: https://dev.qupass.in/api/adhaar
Description
The Aadhaar Number endpoint enables the protection and unprotection of Indian national identity numbers while preserving their numeric data type and structural semantics.
The returned token consists exclusively of decimal digits (0–9), ensuring compatibility with systems that expect numeric-only identifiers, while allowing for an expanded length to accommodate secure, high-entropy token generation.
By maintaining the same encoding space — specifically the decimal digit domain — the endpoint ensures that protected values remain syntactically valid within numeric processing pipelines, even though the original fixed-length constraint (e.g., 12 digits) is not retained.
This approach enables strong protection guarantees without disrupting storage compatibility, input validation logic that relies on numeric character sets, or downstream data handling workflows.
Examples
- Input:
4234 5678 9123(Numeric)- QuFold_Token:
3523239483 7947594550 8907477247- ✅ Character set preserved (Numeric block)
- ✅ Encoding compatibility is maintained
- FPE_Token:
4411 0589 5237- ✅ Length and Character set preserved (Numeric block)
- ✅ Encoding compatibility is maintained
- QuFold_Token:
Request Payload
HEADER PARAMETERS
- x-api-key
(required)Provides access to one or more functions in the API Playground. - Authorization
(required)The JWT token issued upon successful authentication. - qu-token
(required)QU token that you revceive at the time of login.
- x-api-key
PAYLOAD DETAILS
- id
(required)Integer identifier for the request. - operation
(required)Specifies the protection operation. Available:[protect | unprotect]. - data
(required)Array of values to be transformed. - options:
- method - Transformation method; Available:
[tokenise | fpe | mask | redact | passthrough].- Defaults to
tokenise
- Defaults to
- scope - User-defined context string; differentiates tokens across applications or datasets. (e.g.,
app1,azure+app1).- Defaults to
no-scope
- Defaults to
- noise - Adds controlled randomness.
- Defaults to
0, ensures deterministic tokenization within scope Non-zerovalues produce possibledistinct tokensfor the repeated inputs
- Defaults to
- method - Transformation method; Available:
- id
Sample Request
curl --location 'https://dev.qupass.in/api/adhaar' \
--header 'x-api-key: <API_Key>' \
--header 'Authorization: <JWT_TOKEN>' \
--header 'qu-token: <QU_TOKEN>' \
--header 'Content-Type: application/json' \
--data '{
"id": 1,
"operation": "protect",
"data": [
"4234 5678 9123",
"4234 5678 9124",
"5234 5678 9123"
],
"options": {
"method": "tokenise",
"scope": "App1"
}
}'
package main
import (
"io"
"fmt"
"strings"
"net/http"
)
func main() {
API_Key := "<API_Key>"
JWT_Token := "<JWT_TOKEN>"
QU_Token := "<QU_TOKEN>"
url := "https://dev.qupass.in/api/adhaar"
data := strings.NewReader(`{
"id":1,
"operation": "protect",
"data": [
"4234 5678 9123",
"4234 5678 9124",
"5234 5678 9123"
],
"options": {
"method": "tokenise",
"scope": "App1"
}
}`)
req, err := http.NewRequest("POST", url, data)
if err != nil {
fmt.Println(err)
return
}
req.Header.Set("x-api-key", API_Key)
req.Header.Set("Authorization", JWT_Token)
req.Header.Set("qu-token", QU_Token)
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.io.OutputStream;
import java.io.InputStreamReader;
import java.io.BufferedReader;
import java.nio.charset.StandardCharsets;
public class APIRequest {
public static void main(String[] args) {
try {
String API_Key = "<API_Key>";
String JWT_Token = "<JWT_TOKEN>";
String QU_Token = "<QU_TOKEN>";
URI uri = new URI("https://dev.qupass.in/api/adhaar");
String data = "{"
+ "\"id\": 1,"
+ "\"operation\": \"protect\","
+ "\"data\": ["
+ "\"4234 5678 9123\","
+ "\"4234 5678 9124\","
+ "\"5234 5678 9123\""
+ "],"
+ "\"options\": {"
+ "\"method\": \"tokenise\","
+ "\"scope\": \"App1\""
+ "}"
+ "}";
URL url = uri.toURL();
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setRequestProperty("x-api-key", API_Key);
conn.setRequestProperty("Authorization", JWT_Token);
conn.setRequestProperty("qu-token", QU_Token);
conn.setRequestProperty("Content-Type", "application/json");
conn.setDoOutput(true);
// Send request body
try (OutputStream os = conn.getOutputStream()) {
byte[] input = data.getBytes(StandardCharsets.UTF_8);
os.write(input, 0, input.length);
}
int statusCode = conn.getResponseCode();
BufferedReader br;
if (statusCode >= 200 && statusCode < 300) {
br = new BufferedReader(new InputStreamReader(conn.getInputStream(), StandardCharsets.UTF_8));
} else {
br = new BufferedReader(new InputStreamReader(conn.getErrorStream(), StandardCharsets.UTF_8));
}
StringBuilder response = new StringBuilder();
String line;
while ((line = br.readLine()) != null) {
response.append(line.trim());
}
System.out.println(response.toString());
} catch (Exception e) {
e.printStackTrace();
}
}
}
const API_Key = "<API_Key>";
const JWT_Token = "<JWT_TOKEN>";
const QU_Token = "<QU_TOKEN>";
const url = "https://dev.qupass.in/api/adhaar";
const data = {
id: 1,
operation: "protect",
data: [
"4234 5678 9123",
"4234 5678 9124",
"5234 5678 9123"
],
options: {
method: "tokenise",
scope: "App1"
}
};
fetch(url, {
method: "POST",
headers: {
"x-api-key": API_Key,
"Authorization": JWT_Token,
"qu-token": QU_Token,
"Content-Type": "application/json"
},
body: JSON.stringify(data)
})
.then(async (response) => {
const text = await response.text(); // raw response like Python's response.text
if (!response.ok) {
throw new Error(`HTTP ${response.status}: ${text}`);
}
console.log(text);
})
.catch((error) => {
console.error("Error:", error.message);
});
<?php
$API_Key = "<API_Key>";
$JWT_Token = "<JWT_TOKEN>";
$QU_Token = "<QU_TOKEN>";
$url = "https://dev.qupass.in/api/adhaar";
$headers = [
"x-api-key: $API_Key",
"Authorization: $JWT_Token",
"qu-token: $QU_Token",
"Content-Type: application/json"
];
$data = [
"id" => 1,
"operation" => "protect",
"data" => [
"4234 5678 9123",
"4234 5678 9124",
"5234 5678 9123"
],
"options" => [
"method" => "tokenise",
"scope" => "App1"
]
];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
$response = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
} else {
echo $response;
}
curl_close($ch);
?>
import requests
import json
API_Key = "<API_Key>"
JWT_Token = "<JWT_TOKEN>"
QU_Token = "<QU_TOKEN>"
url = 'https://dev.qupass.in/api/adhaar'
headers = {
'x-api-key': API_Key,
'Authorization': JWT_Token,
'qu-token': QU_Token,
'Content-Type': 'application/json'
}
data = {
"id": 1,
"operation": "protect",
"data": [
"4234 5678 9123",
"4234 5678 9124",
"5234 5678 9123"
],
"options": {
"method": "tokenise",
"scope": "App1"
}
}
response = requests.post(url, headers=headers, data=json.dumps(data))
print(response.text)
Sample Data Payload and Output
PROTECTION SCENARIOS:
| Input | Output |
|---|---|
| |
UNPROTECTION SCENARIOS:
| Input | Output |
|---|---|
| |
| |
| |
| |