REST API Authorization logs are redacted
Question

I am currently logging some API calls and the Authorization Header is currently showing as redacted from the logs. 

Even though the 'log redaction' is set to no, is there another configuration somewhere forcing this? Is this a default feature now, and if so is there some way of overriding this?  

This happens on both exposed and consumed APIs. 

mvp_badge
MVP
Solution

Hi André!

I believe the Log Redaction option is juts foi input parameters.

Check here the documentation.


The Authorization you are seeing on the Service Center, is the Authorization Header.
The header as far as I know will be always redacted.

I assume even in this scenario that you created an Input Parameter with the Header info, and defined its Log Redaction property to yes.


In any case, just to make sure, have you update all the references and republished all the consumers of the module?


EDIT: Just to make sure, I created a sample and tested this scenario.

I sent the same info for Authorization header and TestHeader header, both with the same value on Log Redacted property, and just TestHeader was logged on Service Center when consuming an API:


So the answer is yes it is always redacted by default in consume, and I dont know a way that you can disable it.

For the expose log however, since Im not encoding in the right format it gave an error and showed the Authorization Header as well as the Test without redaction as:

Important to notice that I enabled the Full Logging for both .

The module used to test is attached.

Cheers and Regards,

RR :)

RESTAPIREDACTED.oml

Thanks I could swear this was not the case, prior to Aug21 in any case I also noticed that the Exposed APIs log the Authroization header but the Consumed APIs don't. 

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.