IBM webMethods Hybrid Integration

IBM webMethods Hybrid Integration

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.


#TechXchangePresenter
 View Only
  • 1.  Masking criteria

    Posted Mon November 30, 2020 02:02 AM

    In API Gateway, it is allowed to define data masking such that sensitive data can be masked per application level and it is responsed to caller.

    Would like to full list of masking characters we can used in masking. Use Guide just mentions “*” and “#”, but didn’t provide explanation and full list.


    #API-Gateway
    #API-Management
    #webMethods


  • 2.  RE: Masking criteria

    Posted Mon November 30, 2020 01:56 PM

    You can specify any value you like if masking type is set to “Mask” in policy Request/Response processing:

    Masking Type: Specifies the type of masking required. You select either Mask or Filter.

    1. Selecting Mask replaces the value with the given value (the default value being ********).

    2. Selecting Filter removes the field completely.

    Mask Value: This is available if masking type selected is Mask. Provide a mask value. For example: “sold”, or any mask value like “####.”


    #API-Management
    #webMethods
    #API-Gateway


  • 3.  RE: Masking criteria

    Posted Mon November 30, 2020 08:17 PM

    Suppose an API return DOB in “yyyymmdd”. What is the correct mask value if I want certain application to see the output value as “yyyy*****” only?

    For example, if original return value is “19920406”, I would like caller to see “1992****” only.


    #API-Gateway
    #API-Management
    #webMethods


  • 4.  RE: Masking criteria

    Posted Mon November 30, 2020 08:18 PM

    would mask value be “####****”?


    #API-Gateway
    #webMethods
    #API-Management


  • 5.  RE: Masking criteria

    Posted Wed December 02, 2020 09:24 AM

    Hi Kelvin, here’s some info I received about how to achieve this.
    You can use a regex shown in the first image below to select the text part after the year and you can mask only that part with ****

    Actual response:

    Masked response:

    Note: regex will work only for text content types. If you are using json content types, use jsonpath and xpath for xml content types in response.


    #webMethods
    #API-Gateway
    #API-Management


  • 6.  RE: Masking criteria

    Posted Thu December 10, 2020 03:38 AM

    Hi Wayne, do you have any advice?


    #API-Management
    #API-Gateway
    #webMethods


  • 7.  RE: Masking criteria



  • 8.  RE: Masking criteria

    Posted Mon December 07, 2020 04:04 AM

    We try but fail to mask. Given the attached response json, suppose I want to mask details.database to keep first 4 chars but mask remaining chars, and mask details.validationQuery to keep first 2 chars such that:

    details.database → Micr************
    details.validationQuery → SE***********

    What is the proper setting in masking criteria? From your example, we can’t configure masking a particular json node in the response.


    #webMethods
    #API-Management
    #API-Gateway