Data Masking Request Content error during deployment

Not applicable

Hi, I'm implementing data masking for request query param variables. But getting deployment error. I believe, schema element MaskDataConfiguration is not there but I'm able to see the syntax in the below link.

http://apigee.com/docs/management/apis/post/organizations/%7Borg_name%7D/apis/%7Bapi_name%7D/maskcon...

Attached the sample which I'm trying to implement the data masking. Please advice. Thanks!

Solved Solved
0 10 1,002
2 ACCEPTED SOLUTIONS

Hi Swapna,

I believe the problem is that you've tried to attach the data mask XML as a policy. What you need to do is remove that policy, and create the data mask using the API documented here. You can use Postman or even the SmartDoc to do this. Just paste your "policy" in the body of the POST.

http://apigee.com/docs/management/apis/post/organizations/%7Borg_name%7D/apis/%7Bapi_name%7D/maskcon...

On success, you'll see something like this:

{ "name": "default", "variables": [ "request.queryparam.url" ] }

Then, you can call your API with a query parameter, and that parameter will be masked in the Trace session, like this:

request.queryparam.url ****************

View solution in original post

Hi Swapna,

Unfortunately, the setup for your POST command isn't correct yet. I'm attaching my Postman so you can see exactly how I did it. Remember, this post command is only to send the XML containing the data mask configuration to Edge. It is an Edge management API call and requires that you set basic authentication header, which you can do in Postman. (The basic auth credentials are your Edge email address and password.) This call "creates" the mask and applies it to your proxy. The doc links above explain how to do this in curl, but we're using Postman here. If you're having trouble with Postman, try using curl per the docs.

Once that is done, you can call your actual API as explained above, and, if you made the change to your target endpoint, then you'll see a response from your target (which for now is an authentication error) and in the trace tool, you will see that the url parameter is masked.

Hope that helps.

screen-shot-2015-05-06-at-122709-pm.png

Will

View solution in original post

10 REPLIES 10

Hi Swapna,

I believe the problem is that you've tried to attach the data mask XML as a policy. What you need to do is remove that policy, and create the data mask using the API documented here. You can use Postman or even the SmartDoc to do this. Just paste your "policy" in the body of the POST.

http://apigee.com/docs/management/apis/post/organizations/%7Borg_name%7D/apis/%7Bapi_name%7D/maskcon...

On success, you'll see something like this:

{ "name": "default", "variables": [ "request.queryparam.url" ] }

Then, you can call your API with a query parameter, and that parameter will be masked in the Trace session, like this:

request.queryparam.url ****************

Also, note you can find a summary of the data mask APIs here: http://apigee.com/docs/api-services/content/data-masking

This is what you need to post in the body of the API call (your "policy" XML):

<MaskDataConfiguration name="default">
     <Variables>         
        <Variable>request.queryparam.url</Variable>     
     </Variables> 
</MaskDataConfiguration>

Not applicable

Hi Wwitman, Thank you for quick response. I have removed data mask xml from policy and deployed it. now it's successfully deployed. But I'm testing through the Postman rest plug-in bu copying the above policy in the body of the API Call but it was giving success response for all calls i.e., {"name": "default", "variables": [ "request.queryparam.url" ] } and I'm not able to see the target URL executing. I'm trying the following URL's. Please let me know if I'm doing anything wrong.

Attached the screen print for Postman. Thanks!

Hi Swapna,

I don't see the attachment -- could you please try to attach it again?

I'm not sure what you mean by "but it was giving success response for all calls..." After you execute the POST, you're basically sending that XML to Edge, where it takes effect for the api proxy specified in the POST call. You only have to call that API once. Then, to see data masking in action, you need to (1) start a trace session in the Edge UI and (2) call your API, like this:

http://your-org-name-test.apigee.net/keyvaluemap?url=123456

Then, in the trace tool, you'll see that the variable request.queryparam.url is masked out.

Hope this helps.

Will

I noticed another possible problem, in the proxies/default.xml (your proxy endpoint definition) there is no target for the RouteRule. You need this to tell the proxy to route to that music service target URL you specified in the targets/default.xml file.

 <RouteRule name="default">
           <TargetEndpoint>default</TargetEndpoint>
 </RouteRule>

See http://apigee.com/docs/api-services/reference/api-proxy-configuration-reference for details.

Not applicable

Hi Wwitman, I have specified the target URL and attached the missed attachments for Postman and trace log. Please advice.

Hi Swapna,

Unfortunately, the setup for your POST command isn't correct yet. I'm attaching my Postman so you can see exactly how I did it. Remember, this post command is only to send the XML containing the data mask configuration to Edge. It is an Edge management API call and requires that you set basic authentication header, which you can do in Postman. (The basic auth credentials are your Edge email address and password.) This call "creates" the mask and applies it to your proxy. The doc links above explain how to do this in curl, but we're using Postman here. If you're having trouble with Postman, try using curl per the docs.

Once that is done, you can call your actual API as explained above, and, if you made the change to your target endpoint, then you'll see a response from your target (which for now is an authentication error) and in the trace tool, you will see that the url parameter is masked.

Hope that helps.

screen-shot-2015-05-06-at-122709-pm.png

Will

Not applicable

Thank you Wwitman. It could help me alot. I'm able to see the masked data now for the query params. If we would want to implement the same for headers, request parameters, query parameters and response parameters, the process will be same right? First need to do basic authentication with mask data configuration and next step is to call the actual API call. Thanks!

Great to hear you got it working! Yes, any predefined or custom variables can be masked in the same way. They include headers, form params, etc. If you want to mask data in request or response payloads, then you need to define a mask specifically for those use cases, as explained in the docs.

Not applicable

ok thanks for your help.