PingOne

Regex replace attributes

Use the regex-replace-attributes statement to use regular expressions to search for and replace attribute values in the HTTP response body in an inbound request or outbound response. This statement applies to permit decisions produced by custom API Access Management policies.

Screen capture showing the Regex Replace Attributes statement, including the statement name, description, code, payload, and the kinds of decisions the statement applies to.

Code

regex-replace-attributes

Payload

The payload for this statement is a JSON object that contains key-value pairs, or an array of JSON objects. Each JSON object represents a single replacement operation and has up to four keys:

  • path: Optional. A JSONPath expression that represents the nodes to search under. The expression can point to objects, arrays, or strings in the body.

  • regex: Required. The regular expression used to find the attribute values to replace.

  • replace: Required. The regex replacement string used to replace the attribute value with a new value.

  • flags: Optional. A string that contains any of the following recognized regex flags:

    • i: Performs case-insensitive matching.

    • l: Interprets the regex key’s value as a literal string.

    • c: Performs canonical equivalence matching.

    You can combine flags. For example: “il”.

The decision service replaces any portion of the attribute value that matches the regular expression in the regex key’s value in accordance with the replace key’s replacement string. If multiple substrings in the attribute value match the regular expression, the decision service replaces all occurrences.

The regular expression and replacement string must be valid, as described in the API documentation for the java.util.regex.Pattern class, including support for capture groups.

Format: { "path": "$.jsonPath", "regex": "regex", "replace": "replacement-value" }

Example 1

The following payload instructs the decision service to replace the account type Savings with the account type PremierSavings.

Example payload:

{
"path":"$.type",
"regex":"^S[a-z]+s$",
"replace":"PremierSavings"
}

Original body:

{
"ID": "123456",
"amount": "999",
"type": "Savings"
}

Modified body:

{
"ID": "123456",
"amount": "999",
"type":"PremierSavings"
}

Example 2

The following payload instructs the decision service to mask the social security number.

Example payload:

{
"regex": "\\\\d{3}-\\\\d{2}-(\\\\d{4})",
"replace": "XXX-XX-$1"
}

As an alternative, you can use a different regular expression to do the same thing:

{
"regex": "[0-9]{3}-[0-9]{2}-([0-9]{4})",
"replace": "XXX-XX-$1"
}

Original body:

{
"name": "Jacob Andrews",
"age": "39",
"SSN": "123-45-6789"
}

Modified body:

{
"name": "Jacob Andrews",
"age": "39",
"SSN": "XXX-XX-6789"
}