Email (PII) Protection Endpoint
METHOD: POST
ENDPOINT: https://dev.qupass.in/api/email
Description
The Email endpoint enables the protection and unprotection of email identifiers across supported formats.
The returned token preserves the original character set constraints, ensuring compatibility with email standards and downstream systems.
Maintaining the same encoding space or range of symbols from which the original data was derived — specifically restricting the protected output to the Latin-1 or Basic Latin Unicode blocks (U+0000–U+007F) — ensures that tokenized email values remain syntactically valid and operable within standard email processing and validation workflows.
Examples
- Input:
arjun_mehta92@gmail.com(Latin)- QuFold_Token:
YgY54vztRn3aQJ3DJu81OO@9j2XGo5Ghx.com- ✅ Character set preserved (Latin block)
- ✅ Encoding compatibility is maintained
- FPE_Token:
Baz6M_CYza5A3@EvuJD.com- ✅ Length and Character set preserved (Numeric block)
- ✅ Encoding compatibility is maintained
- QuFold_Token:
QuantumFold tokens are not length-preserving — token length may vary intentionally to introduce structural entropy and strengthen protection against pattern correlation and reverse inference.
Request Payload
HEADER PARAMETERS
- x-api-key
(required)Provides access to one or more functions in the API Playground. - Authorization
(required)The JWT token issued upon successful authentication. - qu-token
(required)QU token that you revceive at the time of login.
- x-api-key
PAYLOAD DETAILS
- id
(required)Integer identifier for the request. - operation
(required)Specifies the protection operation. Available:[protect | unprotect]. - data
(required)Array of values to be transformed. - options:
- method - Transformation method; Available:
[tokenise | fpe | mask | redact | passthrough].- Defaults to
tokenise
- Defaults to
- scope - User-defined context string; differentiates tokens across applications or datasets. (e.g.,
app1,azure+app1).- Defaults to
no-scope
- Defaults to
- noise - Adds controlled randomness.
- Defaults to
0, ensures deterministic tokenization within scope Non-zerovalues produce possibledistinct tokensfor the repeated inputs
- Defaults to
- method - Transformation method; Available:
- id
Sample Request
curl --location 'https://dev.qupass.in/api/email' \
--header 'x-api-key: <API_Key>' \
--header 'Authorization: <JWT_TOKEN>' \
--header 'qu-token: <QU_TOKEN>' \
--header 'Content-Type: application/json' \
--data '{
"id": 1,
"operation": "protect",
"data": [
"arjun_mehta92@gmail.com",
"priya.sharma_87@outlook.com",
"rahul_verma23@yahoo.com"
],
"options": {
"method": "tokenise",
"scope": "App1"
}
}'
package main
import (
"io"
"fmt"
"strings"
"net/http"
)
func main() {
API_Key := "<API_Key>"
JWT_Token := "<JWT_TOKEN>"
QU_Token := "<QU_TOKEN>"
url := "https://dev.qupass.in/api/email"
data := strings.NewReader(`{
"id":1,
"operation": "protect",
"data": [
"arjun_mehta92@gmail.com",
"priya.sharma_87@outlook.com",
"rahul_verma23@yahoo.com"
],
"options": {
"method": "tokenise",
"scope": "App1"
}
}`)
req, err := http.NewRequest("POST", url, data)
if err != nil {
fmt.Println(err)
return
}
req.Header.Set("x-api-key", API_Key)
req.Header.Set("Authorization", JWT_Token)
req.Header.Set("qu-token", QU_Token)
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.io.OutputStream;
import java.io.InputStreamReader;
import java.io.BufferedReader;
import java.nio.charset.StandardCharsets;
public class APIRequest {
public static void main(String[] args) {
try {
String API_Key = "<API_Key>";
String JWT_Token = "<JWT_TOKEN>";
String QU_Token = "<QU_TOKEN>";
URI uri = new URI("https://dev.qupass.in/api/email");
String data = "{"
+ "\"id\": 1,"
+ "\"operation\": \"protect\","
+ "\"data\": ["
+ "\"arjun_mehta92@gmail.com\","
+ "\"priya.sharma_87@outlook.com\","
+ "\"rahul_verma23@yahoo.com\""
+ "],"
+ "\"options\": {"
+ "\"method\": \"tokenise\","
+ "\"scope\": \"App1\""
+ "}"
+ "}";
URL url = uri.toURL();
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setRequestProperty("x-api-key", API_Key);
conn.setRequestProperty("Authorization", JWT_Token);
conn.setRequestProperty("qu-token", QU_Token);
conn.setRequestProperty("Content-Type", "application/json");
conn.setDoOutput(true);
// Send request body
try (OutputStream os = conn.getOutputStream()) {
byte[] input = data.getBytes(StandardCharsets.UTF_8);
os.write(input, 0, input.length);
}
int statusCode = conn.getResponseCode();
BufferedReader br;
if (statusCode >= 200 && statusCode < 300) {
br = new BufferedReader(new InputStreamReader(conn.getInputStream(), StandardCharsets.UTF_8));
} else {
br = new BufferedReader(new InputStreamReader(conn.getErrorStream(), StandardCharsets.UTF_8));
}
StringBuilder response = new StringBuilder();
String line;
while ((line = br.readLine()) != null) {
response.append(line.trim());
}
System.out.println(response.toString());
} catch (Exception e) {
e.printStackTrace();
}
}
}
const API_Key = "<API_Key>";
const JWT_Token = "<JWT_TOKEN>";
const QU_Token = "<QU_TOKEN>";
const url = "https://dev.qupass.in/api/email";
const data = {
id: 1,
operation: "protect",
data: [
"arjun_mehta92@gmail.com",
"priya.sharma_87@outlook.com",
"rahul_verma23@yahoo.com"
],
options: {
method: "tokenise",
scope: "App1"
}
};
fetch(url, {
method: "POST",
headers: {
"x-api-key": API_Key,
"Authorization": JWT_Token,
"qu-token": QU_Token,
"Content-Type": "application/json"
},
body: JSON.stringify(data)
})
.then(async (response) => {
const text = await response.text(); // raw response like Python's response.text
if (!response.ok) {
throw new Error(`HTTP ${response.status}: ${text}`);
}
console.log(text);
})
.catch((error) => {
console.error("Error:", error.message);
});
<?php
$API_Key = "<API_Key>";
$JWT_Token = "<JWT_TOKEN>";
$QU_Token = "<QU_TOKEN>";
$url = "https://dev.qupass.in/api/email";
$headers = [
"x-api-key: $API_Key",
"Authorization: $JWT_Token",
"qu-token: $QU_Token",
"Content-Type: application/json"
];
$data = [
"id" => 1,
"operation" => "protect",
"data" => [
"arjun_mehta92@gmail.com",
"priya.sharma_87@outlook.com",
"rahul_verma23@yahoo.com"
],
"options" => [
"method" => "tokenise",
"scope" => "App1"
]
];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
$response = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
} else {
echo $response;
}
curl_close($ch);
?>
import requests
import json
API_Key = "<API_Key>"
JWT_Token = "<JWT_TOKEN>"
QU_Token = "<QU_TOKEN>"
url = 'https://dev.qupass.in/api/email'
headers = {
'x-api-key': API_Key,
'Authorization': JWT_Token,
'qu-token': QU_Token,
'Content-Type': 'application/json'
}
data = {
"id": 1,
"operation": "protect",
"data": [
"arjun_mehta92@gmail.com",
"priya.sharma_87@outlook.com",
"rahul_verma23@yahoo.com"
],
"options": {
"method": "tokenise",
"scope": "App1"
}
}
response = requests.post(url, headers=headers, data=json.dumps(data))
print(response.text)
Sample Data Payload and Output
PROTECTION SCENARIOS:
| Input | Output |
|---|---|
| |
UNPROTECTION SCENARIOS:
| Input | Output |
|---|---|
| |
| |
| |
| |