This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Datastructure

This section outlines the data structure within the application.

1 - alert

datatype alert

Alerts are notifications generated by omniac Business when breach incidents for certain attributes are detected. These alerts are crucial for maintaining the security and privacy of users’ data. Each alert contains details about the breach incident, including the type of attribute affected, the source, the time it happened, a criticality classification, short standard description of the incident and a recommendation. Depending on what details are required, the alert payload can be individualized.

We provide these alerts via REST in JSON format. As soon as we detect a breach incident we trigger the configured endpoint from the tenant configuration.

A sample alert payload looks like this:

{
    "alert_id": "685e5c371f317d8df6c618a3",
    "alert_flow": "retrospective",
    "masked_values": [
        {
            "name": "bank_account",
            "value": "could not resolve data"
        },
        {
            "name": "credit_card",
            "value": "could not resolve data"
        },
        {
            "name": "iban",
            "value": "could not resolve data"
        },
        {
            "name": "nid",
            "value": "could not resolve data"
        },
        {
            "name": "passport",
            "value": "could not resolve data"
        },
        {
            "name": "driver_license",
            "value": "could not resolve data"
        }
    ],
    "password_last_characters": "",
    "breach_category_locale": "",
    "description_type": "",
    "recommendation": "If the website has customer service or privacy officer contact information, request that any of your personal data be removed immediately.",
    "description": "On 05/24/2023, we discovered this identity information including your names, surnames, emails and addresses that we believe belongs to you from sec.gov/Archives/edgar/Feed/2002/QTR3",
    "name": "sec.gov",
    "source": "",
    "type": "surface",
    "breach_record_exposure_score": "Medium",
    "date_register": "2023-05-18T09:10:36Z",
    "creation_date": "2025-06-27T08:54:15Z",
    "done": false,
    "done_date": "0001-01-01T00:00:00Z"
}

2 - attribute

datatype attribute

Attributes are used to store and monitor various personal data of a user. They are stored in a masked, hashed and encrypted way to ensure privacy and security. There are up to 39 attributes available - a detailed list can be found below. Mainitaining attributes is done through the PUT /attributes endpoint. This replaces all attributes with the provided ones so make sure to include existing attributes as well. Old Attributes can be accessed through the GET /profile endpoint.

  • First Name
  • Last Name
  • Mother’s Maiden Name
  • Mother’s Name
  • Email (up to 10 values available)
  • Landline and Mobile Phone Number (up to 10 values available)
  • Address: (up to 10 values available)
    • Street Name
    • City
    • Postal/Zip Code
    • State/Province
  • Date of Birth (DoB)
  • Credit Card Number (up to 10 values available)
  • IP Address (up to 10 values available)
  • Loyalty Program Number (up to 10 values available)
  • Health Insurance Number (up to 10 values available)
  • National Health Service (NHS) Number (UK only)
  • Insurance Policy Number (up to 10 values available)
  • Username (all platforms, up to 10 values available)
  • Gamertag (up to 10 values available)
  • Online Accounts (YouTube, Facebook, Instagram, Google, etc. – approx. 20 different platforms)
  • Bank Account Number (up to 10 values available)
  • IBAN (up to 10 values available)
  • Driver’s License Number (up to 10 values available)
  • National ID Card Number (up to 10 values available)
  • Passport Number (up to 10 values available)
  • Social Security Number (SSN)
  • Tax Identification Number (TIN)
  • Visa Number (up to 10 values available)
  • Crypto Wallet Address (up to 10 values available)

3 - profile

datatype profile

A profile holds all the information for one specific user within your tenant. This profile combines a set of attributes that have been saved for a user and the triggered alerts in case breach incidents were detected.

Creating a profile is as simple as issuing a POST request against the profiles endpoint (/v1/profiles). The same endpoint also accepts requests with a profileID (/v1/profiles/{profileID}) with the following methods:

  • GET for retrieving a profile,
  • DELETE for removing a profile and
  • PUT for storing new attributes.

Please consult the openapi spec for in depth request and repsonse documentation.

You can also request all associated profiles for your tenant by issuing a GET request without providing the profileID.

4 - tenant

datatype tenant

Tenants represent individual customers or organizations that use the omniac Business service. Each tenant has its own set of users, data, and configurations, allowing for tailored security monitoring and management. Cross tenant access of data is not allowed, ensuring that each tenant’s information remains private and secure.

Configuration

Initially a tenant will be provided to you by omniac Business. You or a representative of omniac Business can then configure the tenant to your needs. The configuration includes:

  • Contact: The contact information (name, email) for one or more contact persons in your organization.
  • Push Endpoint: The URL to which omniac Business will send notifications about alerts.
  • Hash Algorithm: Omniac Business supports hashing either on the client or server side. From a security point of view we highly recommend client side hashing. We use SHA256 as hashing algorithm.
  • Encryption Key: If you choose to encrypt your data, we provide this encryption key. This key is used to encrypt your data before it is sent to omniac Business for monitoring. Please use the RSA PKCS#1 v1.5 algorithm for encryption.
  • Allowed ACLs: You can specify which Access Control Lists (ACLs) are allowed for your tenant. Each ACL config consists of a name and an ACL IP address. This allows you to control which IP addresses can access your tenant’s data and services.
  • Availabe Attributes: Depending on your contract this will be a list of attributes that omniac Business will monitor for your tenant. Each customer/employee can then monitor 0-n attributes. The attributes are defined and maintained by omniac Business.
  • Rate-Limits: Defines how many requests per time are accepted by the omniac Business service for your tenant. This is used to prevent abuse and ensure fair usage of the service. The rate-limits are maintained by omniac Business.

Authentication

To access the omniac Business service, each tenant must authenticate using a unique API key. This key is provided by omniac Business and should be kept secure. The API key is used to identify the tenant and authorize access to the service.