Hiding certain data from api response

ta-yuhyeon · November 21, 2024, 4:47pm

Hi,

i have an api users that has the following permissions:

object ApiUser "fundamentals-api-user" {
   password = "xxxxxxxx"
   permissions = [
        {
                permission = "objects/query/*"
                filter = {{ "services-fundamentals" in service.groups }}
        }
   ]
}

the api call that im trying to make is the following:
https://icingapoc:5665/v1/objects/services

what i receive are just the services that has “service-fundamentals” in the service group but all of these services have some sensitive data like username and password, when calling the api it shows the password and username, is there any way to hide those credentials? when navigating in the webui the credentials are hidden but when making api calls they are not.

rivad · November 22, 2024, 10:45am

The webui is a proxy for the API and the DB that has a filter for sensitive data, that you can edit. If I would be in your shoes, I would try to write a proxy that uses the same filter definition to search for keys in the API answers and replaces the values with ***** before sending them along.