Method: datasets.deidentify

Full name: projects.locations.datasets.deidentify

Creates a new dataset containing de-identified data from the source dataset. The metadata field type is OperationMetadata. If the request is successful, the response field type is DeidentifySummary. If errors occur, error is set. The LRO result may still be successful if de-identification fails for some DICOM instances. The new de-identified dataset will not contain these failed resources. Failed resource totals are tracked in Operation.metadata. Error details are also logged to Cloud Logging. For more information, see Viewing error logs in Cloud Logging.

HTTP request


The URL uses gRPC Transcoding syntax.

Path parameters



Required. Source dataset resource name. For example, projects/{projectId}/locations/{locationId}/datasets/{datasetId}.

Request body

The request body contains data with the following structure:

JSON representation
  "destinationDataset": string,
  "config": {
  "gcsConfigUri": string


Required. The name of the dataset resource to create and write the redacted data to.

  • The destination dataset must not exist.
  • The destination dataset must be in the same location as the source dataset. De-identifying data across multiple locations is not supported.


Deidentify configuration. Only one of config and gcsConfigUri can be specified.



Cloud Storage location to read the JSON from, overriding the default config. Must be of the form gs://{bucket_id}/path/to/object. The Cloud Storage location must grant the Cloud IAM role roles/storage.objectViewer to the project's Cloud Healthcare Service Agent service account. Only one of config and gcsConfigUri can be specified.

Response body

If successful, the response body contains an instance of Operation.

Authorization scopes

Requires one of the following OAuth scopes:


For more information, see the Authentication Overview.