You can configure a privacy policy for a managed API or custom API to protect private information that is contained in API data.
API Manager can issue warnings or block API requests and responses if the request or response payload contains the following information:
•Credit card number
•Email address
•IP address
•United States address
•United States phone number
•United States Social Security number
You can select different actions for requests and responses.
If you configure the policy to issue a warning or block requests and responses that contain certain types of information, API Manager logs an event in the event log when it receives requests and responses that contain information of that type.
For more information about the event log, see Event log.
Configuring a privacy policy for an API
Configure a privacy policy for a managed API or custom API on the Privacy tab of the API details window to protect private information that is contained in API data.
1On the API Registry page, click to open the Actions menu of the API and select View Details.
The API details window appears.
2Select the Privacy Policy tab.
3Select Enable privacy policy.
4 For each type of information that you want to protect, select the action to take for requests and for responses. You can select different actions for requests and responses.
Select one of the following actions:
- Warning. Issue a warning message in the event log that there was a privacy policy leakage in the request or the response. Don't block the request or response.
- Block. Block the request or response and issue a warning message in the event log that the message was blocked because of a potential privacy policy breach in the request or the response.