name = Redaction Rules Example
description = Extend Hen's default safe-output masking with explicit header, capture, and body-path rules.
$ API_ORIGIN = https://lorem-api.com/api
$ API_TOKEN = secret.file("./secrets/demo_client_id.txt")
redact_header = X-Session-Token
redact_capture = SESSION_ID
redact_body = body.session.accessToken
---
Login
POST {{ API_ORIGIN }}/echo
* Authorization = Bearer {{ API_TOKEN }}
~~~ application/json
{
"username": "hen",
"password": "demo-password",
"session": {
"id": "session-hen-demo",
"accessToken": "access-hen-demo-token"
}
}
~~~
& body.session.id -> $SESSION_ID
# Login request succeeds
^ & status == 200
---
Get session
POST {{ API_ORIGIN }}/echo
> requires: Login
* X-Session-Token = {{ SESSION_ID }}
~~~ application/json
{
"session": {
"id": "{{ SESSION_ID }}",
"accessToken": "{{ API_TOKEN }}"
}
}
~~~
# Returns a session access token
^ & body.session.accessToken != null
# Session request succeeds
^ & status == 200