How to hide API key (in body) from API debug and splunk logging

Dear Experts

I am working on API development. Receiver expects the API key to be passed in the Request body (payload) POST.

I am assigning the API Key to Request payload using a javascript.

I want to assign the API Key from an Encrypted KVM. Pls, advise me on the syntax to assign this value from KVM in the below js.

Also, the API Key should not be visible in the API debug logs or Splunk logging.

Could you pls advice meon how to achieve this. Thanks in advance.

var payload = JSON.parse(context.getVariable("request.content"));
payload.Authentication.Key="pNEaAW123"; //Currently, I am hard coding the API Key

//payload.Authentication.Key="private.api-key"; //I want to get this data from KVM and ensure api key is not visible in API debug logs or Splunk logging.

context.setVariable("request.content", JSON.stringify(payload));
//Sample JSON Request Payload

{
  "Authentication": {
    "Key": "" //I am assigning this value during Proxy End Point Pre-flow using KVM+Java script.
  },
  "ParameterSets": [
    {
      "Parameters": [
        {
          "Key": "Postcode",
          "Value": "LE3 123"
        }
      ]
    }
  ]
}
0 1 580
1 REPLY 1

Not applicable

you can use encrypted KVM. Use KVM extraction to get the encrypted value in your flow. Remember to have private.varibale_name to store the value. You can set the payload using assign message policy and use private. prefix to your variable in every place you need. Till the private, is used the value will not be seen in a trace, and for logging, you can remove that property using javascript or assign message policy.