Data Sanitization

Sanitizing sensitive information in payloads, responses, and headers

Overview

The Zipy Flutter SDK includes powerful data sanitization features to protect sensitive information in your network requests and responses. You can configure what to sanitize, how deep to scrub nested objects, and which keys or headers to target.

Default Behavior

Sanitizes both payloads and responses
Sanitizes up to 3 levels deep in nested objects
Scrubs the following sensitive keys

password, secret, passwd, api_key, apikey, access_token, auth, credentials, mysql_pwd,
stripetoken, cardnumber

Sanitizes the following headers

authorization, auth, auth-token

The scrubbing level determines how deep the sanitization process goes into nested objects.

{
  "user": {                    // Level 1
    "details": {               // Level 2
      "password": "secret123"  // Will be scrubbed
    },
    "preferences": {           // Level 2
      "settings": {            // Level 3
        "api_key": "xyz123"    // Won't be scrubbed
      }
    }
  }
}

To modify scrubbing level or add your own keys contact us [email protected]

How sanitization works

When a key matches one in the scrubbing list (case-insensitive), its value is replaced with "xxxx"
For headers in the sanitization list, their values are replaced with "xxxx"
Both request payloads and responses are sanitized if enabled

Example

Original Request:

{
  "user": {
    "name": "John",
    "password": "secret123",
    "payment": {
      "cardnumber": "4111-1111-1111-1111",
      "details": {
        "api_key": "xyz123"
      }
    }
  }
}

Sanitized Request:

{
  "user": {
    "name": "John",
    "password": "xxxx",
    "payment": {
      "cardnumber": "xxxx",
      "details": {
        "api_key": "xxxx"
      }
    }
  }
}

PreviousSession Recording Control NextiOS Setup

Last updated 9 months ago

hashtagOverview

hashtagDefault Behavior

hashtagHow sanitization works

hashtagExample

Overview

Default Behavior

How sanitization works

Example