Documentation Index
Fetch the complete documentation index at: https://docs.dataharbor.co/llms.txt
Use this file to discover all available pages before exploring further.
Control Block Reference
Detailed reference for all Control Block types and their options.
In the current runtime, controls live inside a v0.3 Virtual API Configuration under objects.<objectName>.controls. This page documents the control entries themselves.
Common Execution Rules
| Rule | Behavior |
|---|
| Ordering | Controls execute top-to-bottom |
| Path syntax | Use dot notation, with array segments like "[contacts].email". Slash notation is not supported. |
| Filter targets | redact, tokenize, anonymize, mask, hash, and allow require scalar targets (string, number, or bool) |
| Root arrays | If the matched payload is an array, controls apply to each object element automatically. Non-object elements are skipped. |
| Array failure behavior | Array execution is not transactional across elements. If an earlier element succeeds and a later element fails a required check, the request fails and earlier element changes are not rolled back. |
| Required semantics | required: true is full-path strict. Missing any intermediate parent or final target fails the request. |
Common Options
| Option | Applies to | Required | Description |
|---|
fields | All controls | Yes | Field paths to operate on |
required | All controls | No | When true, missing referenced fields fail instead of being skipped. That includes missing intermediate parent paths, not just the final field. For coalesce, all fields missing or empty also fails. |
into | combine, coalesce | Yes | Target field for the transformed value |
separator | combine | No | Separator inserted between combined string values. Default: "" |
remove_source | combine, coalesce | No | Remove the source fields after the transform completes. Default: false |
Data Control
redact
Remove sensitive data entirely.
| Option | Type | Required | Description |
|---|
type | string | Yes | Must be redact |
fields | array | Yes | Field paths to redact |
- Strings →
""
- Numbers →
0
- Booleans →
false
- Objects and arrays are invalid targets
- The key remains in the output. If you want to remove the field entirely, use
delete instead.
- type: redact
fields:
- ssn
- credit_card
- user.password
tokenize
Replace with deterministic tokens.
| Option | Type | Required | Description |
|---|
type | string | Yes | Must be tokenize |
fields | array | Yes | Field paths to tokenize |
- Same input → same token within the same Virtual API and matched object definition
- Different object definitions or different Virtual APIs → different tokens
- Token format:
tok_[hash]
- Booleans are not supported
- type: tokenize
fields:
- email
- phone
- customer_id
anonymize
Replace with random values preserving structure.
| Option | Type | Required | Description |
|---|
type | string | Yes | Must be anonymize |
fields | array | Yes | Field paths to anonymize |
- Each request produces different values
- Format is preserved (email looks like email)
- Not reversible, not correlatable
- type: anonymize
fields:
- email
- name
- street_address
mask
Partially redact values while preserving structure.
| Option | Type | Required | Description |
|---|
type | string | Yes | Must be mask |
fields | array | Yes | Field paths to mask |
- Strings → first and last characters visible, middle masked (e.g.,
"John Smith" → "Jo** ***th")
- Numbers → leading digits zeroed, last 2 visible (e.g.,
5551234567 → 0000000067)
- Booleans →
false
- type: mask
fields:
- ssn
- phone
- name
hash
Replace with one-way SHA-256 digest. Deterministic within the same Virtual API and matched object definition — same input always produces the same hash in the same scope.
| Option | Type | Required | Description |
|---|
type | string | Yes | Must be hash |
fields | array | Yes | Field paths to hash |
- Strings → 64-character hex digest
- Numbers → deterministic number derived from hash bytes
- Booleans → deterministic boolean
- type: hash
fields:
- email
- customer_id
allow
Pass values through unchanged. Fields not referenced by any control are allowed by default — allow is provided for users who prefer to be explicit about which fields are permitted.
| Option | Type | Required | Description |
|---|
type | string | Yes | Must be allow |
fields | array | Yes | Field paths to allow |
- type: allow
fields:
- public_id
- display_name
combine
Merge fields into a new field.
| Option | Type | Required | Description |
|---|
type | string | Yes | Must be combine |
fields | array | Yes | Fields to combine (order matters; at least 2) |
into | string | Yes | Name of new field |
separator | string | No | Separator between values. Default: "" |
fields plus into must share the same parent path. If into already exists, the transform fails instead of overwriting it.
- type: combine
fields:
- first_name
- last_name
into: full_name
separator: " "
remove_source: true
coalesce
Select first non-empty value.
| Option | Type | Required | Description |
|---|
type | string | Yes | Must be coalesce |
fields | array | Yes | Fields to check (order = priority; at least 2) |
into | string | Yes | Name of new field |
coalesce treats missing values, null, and empty strings as empty. Whitespace-only strings, numeric 0, boolean false, objects, and arrays are all treated as present values. When you use nested paths, every entry in fields plus into must share the same parent path. If into already exists, the transform fails instead of overwriting it.
- type: coalesce
fields:
- mobile_phone
- work_phone
- home_phone
into: primary_phone
delete
Remove fields entirely from the outbound payload.
| Option | Type | Required | Description |
|---|
type | string | Yes | Must be delete |
fields | array | Yes | Fields to remove |
delete does not support into. When you use nested paths, all entries in fields must share the same parent path. This keeps cleanup operations predictable for nested objects and arrays.
- type: delete
fields:
- first_name
- last_name
- internal_note
Access Control
Access controls are defined in the access block, not as Control Blocks.
expires
| Option | Type | Description |
|---|
expires | string | ISO 8601 date (2025-12-31) or relative (90d) |
access:
expires: 2025-12-31
geo_allow / geo_deny
| Option | Type | Description |
|---|
geo_allow | array | ISO 3166-1 alpha-2 country codes to allow |
geo_deny | array | ISO 3166-1 alpha-2 country codes to deny |
access:
geo_allow:
- US
- CA
- EU # Special value: all EU countries
ip_allow
| Option | Type | Description |
|---|
ip_allow | array | CIDR ranges to allow |
access:
ip_allow:
- 10.0.0.0/8
- 192.168.1.0/24
rate_limit
| Option | Type | Description |
|---|
rate_limit.requests | number | Max requests per period |
rate_limit.period | string | Time period (1m, 1h, 1d) |
access:
rate_limit:
requests: 10000
period: 1d
Field path syntax
Simple fields
Nested fields
fields:
- user.email
- billing.address.street
Array items
fields:
- "[contacts].email" # All items in array
- "[orders].[items].sku" # Nested arrays
