How to implement Masked API Proxy Request and Proxy Response
I have a requirement to implement Masking the data while trace and while do logging. Please help me with the process of implementing masking. if possible share a sample.
Masking required for both request and response JSON/XML. For logging, we are using Splunk.
Is their any changes required in the domain level or Proxy level changes are fine?
I tried with the below URL, but help me with some samples,
https://docs.apigee.com/api-platform/security/data-masking
Thanks
Gopala Krishnan
Hi @Gopala krishnan Periyasamy,
You can create mask configs at the organization or proxy level, they apply only to the Trace window.
This mask config applies to the `features-v1` proxy and masks all of the values for the fields in a request and response for both JSON and XML:
curl -n -X POST 'https://api.enterprise.apigee.com/v1/organizations/$ORG/apis/features-v1/maskconfigs' \
--header 'Content-Type: application/json' \
--data-raw '{
"jSONPathsFault": [
"$.*"
],
"jSONPathsRequest": [
"$.*"
],
"jSONPathsResponse": [
"$.*"
],
"name": "default",
"xPathsRequest": [
"/*"
],
"xPathsResponse": [
"/*"
]
}'
The view in Trace for JSON:
and for XML:
This mask config will mask the entire request and response content.
curl -n -X POST 'https://api.enterprise.apigee.com/v1/organizations/$ORG/apis/features-v1/maskconfigs' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "default",
"variables": [
"request.content",
"response.content"
]
}'
The view in Trace:
To mask values that are sent to your logging solution, you'll have to take care to mask those values in the message that you send. This can be done using a JavaScript policy.
thanks For your answer.
