I have a requirement in my project to mask sensitive data in trace tool. Data is in JSON format and is like below.
<Content>{"BO":"{\"requestToken\":{\"validate\":{\"Reference\":{\"id\":\"000024001504\",\"Secret\":\"Googlygoogle123\",\"credentialType\":\"AbcType\",\"credential\":\"ar12345678\"}}}}"}</Content>
I have run below curl command before deploying the API.
curl -k -H "content-type:text/xml" -X POST -d \ '<MaskDataConfiguration name="default"> <JSONPathsRequest> <JSONPathRequest>$.BO.requestToken.validate.Reference.Secret</JSONPathRequest> </JSONPathsRequest> </MaskDataConfiguration>' \ http://<HostnamePort>/v1/o/<org_name>/maskconfigs \ -u <username>:<password>
So that when invoking the API and tracing the session using the trace session tool, Secret element of JSON is masked.
Still, I can see the Secret element' value. It is not masked.
Can any one look into this issue and help to resolve this.
Solved! Go to Solution.
As @Mukundha Madhavan suggests my first step would be to validate the mask was created in the correct org.
As well, you might consider a more general form of the JSON path to catch anywhere the field secret may be present in payloads:
"jSONPathsResponse": [ "$..*.secret", "$.foo", "$.bar" ]
For JSOn payload, Content-Type header as part of the request should have value as "application/json".
Can you please assist here. I have to mask certain element from json payload so that element value is not shown on trace tool.
I have one similar question from the below url.
https://community.apigee.com/questions/6107/data-masking-after-xml-to-json-policy.html
please confirm if it is the same issue for which you have raised one bug with id 'MGMT-2382'.
@Sean Case: Could you pls tell us how you resolve the issue regarding data masking for JSON payload.
Thanks,
Varun
Hi Varun,
<Content>{"BO":"{\"requestToken\":{\"validate\":{\"Reference\":{\"id\":\"000024001504\",\"Secret\":\"Googlygoogle123\",\"credentialType\":\"AbcType\",\"credential\":\"ar12345678\"}}}}"}</Content>
Is your JSON embedded within a XML? in that case, you can mask the 'Content' value using XPathRequest.
If its just JSON like this,
{"BO":"{\"requestToken\":{\"validate\":{\"Reference\":{\"id\":\"000024001504\",\"Secret\":\"Googlygoogle123\",\"credentialType\":\"AbcType\",\"credential\":\"ar12345678\"}}}}"}
then your mask config should have worked.
Just to be clear
>this payload is coming in the request?
> can you also verify the maskconfigs are actually created and no errors during creation
http://<managementserver>/v1/o/{org}/maskconfigs
Thanks,
Thanks for your support. Payload is in JSON format. I verified the curl command to create the mask configuration and it worked with Content-Type as application/json.
As @Mukundha Madhavan suggests my first step would be to validate the mask was created in the correct org.
As well, you might consider a more general form of the JSON path to catch anywhere the field secret may be present in payloads:
"jSONPathsResponse": [ "$..*.secret", "$.foo", "$.bar" ]
Thanks David, this is helpful!, i did not know we could use a generic form like '$..*.secret'
Hi @David Allen
I tried with this approach. It seems to be working. 🙂
For JSOn payload, Content-Type header as part of the request should have value as "application/json".
We were struggling to mask the data in request payload as Content-Type in the request was not exactly as application/json. It finally worked when we changed the Content-Type to application/json. Thanks for the feedback.
Hi @Varun Singh,
Given that all the process has been followed properly, it depends on what kind of user you are logged in as. In case, one is logged in as Organization Administrator role, he/she will still see all the masked values. If one is logged in as a normal user without any special privilege, then one will only see masks.
User | Count |
---|---|
3 | |
2 | |
1 | |
1 | |
1 |