Redacting info from REST API logs does not work: any ideas?
Service Studio Version
11.50.9 (Build 46968)
Platform Version
11.13.0 (Build 31107)

Hi, 

in order to hide sensitive data from the logs of a consumed REST API, I would like to redact information passed either in the URL or as an http header. According to the documentation (see: https://success.outsystems.com/Documentation/11_x_platform/Extensibility_and_Integration/REST/Consume_REST_APIs/Redacting_information_from_REST_API_logs), this should be a matter of setting the property "Log Redaction" of the corresponding input parameter of the consumed REST API method to Yes. Unfortunately, this does not seem to work as (I) expected.

I expected that after doing this, even if the log level of the consumed REST API is set to Full, that the content passed in that parameter would not visible in the integration log details of the consumed REST API. This is not the case though. Irrespectively of whether "Log Redaction" property is set to yes or to no, the content of that parameter is always present in the logs. Is this a bug or am I missing some extra setting or configuration that I should be doing? 

I did the tests in my personal environment running version 11.13.0 (build 31107) of the platform server. The same test was done in a non-personal cloud environment running version 11.10.4 (build 29633) of the platform server.

You can find attached a small application with the setup I mentioned. Just set the log level of the consumed REST API to full before pressing the test button in the home page. Check in the integration logs to see whether you see the content of the api-key http header showing up in the detailed log of the consumer REST API.

Thanks for your time.


Example of the detailed log I am obtaining in this test application:

  

LogRedaction.oap

Yes agree

We checked our platform and found the same problem(Log Redaction Yes & No). For this we need to raise the ticket to outsystems otherwise we will have to face problems in IT audit.

Thanks Pedro address and post here the issue.

Regards,

Shahaji

mvp_badge
MVP

Hi Pedro,

Looks like a bug in the platform. Did you republish the module with the API after the service center configuration change, and checked if the problem then still exists?

Regards,

Daniel

Yes agree

We checked our platform and found the same problem(Log Redaction Yes & No). For this we need to raise the ticket to outsystems otherwise we will have to face problems in IT audit.

Thanks Pedro address and post here the issue.

Regards,

Shahaji

I guess I'll have to report it also to OutSystems then. Thank you all for checking my suspicion.

Kind regards!

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.