Microgateway 10.7 | webMethods Microgateway Help | Policies | Request Processing | Data Masking
 
Data Masking
Data masking is a technique whereby sensitive data is masked in some way to render it safe and protect the actual data while having a functional substitute for occasions when the real data is not required.
This policy is used to mask sensitive data at the application level. At the application level you must have an Identify and Access policy configured to identify the application for which the masking is applied. If no application is specified then it will be applied for all the other requests. Fields can be masked or filtered in the request messages received. You can configure the masking criteria as required for the XPath, JSONPath, and Regex expressions based on the content-type. This policy can also be applied at the API scope level.
The table lists the content-type and masking criteria mapping.
Content-type
Masking Criteria
application/xml
text/xml
text/html
XPath
application/json
application/json/badgerfish
JSONPath
text/plain
Regex
The table lists the masking criteria properties configured to mask the data in the request messages received:
Parameter
Description
Consumer Applications
Optional. Specifies the applications for which the masking criterion has to be applied.
For example: If there is a DataMasking(DM1) criteria created for application1 a second DataMasking(DM2) for application2 and a third DataMasking(DM3) with out any application, then for a request that comes from consumer1 the masking criteria DM1 is applied, for a request that comes from consumer2 DM2 is applied. If a request comes with out any application or from any other application except application1 and application2 DM3 is applied.
XPath: Specifies the masking criteria for XPath expressions in the request messages.
Masking Criteria
Specifies the masking criteria that contains the following information:
*Masking Type. Specifies the type of masking required. You can have either Mask or Filter. Mask replaces the value with the given value (the default value being ********) and Filter removes the field completely.
*Query expression. Specifies the query expression that has to be masked or filtered.
For example: /pet/details/status, /user/details/card/ccnumber.
*Mask Value. This is available if masking type selected is Mask. Specifies the mask value. For example: sold, any mask value #####.
Note:
You can have multiple masking criteria.
*Namespace. Specifies the following Namespace information:
*Namespace Prefix. The namespace prefix of the payload expression to be validated.
*Namespace URI. The namespace URI of the payload expression to be validated
Note:
You can have multiple namespace prefix and URI specified.
JSONPath: Specifies the masking criteria for JSONPath expressions in the request messages.
Masking Criteria
Specifies the masking criteria that contains the following information::
*Masking Type. Specifies the type of masking required. You can have either Mask or Filter. Mask replaces the value with the given value (the default value being ********) and Filter removes the field completely.
*Query expression. Specifies the query expression that has to be masked or filtered. For example: $.pet.details.status
*Mask Value. This is available if masking type selected is Mask. Specifies the mask value. For example: sold
Regex: Specifies the masking criteria for regular expressions in the request messages.
Masking Criteria
Specifies the masking criteria that contains the following information::
*Masking Type. Specifies the type of masking required. You can have either Mask or Filter. Mask replaces the value with the given value (the default value being ********) and Filter removes the field completely.
*Query expression. Specifies the query expression that has to be masked or filtered. For example: [0-9]+
*Mask Value. This is available if masking type selected is Mask. Specifies the mask value. For example: ########
Apply for transaction Logging
Select this option to apply masking criteria for transactional logs.
Apply for payload
Select this option to apply masking criteria for payload in the incoming request.