redact - DataPower API Gateway
Use the redact policy to completely remove or to redact specified fields from the request body, the response body, and the activity logs. You might find this policy useful for removing or blocking out sensitive data (for example, credit card details) for legal, security, or other reasons.
Gateway support
For information on the different types of gateway, see API Connect gateway types.
Gateway | Policy version |
---|---|
DataPower API Gateway | 2.0.0 |
This topic describes how to configure the policy in your OpenAPI source; for details on how to configure the policy in the assembly user interface, see Redaction - DataPower API Gateway.
About
- redact:
version: version
title: title
description: description
redactions:
- action: remove_or_redact
path: JSONata_expression_for_field_to_remove_or_redact
.
.
.
root: content_source
parse
policy before a redact policy in your assembly flow,
which provides explicit control of the parse action.Properties
Property | Required | Description | Data type |
---|---|---|---|
version | Yes | The policy version number | string |
title | No | A title for the policy. | string |
description | No | A policy description. | string |
root | No | Specifies the data source that contains the content to which the redact or remove action
applies. If the root property is omitted, the action is applied to the entire
API context. You can use any supported JSONata path expression. If you want to apply the
action to either request or response data, specify a value of message.body.
The actual content to which the action is applied then depends on the positioning of the redact policy in the overall
assembly flow; for example:
If, in your assembly flow, the redact policy is used after a log policy that specifies |
string |
path | Yes | Specifies a JSONata path expression that identifies the fields to redact or remove from the source. For more information, see Constructing JSONata expressions to redact fields | string |
action | Yes | Specifies whether you want to remove or redact the content. Supply one of the following
values:
The default value is Note: If a numerical value is being
redacted, the redacted value is depicted as
****** and the type is changed to
string . |
string |
Example
# Specify separate remove and redact actions
- redact:
version: 2.0.0
title: remove price, redact author
redactions:
- action: remove
path: xpath($, ''//price'')"
- action: redact
path: $.**.author"
root: message.body