Redact sensitive data
Last updated
Last updated
Redacting data in API security is critical to protect sensitive information from unauthorized access. It allows businesses to comply with data privacy regulations and prevent potential data breaches. By enabling granular redaction controls, you can specify exactly what data to hide, reducing the risk of exposing sensitive data to Akto dashboard users.
You can redact data at multiple levels -
Note that redacting data affects security testing. Because we aren't storing values, most likely the API can't be replayed and hence can't be tested.
Once redact is on, Akto processes API calls, but doesn't store the values. You can expect to see {"name": "*****", password: "*****"}
for the APIs. If redact is on for an API collection, Akto won't show sample API calls as well.
Go to API Discovery > Sensitive data. Select the data type and click on Edit
. Scroll down and set the Redact this data type to either True
or False
.
Open the API collection where you want to redact values. Click on More options at the top and select Redact
. Click on Enable on the confirmation dialog box.
Go to Settings > About . Click on redact data
. This will hide all values in all the API calls.