Monday, 14 January 2019

Redaction policy in Oracle API Cloud Service

Oracle API CS offers an inbuilt feature to limit or remove the certain fields and headers which is the part of request and response payload. This policy is called Redaction policy. The policy can be used in both request and response pipeline.

In the request pipeline, headers, queries and payload content can be controlled before the backend service is invoked. Similarly, in the response pipeline, headers, queries and payload content can be controlled before the response sent to the consumer.

Let's see how to apply the redaction policy in request and response pipeline separately.

To complete this article, we'll assume one service is already configured in the Oracle API CS. If not, kindly follow the blog

Let suppose, one API configured is in the API CS with the below request and response:

Request URL:

https://189.11.11.13:8443/redact

HTTP Verb: GET

Parameter / Header

Parameter / Header
Description
empi
This is of query parameter of string type
key
This is custom request header of string type

Response:

{
    "Employee": {
        "Name": "Ankur",
        "EmployeeID": "122",
        "key": "12"
    }
}


For the particular API, We'll exclude the request header (key) and Employee.Name node from the response one by one using Redaction policy.

Configure the Redaction policy in the Request pipeline
  • Click the API implementation tab of the API
  • Move to the Request pipeline
  • In the Available Policies region, expand Interface Management, hover over Redaction, and then click Apply
  • Enter below information and click the Next button
    • Your Policy Name: Enter the policy name of your choice
    • Comments: Enter comment
    • Place after the following policy: Select the policy after which this policy is placed
  • Select Exclude from the Headers section and enter key in the Header name then click Apply button
  • Click Save to save the changes and redeploy the API
  • Hit the API, pass custom header(key) and see the response, key value will be blank in response as request key header is directly mapped with the key of the response payload

Configure the Redaction policy in the Response pipeline
  • Click the API implementation tab of the API
  • Move to the Response pipeline
  • In the Available Policies region, expand Interface Management, hover over Redaction, and then click Apply
  • Enter below information and click the Next button
    • Your Policy Name: Enter the policy name of your choice
    • Comments: Enter comment
    • Place after the following policy: Select the policy after which this policy is placed

  • Select Exclude from the Field section and enter Employee.Name in the Field name then click Apply button
  • Click Save to save the changes and redeploy the API
  • Hit the API and see the Employee.Name should not come as part of the response

3 comments:

  1. Hi Ankur,

    Can you tell me when I am getting data in my response payload does this store anywhere in ICS/OIC/AIC. If yes then where and how i configure so that it will not store my response payload data. And also in OIC I am having purge option can you help me out what this purge actual mean.

    Regards,
    Fazle Rub

    ReplyDelete
  2. Hi Ankur,

    I have requirement of integrating OIC with on prem weblogic JMS queue.
    Can you please throw some lights on how to configure OIC for reading/publishing message to on-premise weblogic JMS queue.

    Thanks
    Veeresh

    ReplyDelete
  3. Hi,this is Very Nice information Regarding your Software Company and Beautiful Blog Also. So Np compete Also one of the Ios, Android, Java, Devops, UX, Ui, Chat Bot, Company in ChennaiIf you want any job Regarding above Positions,, Please give to Your Queries and send your Resume Back to this mail: sales@npcompete.com

    ReplyDelete