0

Is there a library that masks sensitive fields(encrypts with random characters) in Rest API response. The masked data should be sent back to the UI. And if UI sends the masked data back in consecutive requests, it should be again unmasked and send it to server(so that server can interpret and work correctly).

Note: I don't want to exclude the fields in response. I want to perform operation on the masked data based on user interaction on UI.

Say, If there's a credit card number in API response, this should be shown as xxxxxxyyyyyy in UI... And when UI want to send it back in a post call, it should be unmasked and sent back to server

user1717764
  • 111
  • 3
  • 12
  • What do you mean by "masked"? Typically this term refers to removing a field completely. Do you want to encrypt the field? – zr0gravity7 Jul 02 '21 at 14:26
  • yes with some random characters – user1717764 Jul 02 '21 at 14:26
  • Please elaborate, you want to encrypt it with random characters? Can you explain what this means? – zr0gravity7 Jul 02 '21 at 14:31
  • Say..If there's a credit card number in api response, this should be shown as xxxxxxxyyyy in ui... And when ui want to send it back in a post call, it should be unmasked and sent back to server – user1717764 Jul 02 '21 at 14:33
  • Short answer is that you should not be storing, let alone sending to the client any sensitive information. There are still ways you could do this, namely with tokens and and some encryption. Try researching the topic a bit. Alternatively, if you simply want to check the credit card against some value, you could just send the hash of the credit card number (e.g. SHA-256), and then hash the credit card number at the client level and check that they have the same hash. You could add salts etc. to the CC hash storage. – zr0gravity7 Jul 02 '21 at 15:36

0 Answers0