Masking criteria

In API Gateway, it is allowed to define data masking such that sensitive data can be masked per application level and it is responsed to caller.

Would like to full list of masking characters we can used in masking. Use Guide just mentions “*” and “#”, but didn’t provide explanation and full list.

You can specify any value you like if masking type is set to “Mask” in policy Request/Response processing:

Masking Type: Specifies the type of masking required. You select either Mask or Filter.

  1. Selecting Mask replaces the value with the given value (the default value being ********).

  2. Selecting Filter removes the field completely.

Mask Value: This is available if masking type selected is Mask. Provide a mask value. For example: “sold”, or any mask value like “####.”

Suppose an API return DOB in “yyyymmdd”. What is the correct mask value if I want certain application to see the output value as “yyyy*****” only?

For example, if original return value is “19920406”, I would like caller to see “1992****” only.

would mask value be “####****”?

Hi Kelvin, here’s some info I received about how to achieve this.
You can use a regex shown in the first image below to select the text part after the year and you can mask only that part with ****

Actual response:

Masked response:

Note: regex will work only for text content types. If you are using json content types, use jsonpath and xpath for xml content types in response.

We try but fail to mask. Given the attached response json, suppose I want to mask details.database to keep first 4 chars but mask remaining chars, and mask details.validationQuery to keep first 2 chars such that:

details.database → Micr************
details.validationQuery → SE***********

What is the proper setting in masking criteria? From your example, we can’t configure masking a particular json node in the response.

Hi Wayne, do you have any advice?