Layer7 API Management

Expand all | Collapse all

Response Data Masking

Jump to Best Answer
  • 1.  Response Data Masking

    Posted 07-03-2017 02:28 AM



     We have a requirement to mask certain data values in response XML (which may vary) while sending back the response to service consumer. It may be achieved through #RegEx . My question is whether we should do this kind of string conversion at API gateway end or leave it to the backend service to implement since it is a business logic and string manipulation may eat up memory and response time.. What is the #bestpractice ? Please suggest.




  • 2.  Re: Response Data Masking
    Best Answer

    Posted 08-03-2017 01:01 PM



    Data transformation is a very common use case for the API Gateway, and we have many customers that use policy to mask or redact data (as you want to do) or alter the contents and format of messages before they are sent back to requestors.  This can be done using regex, as well as XSLT, in the case of XML the latter may be faster.


    There is no particular best practice for this workflow, it will come down to what makes sense for your particular data workflow, and where you feel it is best to perform this function in your environment.  Some things to consider would be the sizes of the messages that you are transforming, the number of messages that are being done, and whether or not you want to have this logic in your backend service as opposed to being abstracted into a purpose-built Gateway.


    CPU/memory usage should be a consideration, however that cost is not unique to the Gateway - if you perform this function on your service backend instead, it will consume additional resources there instead.