Data masking request/response AND service callout request/response

Hi community

I've looked at other questions/answers about this topic but most of them are too generic or inconclusive.

Has anyone successfully implemented data masking for:

  1. Full request/response - not parts of request/response but the whole thing.
  2. Service callout request/response - not parts of request/response but the whole thing.

Is these scenarios supported by edge and if yes, how would the API call to set it up look like?

Cheers

Ozan

Solved Solved
0 7 971
1 ACCEPTED SOLUTION

adas
Participant V

@Ozan Seymen For complete request/response masking try doing this:

POST https://api.enterprise.apigee.com/v1/organizations/${org}/maskconfigs

<MaskDataConfiguration name="default"> 
<JSONPathsRequest> 
<JSONPathRequest>$..*</JSONPathRequest>  
</JSONPathsRequest> 
<JSONPathsResponse> 
<JSONPathResponse>$..*</JSONPathResponse> 
</JSONPathsResponse> 
</MaskDataConfiguration> 

The same can be done at the env level or proxy level as well, if you want to mask data for a specific env or specific api proxy.

View solution in original post

7 REPLIES 7

Learned that Service callout request/response data masking is not supported. Still trying to understand if there is a way to mask request and response contents.

Not applicable

Hi @Ozan Seymen,

have you tried configuring "request" or "request.content" as part of the variables tag?

what's the requirement to mask for service callout? Masking functionality is only to restrict visibility of data at trace window.

Cheers,

Rajesh Doda

Hi @rdoda

I guess only thing we haven't tried is "request" - which we will try shortly.

Requirement is to do with security - developers have access to the trace tool for diagnostics purposes but body content passing through is confidential.

Not applicable

@Ozan Seymen Have you looked at this alert for service callout variables? You need to prefix your variable with ServiceCallout for eg.

ServiceCallout.request

http://apigee.com/docs/api-services/content/data-m...

@rdoda - we tried "request" but it is not working.

@Nafis Patel - we are trying that now - will let you know.

adas
Participant V

@Ozan Seymen For complete request/response masking try doing this:

POST https://api.enterprise.apigee.com/v1/organizations/${org}/maskconfigs

<MaskDataConfiguration name="default"> 
<JSONPathsRequest> 
<JSONPathRequest>$..*</JSONPathRequest>  
</JSONPathsRequest> 
<JSONPathsResponse> 
<JSONPathResponse>$..*</JSONPathResponse> 
</JSONPathsResponse> 
</MaskDataConfiguration> 

The same can be done at the env level or proxy level as well, if you want to mask data for a specific env or specific api proxy.

Thanks @arghya das - we will try that. I have a feeling that this is what we were looking for. Will keep you posted.