Sensitive Data Discovery and Protection (SDDP) provides the dynamic de-identification feature. You can call the ExecDatamask operation to dynamically de-identify sensitive data.
Background information
You can call the ExecDatamask operation to dynamically de-identify sensitive data. When you call this operation,
you must specify the ID of a de-identification template. De-identification templates
can be used for both static de-identification and dynamic de-identification. You can view template IDs on the page in the SDDP console. SDDP allows you to create custom de-identification templates. 
Limits
When you call the ExecDatamask operation to dynamically de-identify sensitive data,
the size of the sensitive data that is specified by the Data parameter must be less than 2 MB.
View the call history of the ExecDatamask operation
On the page in the SDDP console, you can view the call history of the ExecDatamask operation. Each record includes
the name of the API operation, the UID of the Alibaba Cloud account or Resource Access Management (RAM) user that
was used to call the API operation, the IP address of the user who initiated the API call, the time when the API operation
was first and last called, and the total number of API calls.
Note Only one record is generated for API calls that were initiated by the same Alibaba
Cloud account or RAM user from the same IP address. In this case, the accumulated
number of API calls is recorded.