Strac
API integration

create_a_strac_document

Upload a document to the strac vault and receive a reference ID for later retrieval. Returns: documentId. Required: document (binary, max 10 MB). Each upload is immutable — repeating the call creates a new stored document and a new reference ID.

get_single_strac_document_by_id

Download the original document from strac by its document ID. Returns the raw binary file content of the document (an opaque binary stream, not a structured JSON response). Required: id.

delete_a_strac_document_by_id

Delete a document from strac by its document ID. Returns an empty 204 response on success. Required: id.

create_a_strac_detect

Detect sensitive data from a document or text using strac. Submits a detection payload to the strac engine and returns the resulting sensitive-data findings. The exact request and response fields are defined by the strac DetectDocumentInput and DetectDocumentOutput schemas respectively — consult the strac API docs for the full field-level breakdown.

create_a_strac_redact

Redact a document in the strac vault by submitting a redaction request. On success, returns a RedactDocumentOutput object that can subsequently be used to retrieve the fully redacted document via the strac Get redacted document API. The specific request body fields and response fields are defined by the RedactDocumentInput and RedactDocumentOutput schemas; consult the upstream strac API documentation for the field-level breakdown.

create_a_strac_redact

Redact sensitive data from inline text content in Strac, replacing detected PII and other sensitive fields according to the configured redact mode (e.g., substituting tokenized Strac vault links for sensitive values). Returns: redacted_text. Required: text.

get_single_strac_redacted_document_by_id

Download a redacted document from strac by document ID. Returns the redacted document as a binary file stream (not a JSON object — the response body is raw binary content). Required: id.

list_all_strac_tokens

List token identifiers within a strac redacted document. Returns: id. Required: document_id.

create_a_strac_token

Create a token in the strac vault by sending sensitive data and receiving back a reference identifier. By default a new token is generated per request; set idempotent to true to reuse an existing token for duplicate data. Returns: id.

update_a_strac_tokens_modify_by_id

Update an existing Strac token's value and type by id. Returns: tokenId, value, type. Required: id. Updates to tokens created with idempotency and updates to tags are not supported.

delete_a_strac_tokens_modify_by_id

Delete an existing Strac token by id. Returns an empty 204 response on success. Required: id.

create_a_strac_tokens_batch

Create a batch of up to 200 strac tokens by sending sensitive data elements to the vault. Returns reference token identifiers for each submitted data element. The entire batch is atomic — if any single element fails to tokenize, the whole request fails. Each call always produces a new set of tokens regardless of duplicate input.

create_a_strac_tokens_search_datum

Search for tokens by data in Strac. Submits a sensitive data value to find its matching token. Returns: token. Required: data.

create_a_strac_tokens_search_tag

Search for tokens in Strac by tag. Returns: tokens. Required: tag. Access is restricted to server-to-server connections; contact Strac to allowlist your IP addresses for live environments.

create_a_strac_tokens_info

Extract information about a strac token without revealing the original sensitive data in full (e.g., last four digits of a social security number). Returns: token_type, attributes. Required: token.

create_a_strac_tokens_detokenize_batch

Batch detokenize up to 10 Strac tokens to retrieve their original sensitive data. Returns: tokens (array of detokenized results mapping each input token to its original value). Required: tokens. Restricted to server-to-server connections only; IP allowlisting required for live environments.

create_a_strac_anonymize_gsheet

Anonymize a Google Sheet document in strac by replacing sensitive fields — phone numbers, names, emails, and ZIP codes — with pseudonyms or tokens via Google Workspace domain-wide delegation. Can be configured to run on a recurring basis. Returns the anonymization output object; specific response fields are defined in the upstream AnonymizeGoogleSheetsOutput schema and are not enumerable from the available source documentation.

create_a_strac_anonymize_gsheets_reverse

De-anonymize a Google Sheet in Strac, restoring an anonymized Google Sheets document to its original content within a specified Google Drive folder. This reverses the effects of a prior anonymize-gsheets operation. Returns: message, file_id. Required: file_id, folder_id.

list_all_strac_anonymize_gsheets_jobs

List recurring Google Sheets anonymization jobs in Strac. Returns job objects including id and attributes containing job-specific configuration details. No required parameters.

create_a_strac_proxy

Send any HTTP request (POST, PUT, PATCH, GET, DELETE, or OPTIONS) to a third-party endpoint via the Strac outbound proxy, substituting tokens for sensitive values such as API keys or SSNs. Strac forwards the call to the specified target URL and relays the third-party's response verbatim; the response shape is entirely endpoint-specific. Returns the proxied third-party response; shape is endpoint-specific. Required: Target-Url.

create_a_strac_proxy_redact

Send any HTTP request through Strac's outbound proxy to a third-party URL, replacing sensitive data (such as SSNs and passport numbers) with redacted, non-sensitive equivalents before forwarding. Returns the forwarded response from the third-party service; the response shape is entirely determined by the target endpoint and cannot be enumerated statically. Required: Target-Url.

create_a_strac_proxy_detokenize

Invoke the strac inbound detokenize proxy to retrieve original sensitive data for up to 10 tokens. The request body and headers are forwarded to your configured authorization server for end-user authorization; on success, the authorization server's response is returned with the detokenized values decorated in. The response shape is dynamic and depends entirely on the authorization server's configuration.

create_a_strac_proxy_webhook

Forward HTTP webhook requests through Strac's webhook proxy to your server, replacing sensitive data such as SSNs and bank account numbers with tokens. Returns the forwarded response from your connected server; the response shape is determined by your server's implementation. Required: id (contact Strac to generate a webhookId and configure your endpoint).

create_a_strac_proxy_function

Send a request to a third-party API through a Strac-hosted proxy function, forwarding tokens in place of sensitive data. Returns a dynamic JSON response whose shape is determined entirely by the hosted function. Required: Function-Id.

create_a_strac_proxy_sftp

Detokenize and upload a CSV file to an SFTP server via Strac's proxy. SFTP server credentials must be pre-registered with Strac before use. Returns a 200 OK response with no body on success.

list_all_strac_data_security_risks

List data security risks discovered in strac across integrated applications, filterable by app type, date ranges, sensitive data types, and other criteria. Returns records containing event (with eventId, detectedElementTypes, filePath, eventTime, documentId), endpointResourceType, and endpointRemediationType. Required: appType, startDate, endDate.

list_all_strac_data_security_audit_events

List strac data security audit events tracking user actions and system activities. Returns an events array where each record includes eventId, actionName, actorEmailAddress, dateTime, actorIpAddress, actorUserGroups, actionRequestPath, and a target object with action-specific context. Optionally filter by startDate or endDate.