redact - DataPower Gateway (v5 compatible)

Use the redact policy to completely remove or to redact specified fields from the request body, the response body, and the activity logs. You might find this policy useful for removing or blocking out sensitive data (for example, credit card details) for legal, security, or other reasons.

Gateway support

Note: This page describes the redact policy implementation in the DataPower® Gateway (v5 compatible). If you are using the DataPower API Gateway, see redact - DataPower API Gateway.

For information on the different types of gateway, see API Connect gateway types.

Table 1. Table showing which gateways support this policy, and the corresponding policy version
Gateway	Policy version
DataPower Gateway (v5 compatible)	1.0.0

This topic describes how to configure the policy in your OpenAPI source; for details on how to configure the policy in the assembly user interface, see Redaction - DataPower Gateway (v5 compatible).

About

The redaction policy has the following format:

- redact:
  version: version
  title: title
  description: description
  actions:
    - action: remove_or_redact
      from: 
        - where_the_redaction_is_to_be_applied
      path: XPath_expression_for_field_to_remove_or_redact
                     .
                     .
                     .
           further action/from/path combinations
                     .
                     .
                     .

You can specify as many action/from/path combinations as you want.

Properties

The following table describes the policy properties:

Table 2. redact policy properties
Property	Required	Description	Data type
version	Yes	The policy version number	string
title	No	A title for the policy.	string
description	No	A policy description.	string
action	No	Specifies whether you want to remove or redact the fields. Valid values: `remove`: Completely removes the specified fields. `redact`: Redacts (obfuscates with ""s) the fields to block out the data. The default value is `redact`. Note: If a numerical value is being redacted, the redacted value is depicted as `*****` and the type is changed to `string`.	string
from	No	Determines where the redaction is to be applied. Valid values: `all`: Apply the redaction to the request body, the response body, and the activity logs. `request`: Apply the redaction to the request body only. `response`: Apply the redaction to the response body only. `logs`: Apply the redaction to the activity logs only. You can supply one or more values. The default value is `all`.	string
path	Yes	Specifies an XPath expression that defines the fields to remove or redact. You can construct an XPath expression that is based on JSON or XML depending on whether your API requests and responses use a JSON or an XML format. If the payload is JSON, use the DataPower XML representation of the JSON content (JSONx) to construct the expression. Note: Use a JSONx representation only to identify the XPath expressions for the fields to remove or redact. Do not change the format of any response bodies in API Manager. To learn more about constructing XPath expressions that are based on JSON or XML, see Constructing XPath expressions to redact fields.	string

Example

# Specify separate remove and redact actions

- redact:
  version: 1.0.0
  title: remove secret field, redact address
  actions:
    - action: remove
      from: 
        - all
      path: /document/user/secret
    - action: redact
      from: 
        - request
        - response
      path: //*[@name='secondaryAddress']/*[@name='streetAddress']