How to implement Masked API Proxy Request and Proxy Response

I have a requirement to implement Masking the data while trace and while do logging. Please help me with the process of implementing masking. if possible share a sample.

Masking required for both request and response JSON/XML. For logging, we are using Splunk.

Is their any changes required in the domain level or Proxy level changes are fine?

I tried with the below URL, but help me with some samples,

https://docs.apigee.com/api-platform/security/data-masking

Thanks

Gopala Krishnan

0 2 359
2 REPLIES 2

Hi @Gopala krishnan Periyasamy,

You can create mask configs at the organization or proxy level, they apply only to the Trace window.

This mask config applies to the `features-v1` proxy and masks all of the values for the fields in a request and response for both JSON and XML:

curl -n -X POST 'https://api.enterprise.apigee.com/v1/organizations/$ORG/apis/features-v1/maskconfigs' \
--header 'Content-Type: application/json' \
--data-raw '{
  "jSONPathsFault": [
    "$.*"
  ],
  "jSONPathsRequest": [
    "$.*"
  ],
  "jSONPathsResponse": [
    "$.*"
  ],
  "name": "default",
  "xPathsRequest": [
    "/*"
  ],
  "xPathsResponse": [
    "/*"
  ]
}'

The view in Trace for JSON:

10385-screen-shot-2020-09-28-at-111125-am.png

and for XML:

10387-screen-shot-2020-09-28-at-113555-am.png

This mask config will mask the entire request and response content.

curl -n -X POST 'https://api.enterprise.apigee.com/v1/organizations/$ORG/apis/features-v1/maskconfigs' \
--header 'Content-Type: application/json' \
--data-raw '{
  "name": "default",
  "variables": [
    "request.content",
    "response.content"
  ]
}'

The view in Trace:

10386-screen-shot-2020-09-28-at-111259-am.png

To mask values that are sent to your logging solution, you'll have to take care to mask those values in the message that you send. This can be done using a JavaScript policy.

thanks For your answer.