Data Sanitization

Overview

The Zipy Flutter SDK includes powerful data sanitization features to protect sensitive information in your network requests and responses. You can configure what to sanitize, how deep to scrub nested objects, and which keys or headers to target.

Default Behavior

1. Sanitizes both payloads and responses

2. Sanitizes up to 3 levels deep in nested objects

3. Scrubs the following sensitive keys

password, secret, passwd, api_key, apikey, access_token, auth, credentials, mysql_pwd,
stripetoken, cardnumber

1. Sanitizes the following headers

authorization, auth, auth-token

The scrubbing level determines how deep the sanitization process goes into nested objects.

{
  "user": {                    // Level 1
    "details": {               // Level 2
      "password": "secret123"  // Will be scrubbed
    },
    "preferences": {           // Level 2
      "settings": {            // Level 3
        "api_key": "xyz123"    // Won't be scrubbed
      }
    }
  }
}

To modify scrubbing level or add your own keys contact us support@zipy.ai

How sanitization works

1. When a key matches one in the scrubbing list (case-insensitive), its value is replaced with "xxxx"

2. For headers in the sanitization list, their values are replaced with "xxxx"

3. Both request payloads and responses are sanitized if enabled

Example

Original Request:

{
  "user": {
    "name": "John",
    "password": "secret123",
    "payment": {
      "cardnumber": "4111-1111-1111-1111",
      "details": {
        "api_key": "xyz123"
      }
    }
  }
}

Sanitized Request:

{
  "user": {
    "name": "John",
    "password": "xxxx",
    "payment": {
      "cardnumber": "xxxx",
      "details": {
        "api_key": "xxxx"
      }
    }
  }
}