There is a requirement to mask the PII data before logging the response from the backend API. Can I write some custom code or use any policy to mask data? Please guide.
You may want to look at Audit Message Filter (AMF) Policy outlined here in the documentation to mask the data being logged. Internal Use Policies - CA API Gateway - 9.2 - CA Technologies Documentation
Director, CA Support
Thanks for the response.
We have verified the AMF policy, in that we are able to encode the complete response before logging it.
Do we have the option to selectively mask a part of the response? Can I write a Java Script to do it?
For example, in a JSON response, we would like to mask the data of a field called phone-number to XXXXX.
You should be able to add in regular expressions and such to convert the values to whatever text you like.