Skip to main content
Skip table of contents

DAR (Encrypted Data at Rest) profiles (API)

Encrypted Data at Rest profiles

When you apply the Encrypted Data at Rest policy to an app, you choose a profile that specifies a list of exceptions (perform or bypass encryption/decryption on a file). You can create as many Encrypted Data at Rest profiles as you want. 

Use these parameters in the JSON structure when you apply the Encrypted Data at Rest policy (POLICY_CODE_DAR) to the app with app-market/policy.


A list of JSON objects with location, pathMatch, platforms, and appId keys. The DAR policy does not encrypt any files identified by these rules:

  • location: 
    • sandbox: Common area on iOS and Android for files internal to the app.
    • sdcard: Area for Android apps to write files for external storage.
  • pathMatch: File or path pattern to match. The * wildcard matches any string, including paths and ".".
  • platforms: Android and/or iOS.
  • appId: Apply this rule only to the app that matches the appId. To apply the exclusion rule to all apps, use the wildcard "*".
intercept_foundationUsed for debugging per direction of Support; disables Objective C interception layer.
null_cipherUsed for debugging per direction of Support; disables confidentiality.

Encrypted Data at Rest API resources

To manage DAR profiles, use these resources:

  • profile : Use type="dar" to create a DAR profile. See example below.
  • profile/catalog/{policytype} : Use "dar" for "{policytype}". GET returns an array of details for all policy profiles of the specified type.
  • profile/{GUID} : Use the profile ID to specify a policy profile. GET returns details for the specified profile, PUT updates the details in the specified profile, and DELETE archives the profile.
  • settings/dar-default-profile (settings/{policytype}-default-profile):  POST sets one of the DAR profiles as the default. GET returns the GUID of the current default profile. DELETE archives the current default.

To retrieve details for the policy:

  • app-policy/{GUID} : Use the policy ID to specify a policy. GET returns details for the specified policy.
  • app-policy/code/{code} : Use POLICY_CODE_DAR to specify the policy. GET returns details for the specified policy.

To secure apps with DAR policy, use these resources:

Creating an Encrypted Data at Rest profile

This example creates a DAR profile with the profile API, specifying all options.


curl -k -v -L -b c.txt -c c.txt -X POST \
  -F name="TestProfile" \
  -F type="dar" \
  -F desc="Default Profile" \
  -F data="{\"null_cipher\":true,\"intercept_foundation\":true, \
    \"exceptions\":[{\"location\":\"sandbox\",\"pathMatch\":\"databases\", \
    \"platforms\":[\"android\",\"ios\"],\"appId\":\"*\"}, \


{"message": "",
 "profiles": {
   "data": {
     "profile_data": "{\"null_cipher\":true,\"intercept_foundation\":true,
     "profile_data_id": "d02c51ac-e15b-4e5d-9ea3-aaeba4848dcf",
     "profile_data_stamp": "2016-08-19 15:15:07.0"
   "profile_desc": "Default Profile",
   "profile_id": "fababbaf-a5f9-4431-8e0e-39a213fc140e",
   "profile_name": "TestProfile",
   "profile_type": "dar",
   "profile_url": ""
 "status": "OK"

On this page

Related topics

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.