Skip to main content

Use the tokens

Once you've generated a token in the Portal, you're ready to pseudonymise your data. This page covers how to call the INCERT API using your token.

Key concept

Tokens are not used within the IPMS Portal. The Portal generates tokens for you to use with INCERT, the separate backend pseudonymisation service. Think of the Portal as your control centre where you configure projects and generate credentials, while INCERT is the processing engine where your data is transformed.

Calling the INCERT API

Tokens are JWT (JSON Web Token) credentials that authorise your requests to INCERT. Each token:

  • Contains your project configuration embedded within it.
  • Expires based on your project's retention period.
  • Authorises specific operations (pseudonymise, reverse, or secondary).

When you send data to INCERT with your token, the service:

  1. Validates the token's authenticity and expiry
  2. Reads your project configuration from the token
  3. Applies the pseudonymisation according to your settings
  4. Returns transformed data

Request structure

You can send data in JSON or CSV format. The endpoint depends on your token type.

Pseudonymisation and secondary tokensPOST https://incert.lu/api/request-psn

JSON:

POST https://incert.lu/api/request-psn
Authorization: Bearer $TOKEN
Content-Type: application/json

{
  "data": ["Example PID 1", "Example PID 2"]
}
export TOKEN=YOUR_TOKEN

curl -X POST https://incert.lu/api/request-psn \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  --data '{ "data": ["Example PID 1", "Example PID 2"] }'

CSV:

export TOKEN=YOUR_TOKEN

curl -X POST https://incert.lu/api/request-psn \
  -H "Content-Type: text/csv" \
  -H "Authorization: Bearer $TOKEN" \
  --data "Example PID 1,Example PID 2"

Reverse tokensPOST https://incert.lu/api/request-psn-rev

JSON:

POST https://incert.lu/api/request-psn-rev
Authorization: Bearer $TOKEN
Content-Type: application/json

{
  "data": ["bocNaAbxcgchapbwd6bgaOceaHdCdhbJ", "dVdmcrdYb0bgb6bFcMc4ardadjdWduah"]
}
export TOKEN=YOUR_TOKEN

curl -X POST https://incert.lu/api/request-psn-rev \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  --data '{ "data": ["bocNaAbxcgchapbwd6bgaOceaHdCdhbJ", "dVdmcrdYb0bgb6bFcMc4ardadjdWduah"] }'

CSV:

export TOKEN=YOUR_TOKEN

curl -X POST https://incert.lu/api/request-psn-rev \
  -H "Content-Type: text/csv" \
  -H "Authorization: Bearer $TOKEN" \
  --data "bocNaAbxcgchapbwd6bgaOceaHdCdhbJ,dVdmcrdYb0bgb6bFcMc4ardadjdWduah"

Response structure

INCERT returns a JSON object with a data array in the same order as your input.

Pseudonymisation and secondary response:

{
  "data": [
    "bocNaAbxcgchapbwd6bgaOceaHdCdhbJ",
    "dVdmcrdYb0bgb6bFcMc4ardadjdWduah"
  ]
}

Reverse response (original identifiers restored):

{
  "data": ["Example PID 1", "Example PID 2"]
}