name = Redaction Rules Example
description = Extend Hen's default safe-output masking with explicit header, capture, and body-path rules.
$ API_ORIGIN = https://api.example.com
$ API_TOKEN = secret.env("HEN_API_TOKEN")
redact_header = X-Session-Token
redact_capture = SESSION_ID
redact_body = body.session.accessToken
---
Login
POST {{ API_ORIGIN }}/login
* Authorization = Bearer {{ API_TOKEN }}
~~~ application/json
{
"username": "[[ username ]]",
"password": "[[ password ]]"
}
~~~
& body.session.id -> $SESSION_ID
# Login request succeeds
^ & status == 200
---
Get session
GET {{ API_ORIGIN }}/session
> requires: Login
* X-Session-Token = {{ SESSION_ID }}
# Returns a session access token
^ & body.session.accessToken != null
# Session request succeeds
^ & status == 200