Exclude attributes
Use the exclude-attributes
statement to define a list of attributes to exclude from the HTTP response body in an inbound request or outbound response. This statement applies to permit decisions produced by custom API Access Management policies.
If your protected API is changing over time, consider using the |
Code
exclude-attributes
Payload
The payload for this statement is a JSON array of attribute names. This statement limits the attributes in the response body returned to the requester by removing attributes that are listed in the payload.
-
If an attribute has descendants, they are also removed from the response body.
-
If a single JSONPath expression represents multiple attributes, all of the represented attributes are removed from the response.
Format: [ "attribute-to-exclude", "attribute-to-exclude" ]
Example
The following payload instructs the decision service to remove the amount
attribute from the HTTP response body.
Example payload: [ "amount" ]
Original body:
{
"ID": "123456",
"amount": "999",
"type": "Savings"
}
Modified body:
{
"ID": "123456",
"type": "Savings"
}