Redaction Policy

General Information

Policy Type

policy-redaction

UI Documentation

📖 For detailed information: [UI Documentation Link - Link will be added here]

Description

Redaction policy removes or modifies sensitive data from request/response messages based on key existence, key-value matching, user, or role conditions. It supports multiple redaction definitions with ordered actions (MODIFY or DELETE) to protect sensitive information like credit card numbers, SSNs, passwords, etc.

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

Header Value
Authorization Bearer {token}

Path Parameters

Parameter Type Required Description
projectName string Yes Project name
apiProxyName string Yes API Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-redaction",
            "name": "redaction-policy",
            "description": "Remove sensitive data",
            "active": true,
            "redactionDefList": [
              {
                "redactionType": "KEY_EXISTENCE",
                "keyValueVar": {
                  "type": "HEADER",
                  "headerName": "X-Sensitive-Data"
                },
                "keyValueListStr": null,
                "redactionDefDetailList": [
                  {
                    "orderNum": 1,
                    "action": {
                      "actionType": "DELETE",
                      "sourceVar": {
                        "type": "HEADER",
                        "headerName": "X-Sensitive-Data"
                      }
                    }
                  }
                ]
              }
            ]
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header Value
Authorization Bearer {token}
Content-Type application/json

Path Parameters

Parameter Type Required Description
projectName string Yes Project name
apiProxyName string Yes API Proxy name
policyName string Yes Policy name

Request Body

Full JSON Body Example - Key Existence Redaction
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-redaction",
    "description": "Remove sensitive headers",
    "active": true,
    "redactionDefList": [
      {
        "redactionType": "KEY_EXISTENCE",
        "keyValueVar": {
          "type": "HEADER",
          "headerName": "X-Credit-Card"
        },
        "keyValueListStr": null,
        "redactionDefDetailList": [
          {
            "orderNum": 1,
            "action": {
              "actionType": "DELETE",
              "sourceVar": {
                "type": "HEADER",
                "headerName": "X-Credit-Card"
              },
              "sourceDataType": "STRING",
              "operator": null
            }
          }
        ]
      }
    ]
  }
}
Full JSON Body Example - Key Value Redaction with Masking
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-redaction",
    "description": "Mask credit card numbers",
    "active": true,
    "redactionDefList": [
      {
        "redactionType": "KEY_VALUE",
        "keyValueVar": {
          "type": "BODY",
          "bodyJsonPath": "$.creditCard"
        },
        "keyValueListStr": "4111111111111111,5555555555554444",
        "redactionDefDetailList": [
          {
            "orderNum": 1,
            "action": {
              "actionType": "MODIFY",
              "sourceVar": {
                "type": "BODY",
                "bodyJsonPath": "$.creditCard"
              },
              "sourceDataType": "STRING",
              "operator": "MASK",
              "maskFrom": 4,
              "maskTo": 12,
              "targetValSource": "VALUE",
              "targetVal": "****-****-****"
            }
          }
        ]
      }
    ]
  }
}
Request Body Fields
operationMetadata
Field Type Required Default Description
targetScope string Yes - Policy scope: ALL or ENDPOINT
targetEndpoint string No* - Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethod string No* - HTTP method (required if targetScope=ENDPOINT)
targetPipeline string Yes - Pipeline: REQUEST, RESPONSE, or ERROR
deploy boolean No true Whether to deploy after adding policy
deployTargetEnvironmentNameList array No [] List of environment names to deploy to
order integer No null Policy execution order (starts from 1)

Enum: targetScope

  • ALL - Policy applies to all endpoints
  • ENDPOINT - Policy applies only to specified endpoint

Enum: targetPipeline

  • REQUEST - Executes in request pipeline (redacts request data)
  • RESPONSE - Executes in response pipeline (redacts response data)
  • ERROR - Executes in error pipeline

Enum: targetEndpointHTTPMethod

  • GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
Field Type Required Default Description
type string Yes - Policy type: policy-redaction
description string No - Policy description
active boolean No true Whether policy is active
redactionDefList array Yes - List of redaction definitions (at least one required)

Note: redactionDefList must contain at least one redaction definition.

redactionDefList

Each redaction definition is an object with the following fields:

Field Type Required Default Description
redactionType string Yes - Redaction type: KEY_EXISTENCE, KEY_VALUE, USER, or ROLE
keyValueVar object No* - Variable for key matching (required for KEY_EXISTENCE and KEY_VALUE)
keyValueListStr string No* - Comma-separated list of values to match (required for KEY_VALUE)
redactionDefDetailList array Yes - List of redaction actions (at least one required)

EnumPolicyRedactionType

  • KEY_EXISTENCE - Redact if key exists (uses keyValueVar)
  • KEY_VALUE - Redact if key value matches (uses keyValueVar and keyValueListStr)
  • USER - Redact based on user context
  • ROLE - Redact based on role context

Note

  • For KEY_EXISTENCE and KEY_VALUE, keyValueVar is required.
  • For KEY_VALUE, keyValueListStr is required (comma-separated values).
  • redactionDefDetailList must contain at least one detail.
redactionDefDetailList

Each detail is an object with the following fields:

Field Type Required Default Description
orderNum integer Yes - Execution order (starts from 1)
action object Yes - Action to perform (MODIFY or DELETE)

Note: Actions are executed in orderNum order.

action

Action object with the following fields:

Field Type Required Default Description
actionType string Yes - Action type: MODIFY or DELETE
sourceVar object Yes - Source variable to redact
sourceVarBodyInjectionFieldName string No - Body injection field name
sourceDataType string No* - Source data type (required for MODIFY)
sourceTemporalFormat string No - Temporal format (if sourceDataType=TEMPORAL)
operator string No* - Modification operator (required for MODIFY)
substringFrom integer No - Substring start index (for SUBSTRING operator)
substringTo integer No - Substring end index (for SUBSTRING operator)
maskFrom integer No - Mask start index (for MASK operator)
maskTo integer No - Mask end index (for MASK operator)
replaceSource string No - Replace source pattern (for REPLACE_IN/REPLACE_WITH)
insertOffset integer No - Insert offset (for INSERT operator)
temporalOperatorTimeUnit string No - Temporal time unit (for TEMPORAL operations)
replaceFirst string No - Replace first pattern (for REPLACE_FIRST)
targetValSource string No* - Target value source (required for MODIFY)
targetVal string No* - Target value (required if targetValSource=VALUE)
targetVar object No* - Target variable (required if targetValSource=VARIABLE)
transformationContentType string No - Transformation content type
formatAllowsInvalid boolean No false Format allows invalid characters
formatValueContainsLiteralCharacters boolean No false Format value contains literal characters
formatInvalidCharacters string No - Format invalid characters
formatPlaceholder string No - Format placeholder
jsonToXmlIgnoreNull boolean No false JSON to XML ignore null
jsonToXmlIgnoreEmpty boolean No false JSON to XML ignore empty
jsonToXmlUseNullForNil boolean No false JSON to XML use null for nil
jsonToXmlUnwrapElement boolean No false JSON to XML unwrap element
xmlToJsonUnwrapElement boolean No false XML to JSON unwrap element
xmlToJsonIgnoreNull boolean No false XML to JSON ignore null
xmlToJsonIgnoreEmpty boolean No false XML to JSON ignore empty
xmlToJsonNumbersAsStrings boolean No false XML to JSON numbers as strings
xmlToJsonUseNullForNil boolean No false XML to JSON use null for nil
xmlToJsonArrayPathList array No [] XML to JSON array path list
claimJsonPath string No - JWT claim JSON path

EnumActionType

  • MODIFY - Modify the value (mask, replace, transform, etc.)
  • DELETE - Delete the value completely

EnumActionSourceDataType

  • STRING - String data type
  • NUMERIC - Numeric data type
  • TEMPORAL - Date/time data type

EnumActionSourceValueModificationOperator

  • Numeric operations: ADD, SUBTRACT, MULTIPLY, DIVIDE, MODULUS, POWER
  • String operations: CONCAT, REPLACE_IN, REPLACE_WITH, REPLACE_FIRST, SUBSTRING, MASK, FORMAT, TRANSFORM, INSERT, TRIM, ENCODE, DECODE, URL_ENCODE, URL_DECODE, EXTRACT_JWT_HEADER_CLAIM, EXTRACT_JWT_BODY_CLAIM
  • Temporal operations: ADD_TEMPORAL, SUBTRACT_TEMPORAL

EnumValueSource

  • VALUE - Use static value
  • VARIABLE - Extract from variable

EnumTransformationContentType

  • XSLT - XSLT transformation
  • JOLT - JOLT transformation
  • XML2JSON - XML to JSON conversion
  • JSON2XML - JSON to XML conversion

EnumTimeUnit

  • MILLISECOND, SECOND, MINUTE, HOUR, DAY, WEEK, MONTH, YEAR

Note

  • For DELETE action, only actionType and sourceVar are required.
  • For MODIFY action, sourceDataType, operator, and targetValSource are required.
  • Operator-specific fields (e.g., maskFrom, maskTo for MASK) are required based on the operator.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/redaction-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-redaction",
      "description": "Remove sensitive data",
      "active": true,
      "redactionDefList": [
        {
          "redactionType": "KEY_EXISTENCE",
          "keyValueVar": {
            "type": "HEADER",
            "headerName": "X-Sensitive-Data"
          },
          "redactionDefDetailList": [
            {
              "orderNum": 1,
              "action": {
                "actionType": "DELETE",
                "sourceVar": {
                  "type": "HEADER",
                  "headerName": "X-Sensitive-Data"
                }
              }
            }
          ]
        }
      ]
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header Value
Authorization Bearer {token}
Content-Type application/json

Path Parameters

Parameter Type Required Description
projectName string Yes Project name
apiProxyName string Yes API Proxy name
policyName string Yes Policy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["tester"],
    "order": 1
  },
  "policy": {
    "type": "policy-redaction",
    "description": "Updated: Remove multiple sensitive headers",
    "active": true,
    "redactionDefList": [
      {
        "redactionType": "KEY_EXISTENCE",
        "keyValueVar": {
          "type": "HEADER",
          "headerName": "X-Credit-Card"
        },
        "keyValueListStr": null,
        "redactionDefDetailList": [
          {
            "orderNum": 1,
            "action": {
              "actionType": "DELETE",
              "sourceVar": {
                "type": "HEADER",
                "headerName": "X-Credit-Card"
              },
              "sourceDataType": "STRING"
            }
          }
        ]
      },
      {
        "redactionType": "KEY_EXISTENCE",
        "keyValueVar": {
          "type": "HEADER",
          "headerName": "Authorization"
        },
        "keyValueListStr": null,
        "redactionDefDetailList": [
          {
            "orderNum": 1,
            "action": {
              "actionType": "MODIFY",
              "sourceVar": {
                "type": "HEADER",
                "headerName": "Authorization"
              },
              "targetVar": {
                "type": "HEADER",
                "headerName": "Authorization"
              },
              "sourceDataType": "STRING",
              "targetValSource": "VALUE",
              "targetValue": "[REDACTED]"
            }
          }
        ]
      }
    ]
  }
}

Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header Value
Authorization Bearer {token}
Content-Type application/json

Path Parameters

Parameter Type Required Description
projectName string Yes Project name
apiProxyName string Yes API Proxy name
policyName string Yes Policy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

Notes and Warnings

  • Redaction Type:
    • KEY_EXISTENCE - Redact if key exists
    • KEY_VALUE - Redact if key value matches list
    • USER - Redact based on user context
    • ROLE - Redact based on role context
  • Action Type:
    • DELETE - Completely remove the value
    • MODIFY - Modify the value (mask, replace, transform, etc.)
  • Order: Actions are executed in orderNum order within each redaction definition
  • Key Value List: For KEY_VALUE type, provide comma-separated values in keyValueListStr
  • Masking: Use MASK operator with maskFrom and maskTo to mask portions of values
  • Substring: Use SUBSTRING operator with substringFrom and substringTo to extract portions
  • Replace: Use REPLACE_IN, REPLACE_WITH, or REPLACE_FIRST to replace patterns
  • Transformation: Use TRANSFORM operator with transformationContentType for format conversion
  • Performance: Redaction adds processing overhead. Use for necessary data protection only.
  • Pipeline:
    • REQUEST pipeline redacts request data before forwarding
    • RESPONSE pipeline redacts response data before sending to client
  • Error Handling: Invalid redaction configuration may cause policy execution to fail
  • Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.