CDR Declassification Request

Used to request the decontamination of SHIELDEX CDR.
It operates asynchronously, inserting the request into a queue and responding immediately.
You can check the inspection results through a separate status inquiry API or Callback.

Important Notes

Protocol: HTTP FormUses the transmission method (multipart/form-data).

Encoding: All text data isUTF-8must be encoded.

Callback: The callback URL isresult.callbackURLYou can set it in the field and receive the results after the defanging is complete.

Job ID Length: Up to 36 characters are allowed, and exceeding this will result in a validation failure.

Method

POST

/v5/cdr
/v5/cdr/{jobID}

Request Path Parameter

KEY OBJECT DESC
jobID String Task ID (optional, a time-based UUID will be automatically generated if not entered. Maximum 36 characters)

KEY	OBJECT	DESC
`jobID`	String	Task ID (optional, a time-based UUID will be automatically generated if not entered. Maximum 36 characters)

Request Parts (multipart/form-data)

KEY OBJECT DESC
data JSON Decontamination Request Data (Required)
file File Files subject to decontamination (required)

KEY	OBJECT	DESC
`data`	JSON	Decontamination Request Data (Required)
`file`	File	Files subject to decontamination (required)

Request Data JSON Structure

{
  "request": {
    "type": "upload"
  },
  "userinfo": {
    "id": "string",
    "department": "string",
    "name": "string",
    "dutyname": "string",
    "sysCode": "string",
    "businessCode": "string"
  },
  "fileinfo": {
    "filename": "string"
  },
  "result": {
    "callbackURL": "string"
  }
}

Request Data Fields

KEY OBJECT REQUIRED DESC
request.type String Yes* Request Type (uploadfixed)
userinfo.id String Yes User ID (up to 40 characters)
userinfo.department String No User Department (up to 256 characters)
userinfo.name String No Username (up to 40 characters)
userinfo.dutyname String No User Job Title (up to 40 characters)
userinfo.sysCode String No Channel code, used for API access control. (up to 40 characters)
userinfo.businessCode String No Business code, used for API access control. (up to 40 characters)
userinfo.userNumber Number No User Number
fileinfo.filename String Yes* File name (must be the same as the name of the multipart file)
result.callbackURL String No Callback URL (for result notification)

KEY	OBJECT	REQUIRED	DESC
`request.type`	String	Yes*	Request Type (`upload`fixed)
`userinfo.id`	String	Yes	User ID (up to 40 characters)
`userinfo.department`	String	No	User Department (up to 256 characters)
`userinfo.name`	String	No	Username (up to 40 characters)
`userinfo.dutyname`	String	No	User Job Title (up to 40 characters)
`userinfo.sysCode`	String	No	Channel code, used for API access control. (up to 40 characters)
`userinfo.businessCode`	String	No	Business code, used for API access control. (up to 40 characters)
`userinfo.userNumber`	Number	No	User Number
`fileinfo.filename`	String	Yes*	File name (must be the same as the name of the multipart file)
`result.callbackURL`	String	No	Callback URL (for result notification)

Response Body (json)

KEY OBJECT DESC
code int Response Codes (see table below)
msg String Response Message
jobID String Work ID (used when checking inspection results)

KEY	OBJECT	DESC
code	int	Response Codes (see table below)
msg	String	Response Message
jobID	String	Work ID (used when checking inspection results)

Response Code

CODE MESSAGE DESC
0 success The declassification request has been received successfully. You can check the declassification results through the status inquiry API.
1 Duplicate Neutralization Request Duplicate request occurred (duplicate jobID)
2 Block message Block (Validation failure, File creation failure)
3 unavailable agent service Decontamination service connection failed
5 Sanitization Request Blocked by API Access control. The request has been blocked due to API access control.
-1 Error Message Failed to process server request

CODE	MESSAGE	DESC
0	success	The declassification request has been received successfully. You can check the declassification results through the status inquiry API.
1	Duplicate Neutralization Request	Duplicate request occurred (duplicate jobID)
2	Block message	Block (Validation failure, File creation failure)
3	unavailable agent service	Decontamination service connection failed
5	Sanitization Request Blocked by API Access control.	The request has been blocked due to API access control.
-1	Error Message	Failed to process server request

Sample

REQUEST - Upload Type

curl -X POST "{{url}}/v5/cdr" \
  -H "Content-Type: multipart/form-data" \
  -F 'data={
    "request": {
      "type": "upload"
    },
    "userinfo": {
      "id": "user001",
      "name": "홍길동",
      "department": "개발팀",
      "dutyname": "개발자",
      "sysCode": "SYS001",
      "businessCode": "BIZ001"
    },
    "fileinfo": {
      "filename": "test.pdf"
    },
    "result": {
      "callbackURL": "https://your-callback-url.com/callback"
    }
  };type=application/json' \
  -F "file=@/path/to/test.pdf"

RESPONSE - Demilitarization request successful (200 OK)

{
  "code": 0,
  "msg": "success",
  "jobID": "test-job-001"
}

RESPONSE - Service Connection Failed (200 OK)

{
  "code": 3,
  "msg": "unavailable agent service",
  "jobID": "test-job-001"
}

RESPONSE - Required field missing (400 BAD_REQUEST)

{
    "timestamp": 1767768931518,
    "status": 400,
    "error": "Bad Request",
    "message": "400 BAD_REQUEST \"Invalid or missing fields in JSON: 'request.type'\"",
    "path": "/v5/cdr"
}

RESPONSE - Missing file field (400 BAD_REQUEST)

{
  "code": 2,
  "msg": "Missing required file: 'file', The request must include a file upload in the 'file' field.",
  "jobID": "test-job-001"
}

RESPONSE - Access Denied (200 OK)

{
   "code": 5,
   "msg": "Sanitization Request Blocked by API Access control.",
   "jobID": "test-job-001"
}

:::info[Note -code5 (API Access Control) The above response isHTTP 200but, the main textcodea5It is when the API access control has blocked the deactivation request.

1. Code Registration (Preparation)

Menu:Settings → API Access Control → Code Registration
to use for the callChannelandWorkregisters.
requestdataofuserinfo.sysCodeis registeredChannel Code, userinfo.businessCodeis registeredWork Codeis added. (of the sampleSYS001, BIZ001will be changed to match the actual registration value.)
During the test, the two values are**Must match the value registered in the code registration.**should be normal reception(code: 0) becomes.

2. Access Control Logs (Block/Allow Verification)

Menu:Settings → API Access Control → Access Control Logs
the request in the list (orjobIDFind the row that matches the time zone.
API Application StatusColumn: Check if the API usage application for application and approval has been reflected.
Control StatusColumn:BlockCognitionAllowIt confirms recognition. If blocked, it is prevented by access control policies, and requests only pass through when allowed.

Callback

upon requestresult.callbackURLIf a URL is entered in the field, the results will be sent to that URL once the de-identification process is complete.
You can receive the deactivation results through the status inquiry API or via callback.

Callback API JSON
{
     "jobID": "test-job-001",
     "code": 0,
     "msg": "success",
     "logReason": 200000,
     "logReasonMsg": "파일 재구성 완료"
}
{
     "jobID": "test-job-001",
     "code": 2,
     "msg": "success",
     "logReason": 220355,
     "logReasonMsg": "[차단] 확장자 위변조 파일 차단"
}

Processing Flow

From here on, this is development information that should not be disclosed to the public.

Important Notes​

Method​

POST​

Request Path Parameter​

Request Parts (multipart/form-data)​

Request Data JSON Structure​

Request Data Fields​

Response Body (json)​

Response Code​

Sample​

REQUEST - Upload Type​

RESPONSE - Demilitarization request successful (200 OK)​

RESPONSE - Service Connection Failed (200 OK)​

RESPONSE - Required field missing (400 BAD_REQUEST)​

RESPONSE - Missing file field (400 BAD_REQUEST)​

RESPONSE - Access Denied (200 OK)​

Callback​

Callback API JSON​

Processing Flow​