Skip to content

    Data tokenization and encryption using Go

    data tokenization and encryption using Go
    Picture of Nathan Loding ·
    Product

    There are an estimated 1.1 million Go developers today, making Go one of the top 10 languages in the world. The 2021 StackOverflow Developer Survey shows it’s one of the most wanted and least dreaded languages for developers. So it seems only natural to support a full Go SDK, yet surprisingly many products and services lack a Go SDK. So why did Basis Theory decide to build one?

    Last month, we built a Terraform provider to help developers manage their Tenants and Applications with code, rather than manually managing their tokenization infrastructure from our web portal. Terraform modules are written in Go, and thus our initial Go SDK was born.

    Installing the Go SDK

    If you haven’t already, take the next 30 seconds to sign up for a free account (no credit card required). Once registered, we’ll automatically provision your first PCI-compliant Tenant in our Web Portal. Create an Application to get started!

    Install a Go module by calling the go get command or importing the module directly from GitHub. To install the Basis Theory Go SDK and its dependencies, run the following commands:

    
go get github.com/Basis-Theory/basistheory-go/v3

    Alternatively, you can import the package directly in your own modules:

    
import basistheory "github.com/Basis-Theory/basistheory-go/v3"

    Then run:

    
go mod tidy


    Note: at the time of writing, the latest version was v3. You can find the latest version in our documentation.

    Using the Go SDK

    The SDK supports all of Basis Theory’s public API endpoints and is thoroughly documented in our API Reference guide. Let’s look at some of the most common operations and how you would perform them using Go!

    Creating a new Application

    Applications provide a set of permissions used to access your data using an API key. Applications represent a system or component that needs to access your data in a secure and compliant manner. Any type of system can be an application. For instance, front-end clients that can only write data, or server-to-server systems that need to read or share the data.

    
package main

import (
  "context"
  "github.com/Basis-Theory/basistheory-go/v3"
)

func main() {
  configuration := basistheory.NewConfiguration()
  apiClient := basistheory.NewAPIClient(configuration)
  contextWithAPIKey := context.WithValue(context.Background(), basistheory.ContextAPIKeys, map[string]basistheory.APIKey{
    "ApiKey": {Key: "YOUR_BT_API_KEY"},
  })

  createApplicationRequest := *basistheory.NewCreateApplicationRequest(applicationName, applicationType)
  createApplicationRequest.SetPermissions([]string{
    "token:general:create",
    "token:general:read:low",
    "token:pci:create",
    "token:pci:read:low",
  })

  application, httpResponse, err := apiClient.ApplicationsApi.Create(contextWithAPIKey).CreateApplicationRequest(createApplicationRequest).Execute()
}

    Regenerating an Application Key

    Basis Theory manages the rotation of Encryption Keys on your behalf, helping you minimize the risk of your data being compromised. For those looking to automate their API key management process, Basis Theory provides a way to automatically regenerate API keys.

    
package main

import (
  "context"
  "github.com/Basis-Theory/basistheory-go/v3"
)

func main() {
  configuration := basistheory.NewConfiguration()
  apiClient := basistheory.NewAPIClient(configuration)
  contextWithAPIKey := context.WithValue(context.Background(), basistheory.ContextAPIKeys, map[string]basistheory.APIKey{
    "ApiKey": {Key: "YOUR_BT_API_KEY"},
  })

  application, httpResponse, err := apiClient.ApplicationsApi.RegenerateKey(contextWithAPIKey, "fb124bba-f90d-45f0-9a59-5edca27b3b4a").Execute()
}

    Creating a Token

    Once you have your Applications configured, you are ready to start creating Tokens. A Token represents a piece of data that you want to be securely stored. The Token is a unique, undecipherable identifier that references your sensitive data, and is the core of the Basis Theory Platform.

    
package main

import (
  "context"
  "github.com/Basis-Theory/basistheory-go/v3"
)

func main() {
  configuration := basistheory.NewConfiguration()
  apiClient := basistheory.NewAPIClient(configuration)
  contextWithAPIKey := context.WithValue(context.Background(), basistheory.ContextAPIKeys, map[string]basistheory.APIKey{
    "ApiKey": {Key: "YOUR_BT_API_KEY"},
  })

  createTokenRequest := *basistheory.NewCreateTokenRequest("Sensitive Value")
  createTokenRequest.SetType("token")
  createTokenRequest.SetMetadata(map[string]string{
    "myMetadata": "myMetadataValue",
  })
  createTokenRequest.SetSearchIndexes([]string{"", ""})
  createTokenRequest.SetFingerprintExpression("")
  createTokenRequest.SetDeduplicateToken(true)

  privacy := *basistheory.NewPrivacy()
  privacy.SetImpactLevel("moderate")
  createTokenRequest.SetPrivacy(privacy)

  token, httpResponse, err := apiClient.TokensApi.Create(contextWithAPIKey).CreateTokenRequest(createTokenRequest).Execute()
}

    Decrypting a Token

    After creating a Token, you may need to read all or part of the plain text value back. It’s as easy as making a call to the Basis Theory API!

    
package main

import (
  "context"
  "github.com/Basis-Theory/basistheory-go/v3"
)

func main() {
  configuration := basistheory.NewConfiguration()
  apiClient := basistheory.NewAPIClient(configuration)
  contextWithAPIKey := context.WithValue(context.Background(), basistheory.ContextAPIKeys, map[string]basistheory.APIKey{
    "ApiKey": {Key: "YOUR_BT_API_KEY"},
  })

  token, httpResponse, err := apiClient.TokensApi.GetById(contextWithAPIKey, "c06d0789-0a38-40be-b7cc-c28a718f76f1").Execute()
}

    Invoking a Reactor

    There are risks with using sensitive values within your systems. For example, a sensitive value could be stored in memory for a short time and read by an attacker, or misconfigured logging could accidentally write sensitive data to a log file. Reactors solve this issue by providing a secure, compliant, serverless compute environment where you can execute your custom code to interact with the tokenized data— without that data touching your systems.

    
package main

import (
  "context"
  "github.com/Basis-Theory/basistheory-go/v3"
)

func main() {
  configuration := basistheory.NewConfiguration()
  apiClient := basistheory.NewAPIClient(configuration)
  contextWithAPIKey := context.WithValue(context.Background(), basistheory.ContextAPIKeys, map[string]basistheory.APIKey{
    "ApiKey": {Key: "YOUR_BT_API_KEY"},
  })

  reactRequest := *basistheory.NewReactRequest()
  reactRequest.SetArgs(map[string]interface{}{
    "card": "",
    "customer_id": "myCustomerId1234",
  })

  reactResponse, httpResponse, err := apiClient.ReactorsApi.React(contextWithAPIKey, "5b493235-6917-4307-906a-2cd6f1a90b13").ReactRequest(reactRequest).Execute()
}

    Final Thoughts

    As the popularity of Go continues to rise, more and more enterprises will be using it to not only manage their infrastructure, but also to power their applications. The need for better security— and better developer experiences around data security—will only continue to grow. The Basis Theory Go SDK makes satisfying data security and compliance  requirements fit seamlessly into your development lifecycle.

    Want to try it for yourself? Create a free account to spin up your PCI Level 1 and SOC 2 certified environment in less than a minute—without adding a credit card.

    De-Risk Payments. De-Scope Compliance.   Accelerate time-to-compliance and eliminate nearly 90% of the PCI DSS Level 1 requirements using Basis theory.  

    Stay Connected

    Receive the latest updates straight to your inbox