This document describes the different types of API endpoints available with Sensitive Data Protection. This document also provides points to consider when deciding which endpoint type to use in your Sensitive Data Protection requests. For general information about the different types of API endpoints, see Google Cloud API endpoint overview.
An API endpoint (or service endpoint) is a base URL that specifies the network address of a Google Cloud API service like Sensitive Data Protection. Sensitive Data Protection has global and regional endpoints.
The global endpoint of Sensitive Data Protection is dlp.googleapis.com.
Globally scoped endpoints provide highly available service endpoints that terminate the TLS session as close to the client as possible, which minimizes latency when serving API calls from a dispersed client population over the internet.
When you send a request to a global endpoint, you can specify the location where you want to process the request.
If you don't specify a location in your request—or if you specify the
global region—then the request is processed in the global region. For
example, if you send a POST request to the following URL, the request is sent
to the global endpoint and processed in the global region.
https://dlp.googleapis.com/v2/projects/example-project/content:inspect
If you specify a location in your request to a global endpoint, the request
is sent to the global endpoint and processed in the region or multi-region that
you specified.
For example, if you send a POST request to the following
URL, the request is sent to the global endpoint and processed in the us-west1
region.
https://dlp.googleapis.com/v2/projects/example-project/locations/us-west1/content:inspect
There is no guarantee that the data in transit remains in the processing region that you specified. If you aren't required to keep in-transit data within a specific region, then calling the global endpoint in this manner is sufficient.
Regional endpoints let you keep in-transit data within a specific
region. A regional endpoint specifies the location as a subdomain—for
example, dlp.us-west1.rep.googleapis.com.
A regional endpoint for Sensitive Data Protection follows this format:
dlp.REGION.rep.googleapis.com
Replace REGION with a regional endpoint available
for Sensitive Data Protection.
Regional endpoints terminate TLS sessions in the location specified by the endpoint for requests received from the public internet or from private connectivity.
Regional endpoints guarantee data residency by ensuring that your data at rest, in use, and in transit isn't moved out of the location specified by the endpoint. This guarantee excludes Service Data. For more information, see Note on Customer Data and Service Data.
Consider the following when choosing between global and regional endpoints:
If your organization is required to keep data at rest, in use, and in transit within a specific region, then you must use regional endpoints. If you aren't required to keep in-transit data within a specific region, then you can use global endpoints.
Regional endpoints are supported by a limited number of locations. For a full list of regions and multi-regions where Sensitive Data Protection is available, see Sensitive Data Protection locations.
Sensitive Data Protection has separate sets of quotas for the following:
global region)The quotas for regional endpoints are lower than the quotas for the other two.
If your client application is configured to use global endpoints and you want to start using regional endpoints, you need to configure your client application to specify the region or multi-region in the subdomain and the path of each hostname that you use in your requests. For more information, see Specify a region in a request to a regional endpoint.
To help enforce the use of regional endpoints, use the
constraints/gcp.restrictEndpointUsage organization policy constraint to block
requests to the global API endpoint. For more information, see
Restrict endpoint usage in
the Assured Workloads documentation.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-06-09 UTC.