Data Redaction
Configure header, body, JSON, and XML redaction for captured network traffic.
Data Redaction
WormaCeptor provides two levels of redaction configuration.
Global Redaction
Configure via WormaCeptorApi.redactionConfig. Applies to all captured traffic (OkHttp, Ktor, and future HTTP clients):
WormaCeptorApi.redactionConfig
.redactHeader("Authorization")
.redactHeader("Cookie")
.redactHeader("X-Api-Key")
.redactJsonValue("password")
.redactJsonValue("token")
.redactXmlValue("apiKey")
.redactBody("api_key=\\w+") // Regex pattern
.replacement("[REDACTED]") // Custom replacement text| Method | Description |
|---|---|
redactHeader(name: String) | Redact header values by name (case-insensitive) |
redactBody(pattern: String) | Redact body content matching a regex |
redactJsonValue(key: String) | Redact JSON values by key |
redactXmlValue(tag: String) | Redact XML element content by tag |
replacement(text: String) | Set custom replacement text (default: "********") |
Per-Interceptor Redaction (OkHttp)
The OkHttp interceptor's redactHeader(), redactBody(), redactJsonValue(), and redactXmlValue() methods delegate to the global WormaCeptorApi.redactionConfig. This means:
- Redaction rules set on the interceptor also affect Ktor traffic
- For OkHttp-only redaction, configure the global config after Ktor plugin installation
Per-Plugin Redaction (Ktor)
The Ktor plugin config's redaction methods also delegate to WormaCeptorApi.redactionConfig, so they behave identically.
How Redaction Works
- Headers: The header value is replaced entirely with the replacement text
- JSON values:
"password":"secret"becomes"password":"********" - XML values:
<apiKey>secret</apiKey>becomes<apiKey>********</apiKey> - Body patterns: The entire regex match is replaced with the replacement text