This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Data Masking not working for JSON payload

Posted on 08-04-2015 04:41 AM
Not applicable
Reply posted on --/--/---- --:-- AM

I have a requirement in my project to mask sensitive data in trace tool. Data is in JSON format and is like below.

<Content>{"BO":"{\"requestToken\":{\"validate\":{\"Reference\":{\"id\":\"000024001504\",\"Secret\":\"Googlygoogle123\",\"credentialType\":\"AbcType\",\"credential\":\"ar12345678\"}}}}"}</Content>

I have run below curl command before deploying the API.

curl -k -H "content-type:text/xml" -X POST -d \ '<MaskDataConfiguration name="default"> <JSONPathsRequest> <JSONPathRequest>$.BO.requestToken.validate.Reference.Secret</JSONPathRequest> </JSONPathsRequest> </MaskDataConfiguration>' \ http://<HostnamePort>/v1/o/<org_name>/maskconfigs \ -u <username>:<password>

So that when invoking the API and tracing the session using the trace session tool, Secret element of JSON is masked.

Still, I can see the Secret element' value. It is not masked.

Can any one look into this issue and help to resolve this.

Solved Solved
0 9 1,557
Topic Labels
Jump to Solution
0 Likes
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

As @Mukundha Madhavan suggests my first step would be to validate the mask was created in the correct org.

As well, you might consider a more general form of the JSON path to catch anywhere the field secret may be present in payloads:

"jSONPathsResponse": [
    "$..*.secret",
    "$.foo",
    "$.bar"
  ]

View solution in original post

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

For JSOn payload, Content-Type header as part of the request should have value as "application/json".

View solution in original post

Jump to Solution
9 REPLIES 9

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi @Mukundha Madhavan

Can you please assist here. I have to mask certain element from json payload so that element value is not shown on trace tool.

I have one similar question from the below url.

https://community.apigee.com/questions/6107/data-masking-after-xml-to-json-policy.html

please confirm if it is the same issue for which you have raised one bug with id 'MGMT-2382'.

@Sean Case: Could you pls tell us how you resolve the issue regarding data masking for JSON payload.

Thanks,

Varun

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
Reply posted on --/--/---- --:-- AM

Hi Varun,

<Content>{"BO":"{\"requestToken\":{\"validate\":{\"Reference\":{\"id\":\"000024001504\",\"Secret\":\"Googlygoogle123\",\"credentialType\":\"AbcType\",\"credential\":\"ar12345678\"}}}}"}</Content>

Is your JSON embedded within a XML? in that case, you can mask the 'Content' value using XPathRequest.

If its just JSON like this,

{"BO":"{\"requestToken\":{\"validate\":{\"Reference\":{\"id\":\"000024001504\",\"Secret\":\"Googlygoogle123\",\"credentialType\":\"AbcType\",\"credential\":\"ar12345678\"}}}}"}

then your mask config should have worked.

Just to be clear

>this payload is coming in the request?

> can you also verify the maskconfigs are actually created and no errors during creation

http://<managementserver>/v1/o/{org}/maskconfigs

Thanks,

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
In response to gnanasekaran
Reply posted on --/--/---- --:-- AM

Hi @Mukundha Madhavan,

Thanks for your support. Payload is in JSON format. I verified the curl command to create the mask configuration and it worked with Content-Type as application/json.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

As @Mukundha Madhavan suggests my first step would be to validate the mask was created in the correct org.

As well, you might consider a more general form of the JSON path to catch anywhere the field secret may be present in payloads:

"jSONPathsResponse": [
    "$..*.secret",
    "$.foo",
    "$.bar"
  ]
Jump to Solution

Posted on --/--/---- --:-- AM
gnanasekaran
Staff
In response to
Reply posted on --/--/---- --:-- AM

Thanks David, this is helpful!, i did not know we could use a generic form like '$..*.secret'

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Hi @David Allen

I tried with this approach. It seems to be working. 🙂

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

For JSOn payload, Content-Type header as part of the request should have value as "application/json".

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

We were struggling to mask the data in request payload as Content-Type in the request was not exactly as application/json. It finally worked when we changed the Content-Type to application/json. Thanks for the feedback.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi @Varun Singh,

Given that all the process has been followed properly, it depends on what kind of user you are logged in as. In case, one is logged in as Organization Administrator role, he/she will still see all the masked values. If one is logged in as a normal user without any special privilege, then one will only see masks.

Jump to Solution
0 Likes