As you may be aware that to troubleshoot and probe the details of each step through an API proxy flow, Edge provides a Trace tool. This tool creates a trace session and helps to look at the data assigned to each variable as part of the request and response flow.

Scenario, when API request & response contains sensitive data (e.g. credit card, SSN, etc.), has security implications due to such data getting exposed during trace session. From security perspective, such sensitive data should be filtered out. To fulfill this requirement, Edge provides OOTB feature as mask configurations.

Following guidelines can be applied when defining mask configurations:

• For JSon payload, specify Content-Type as “application/json”. Otherwise, masking won’t be effective.
• Message is a contextual object (ref as message.content) having same value as request in the request flow or as response in the response flow. This need to be filtered out as well. Otherwise, sensitive data is still getting exposed. This can be defined as part of the “Variables” tag.
• Mask configurations can be defined at Organization as well as API level. Define a mask configuration at API scope if such configurations are not applicable across all APIs.
• Apply wild card character like “*” to match a variable rather than providing complete path e.g.<JSONPathRequest>$.requestSecurityToken.validateTarget.securityTokenReference.credentialSecret</JSONPathRequest> can be defined as <JSONPathRequest>$..*.credentialSecret</JSONPathRequest>

I would like to thanks to @David Allen for last guideline.