Logs & Data Masking

Moveworks masks data being logged in your API requests. When redacting, we leave the first and last character of sensitive information intact, and substitute the inner contents with a fixed number of ***** characters.

All headers are partially redacted For example

Copy

Copied

Authorization: Bearer SECRET_TOKEN
Content-Type: application/json

Will be redacted as

Copy

Copied

Authorization: B*****N
Content-Type: a*****n

Query parameters are partially value-redacted For example

Copy

Copied

example.com/api/action?param1=value1&param2=longerValue2

Will be redacted as

Copy

Copied

example.com/api/action?param1=v*****1&param2=l*****2

JSON request bodies are partially value-redacted For example

Copy

Copied

{
    "name": "John",
    "password": "secret",
    "info": {
        "email": "john@example.com",
        "phones": [
            "123-456-7890",
            "987-654-3210"
        ]
    }
}

Would be redacted as

Copy

Copied

{
    "name": "J*****n",
    "password": "s*****t",
    "info": {
        "email": "j*****m",
        "phones": [
            "1*****0",
            "9*****0"
        ]
    }
}

Non-JSON request bodies are fully redacted For example
Copy

Copied
```
urlencodedKeyA=valueA&urlencodedKeyB=valueB
```
Would be redacted as
Copy

Copied
```
<REDACTED>
```
The API endpoint is not redacted. You will be able to see the original base URL & the path.
The API response is not redacted. You will be able to see the full result data returned.