DataPower API

Redaction - DataPower API Gateway

Use the Redaction policy to completely remove or to redact specified fields from the Request body, the Response body, and the activity logs. You might find this policy useful for removing or blocking out sensitive data (for example, credit card details) for legal, security, or other reasons.

Gateway support

Note: This page describes the Redaction policy implementation in the DataPower® API Gateway. If you are using the DataPower Gateway (v5 compatible), see Redaction - DataPower Gateway (v5 compatible).

For information on the different types of gateway, see API Connect gateway types.

Table 1. Table showing which gateways support this policy, and the corresponding policy version
Gateway Policy version
DataPower API Gateway, policy available from V2018.4.1.7 2.0.0

This topic describes how to configure the policy in the assembly user interface; for details on how to configure the policy in your OpenAPI source, see redact - DataPower API Gateway.

Note: With the DataPower API Gateway, the input to the Redaction policy must be parsed data. One way to produce parsed data is to use a Parse policy before a Redaction policy in your assembly flow, which provides explicit control of the parse action.


The following table lists the policy properties, indicates whether a property is required, specifies the valid and default values for input, and specifies the data type of the values.

Table 2. Redaction policy properties
Property label Required Description Data type
Title No The title of the policy.

The default value is redact.

Description No A description of the policy. string
Root No Specifies the data source that contains the content to redact or remove. If no value is entered in the Root field, the action is applied to the entire API context.

You can use any supported JSONata path expression.

If you want to apply the action to either request or response data, specify a value of message.body. The actual content to which the action is applied then depends on the positioning of the Redaction policy in the overall assembly flow; for example:
  • If positioned at the beginning, the action is applied to the client request.
  • If positioned after an Invoke policy, the action is applied to the response from the back end.
  • If positioned at the end, the action is applied to the response that is returned to the client.

If, in your assembly flow, the Redaction policy is used after a Log policy that specifies Gather-only mode, specify a Root value of log.request_body for the logged request payload, or log.response_body for the logged response payload.

Path Yes Specifies a JSONata path expression that identifies the content to redact or remove from the source. For more information, see Constructing JSONata expressions to redact fields string
Action No Specifies whether you want to remove or redact the content.
Choose one of the following options:
  • Remove: Completely removes the specified fields.
  • Redact: Redacts (obfuscates with "*"s) the fields to block out the data.

The default value is Redact.

Note: If a numerical value is being redacted, the redacted value is depicted as ****** and the type is changed to string.
Tip: You can optionally click Add action to specify JSONata expressions for additional fields that you want to remove or redact from the specified content source.