Masking custom attributes loaded by verifyAPI key policy

tjain152
Participant II

Is there a way to mask

a. The data populated in trace by verifyapikey policy. For e.g. verifyapikey.Verify-API-Key.attribute1

b. Target URL parameters in AssignMessage Policy. For e.g.

/oauth/v2/token?grant_type=client_credentials&client_id=abc&client_secret=xyz

1 4 246
4 REPLIES 4

is there a way to mask the data populated in trace

yes. Data masks allow you to do that. It does not matter how the variables are set. You can apply a data mask to any variable with a specific name. You can also set patterns of variables to mask. See the most excellent documentation on data masks here.

I don't understand what you mean about "target url parameters". Per the documentation, You can mask any variable. If you want to mask the target.url then the effect would be to mask the entire thing, not just a part of the variable.

Thanks Dino.

My question is mainly around variables which are part of custom attributes/KVM which are populated while using verify API key policy or kvm policy. How can we mask/hide them?

Hi. I gave you the link to the data masking documentation. Have you tried that? What results did you see?

rk-muvva
Participant II

@Tarun Jain: Best Practice is to pass them in HTTP headers and that way they are hidden. You can validate them by fetching them from request.header.client_id and request.header.client_secret.