How can I connect Postman to GCP Cloud Data Loss Prevention API for content:deidentify and content:reidentify endpoints using an API Key?

Question

I am trying to connect with postman to the GCP Cloud Data Loss Prevention API.

I have created an API Key that works perfectly for the endpoints content:inspect and infoTypes.

However even though the documentation says otherwise it does not let me connect to content:deidentify and content:reidentify.

I have not seen anything strange when configuring the API Key in GCP.

This is the authentication method I am using (where it says I can use deidentify and reidentify):

https://cloud.google.com/dlp/docs/auth

Of these methods as I explain it only lets me use inspect:

https://cloud.google.com/dlp/docs/reference/rest/v2/projects.content

For the creation of the API Key I have followed this documentation:

https://cloud.google.com/docs/authentication/api-keys?visit_id=638168976254849255-801375482&rd=1

And I am trying to encrypt and decrypt:

https://cloud.google.com/dlp/docs/inspect-sensitive-text-de-identify

The error is this

{
    "error": {
        "code": 403,
        "message": "Unauthenticated call not allowed when using a resource requiring permission: KMS_ENCRYPT.",
        "status": "PERMISSION_DENIED"
    }
}

I have followed the steps of creating the KMS for the cryptoKeyName and wrappedKey fields.

But I can't figure out what I might be doing wrong.

Answer 1

It seems that the documentation is lying, if you check the DLP API authentication methods, it does not give the option to use an API Key.

I hope this will be useful to someone someday or that they will improve the documentation.