Use the regex-replace-attributes
statement to use regular expressions to
search for and replace attribute values in the HTTP response body in an inbound
request or outbound response. This statement applies to permit decisions produced by
custom API Access Management policies.
Code
regex-replace-attributes
Payload
The payload for this statement is a JSON object that contains key-value pairs, or an array of JSON objects. Each JSON object represents a single replacement operation and has up to four keys:
path
: Optional. A JSONPath expression that represents the nodes to search under. The expression can point to objects, arrays, or strings in the body.regex
: Required. The regular expression used to find the attribute values to replace.replace
: Required. The regex replacement string used to replace the attribute value with a new value.flags
: Optional. A string that contains any of the following recognized regex flags:i
: Performs case-insensitive matching.l
: Interprets theregex
key’s value as a literal string.c
: Performs canonical equivalence matching.
You can combine flags. For example: “
il
”.
The decision service replaces any portion of the attribute value that matches the regular
expression in the regex
key’s value in accordance with the
replace
key’s replacement string. If multiple substrings in the
attribute value match the regular expression, the decision service replaces all
occurrences.
The regular expression and replacement string must be valid, as described in the API
documentation for the java.util.regex.Pattern
class,
including support for capture groups.
Format: { "path": "$.jsonPath", "regex": "regex", "replace":
"replacement-value" }
Example 1
The following payload instructs the decision service to replace the account type
Savings
with the account type
PremierSavings
.
Example payload:
{
"path":"$.type",
"regex":"^S[a-z]+s$",
"replace":"PremierSavings"
}
Original body:
{
"ID": "123456",
"amount": "999",
"type": "Savings"
}
Modified body:
{
"ID": "123456",
"amount": "999",
"type":"PremierSavings"
}
Example 2
The following payload instructs the decision service to mask the social security number.
Example payload:
{
"regex": "\\\\d{3}-\\\\d{2}-(\\\\d{4})",
"replace": "XXX-XX-$1"
}
As an alternative, you can use a different regular expression to do the same thing:
{
"regex": "[0-9]{3}-[0-9]{2}-([0-9]{4})",
"replace": "XXX-XX-$1"
}
Original body:
{
"name": "Jacob Andrews",
"age": "39",
"SSN": "123-45-6789"
}
Modified body:
{
"name": "Jacob Andrews",
"age": "39",
"SSN": "XXX-XX-6789"
}