access token in custom dimension

pulkitaagrawal · 05-21-2019 08:42 AM

Hi All,

I am not sure why APIGEE has made access_token a part of default custom dimension with no way to prevent it from storing it.

Its becoming a compliance issue for us. Can anyone please help me here?

Many thanks!!

pulkitaagrawal

Guys, will anybody please help me out ?

sidd-harth

Provide few more points on what you are doing and what you wan tto achieve.

When you say default custom dimension are you talking of Statistics Collector/Analytics/Custom reports?

pulkitaagrawal

Hi Siddharth, I am talking about statistics Collector. If you go by documentation of it, you would find a important thing which I would rather say a bug. APIGEE stores access token in postgres DB as part of custom dimensions by default. One cannot prevent it at all. That too in plain text.
Saving customer token is resulting in violation of some policy which we want to avoid.

https://docs.apigee.com/api-platform/analytics/analytics-reference#dimensions

sidd-harth

Yes, the access_token is displayed in a plain text in the Reports page.

++ @Dino-at-Google

pulkitaagrawal

Yes. The most amusing thing here is, they proudly mention the same on documentation 🙂

sidd-harth

Maybe it is there for a reason, lets wait for someone from Apigee to comment on it.

pulkitaagrawal

@Anil Sagar @ Google, can you please help me here sir?