Masking sensitive information in health check probe

Not applicable

Hi,


We have chosen Apigee as our preferred choice for API management gateway.

We have few public APIs which can be invoked by registered user as well as unauthenticated request.

In case of later we want to mask some sensitive information in the return json object.

Obviously we want to avoid having the masking logic in our APIs,

Can this be configured in the apigee ?

Many thanks

Manoj

0 1 276
1 REPLY 1

First, i would like to comment on having one api for both registered and unauthenticated request, might expose you to security vulnerabilities, hope necessary steps are taken to protect your API

now coming to your masking question, there are 2 types, masking in Apigee trace and masking in respone

1) For masking in Apigee trace tool:

In order to prevent privacy data from being viewable in the Apigee trace tool, you can create MaskDataConfiguration using the Management API . At runtime the specific data you have configured in this mask is then displayed with asterisks. Detailed documentation on how to configure this is found here: http://docs.apigee.com/api-services/content/data-masking

2) For masking in your response to your clients:

A simple javascript can be put together in response flow to scrub all sensitive data from payload.

Hope this helps.