April 6, 2022
with the contribution of
You Might Also Be Interested In:
Related articles
with the contribution of

Why We’re Continuing to Invest in the Developer Experience

We love developers and want them to love using Skyflow. That’s why we’re continually looking for ways to incorporate your feedback and reduce friction across our products. In this post, we highlight a few recent improvements, including our new Skyflow Docs site and our intuitive policy expression language.

Developers are at the heart of what we do. From documentation, sample applications, and SDKs, to the Quickstart experience, we want to delight you and provide a platform that you love to build with. 

As part of our continual effort to improve the Skyflow developer experience, we are excited to announce that we’ve launched a new documentation site. We’ve also created a powerful policy expression language that gives you fine-grained control over who has access to sensitive data and what they can see when viewing that data. 

This is just the beginning — you can expect to see more improvements to docs and other aspects of the developer experience in the future. In this post, we’ll discuss some of the key features of the new doc site and Skyflow’s policy expression language, as well as highlighting other areas where we’ve worked to remove friction from the developer experience.

A New Docs Experience

The first experience most developers have with any product is using the documentation to get a sense of what that product does and how to start using it. Documentation needs to be both comprehensive and well organized. Like any product, it’s never finished — it requires continual tuning and improvement.

The Skyflow Docs Site

The new docs site uses an architecture that gives us the flexibility to make continuous improvements and incorporate new features, such as search. We decoupled our doc builds from other processes to enable faster writing iterations, taking our deployment schedule down from days to minutes. This lets us rapidly respond to your feedback, making the improvements you need within a much shorter time frame. 

We also added support for multiple developer workflows by embedding code snippets in multiple languages, so you can easily switch between examples that use Postman and cURL:

A Skyflow Docs Page with Instructions for both Postman and cURL

Additionally, the docs site is aligned with the rest of the Skyflow developer experience — it brings our quickstart guides and demos to the forefront so that you can get started building right away. 

Our quickstart guides walk you through using secure storage, client-side collection of sensitive data, configuring data governance, and sending sensitive data to third party APIs with Skyflow Connections. Additionally, the demos show how Skyflow’s tokenization and governance APIs work and how you can use them to enable your unique use cases.

Simplified Policy Expression Language

One of Skyflow’s key features is a powerful data governance engine that lets you finely control access to sensitive data. Data governance is managed using a Policy Based Access Control (PBAC) model consisting of policies and roles:

  • Policies are reusable sets of access rules, and are attached to roles 
  • Roles are assigned to users and service accounts, letting you control user or application access to data within your vault
A Simplified View of the Skyflow PBAC Model

Creating and configuring access control rules is extremely important for maintaining security in your vault and protecting your customers’ data privacy. To make this easy, we’ve designed an intuitive, English-like policy expression language that you can use to author complex conditional access control rules.

How Policy Creation Works

Let’s look at an example to show how the Skyflow policy expression language works. Consider the following Data Privacy Vault schema where we’ve defined a customers table. This table is storing a number of sensitive customer fields like name, email, and driver’s license number.

Example Customers Table

Let’s assume that in our application customers can contact a customer support agent (CSA) through a live chat portal, and that we have live CSAs available in multiple countries. We can create a policy that restricts a given CSA’s access to customer data based on a row-level restriction, like requiring that the customer and CSA are located in the same country. 

We may want to create a restriction like this to reduce the scale of a data breach if an agent’s credentials are leaked. Also, the restriction of data access by country is required by certain data residency laws, such as Brazil’s LGPD.

In the screenshot below, we’ve created a policy using the Skyflow policy expression language to give plaintext access to customers’ names and emails if the CSA is located in Brazil. Additionally, this policy gives access to view the masked values of customers’ driver's license numbers. 

Example Policy for  Country-specific Access Control

This policy is attached to a role that we’ve created for CSAs that reside in Brazil. The role is then attached to a service account. In a real-world application, the Brazil-specific service account key file would be used to authenticate against the Skyflow APIs whenever an agent in Brazil attempts to access a customer’s data. 

Along with a policy expression language that’s easy to work with, Skyflow Studio provides real-time compilation and term completion, so developers get real-time assistance as they create policies.

Example of the Skyflow Studio Policy Editor’s Term Completion

This is just one example of creating rich access control rules using simple expressions. You can learn more about Skyflow’s data governance features and policy expression language in our documentation.

What’s Next?

The improvements we’ve made to docs and policy control build off the launch of Skyflow’s Quickstart Environment. If you don’t yet have access to Skyflow, the quickstart environment gives you an easy way to try out Skyflow’s APIs with a built-in data privacy vault seeded with sample data to help you get started. 

Once you’re up and running with the quickstart environment, you can use our API Postman collection, and quickstart guides to make your first API call within minutes.

These are just a few initial areas that we’ve invested in so far, and you will continue to see developer experience improvements across our entire product suite, including docs, SDKs, and sample applications. We plan to continue expanding our available quickstart guides and sample applications so you can get started faster.

If you’re an existing Skyflow user and you have feedback for us, we’d love to hear from you — please contact your sales rep with any feedback. We want to know how we can make your experience better. And if you’re not an existing user, you can sign up for a Skyflow trial account.

We look forward to seeing what you build!