Use the exclude-attributes
statement to define a list of attributes to
exclude from the HTTP response body in an inbound request or outbound response. This
statement applies to permit decisions produced by custom API Access Management
policies.
If your protected API is changing over time, consider using the
include-attributes
statement instead of the
exclude-attributes
statement. The
include-attributes
statement is a safer choice that
continues to work when you add new attributes to your API.
Code
exclude-attributes
Payload
The payload for this statement is a JSON array of attribute names. This statement limits the attributes in the response body returned to the requester by removing attributes that are listed in the payload.
- If an attribute has descendants, they are also removed from the response body.
- If a single JSONPath expression represents multiple attributes, all of the represented attributes are removed from the response.
Format: [ "attribute-to-exclude", "attribute-to-exclude" ]
Example
The following payload instructs the decision service to remove the amount
attribute from the HTTP response body.
Example payload: [ "amount" ]
Original body:
{
"ID": "123456",
"amount": "999",
"type": "Savings"
}
Modified body:
{
"ID": "123456",
"type": "Savings"
}