![]() |
VOOZH | about |
App and API Protection matches known patterns for sensitive data in API requests and responses. If it finds a match, the endpoint is tagged with the category and type of sensitive data processed and displayed in API Endpoints.
The matching occurs within your application, and none of the sensitive data is sent to Datadog.
To see the supported data types (for example, payment:card), use the Schema Sensitive Data facet. You can also see the data type used in the Sensitive Data column.
By default, App and API Protection scans for PII, credentials, and payment types. Sensitive Data Detection provides API data scanners to define custom scanner data patterns beyond the defaults. These scanners improve visibility into the sensitive data of your API traffic.
In an API data scanner, you define a scanner category and type to classify API endpoints processing sensitive data (for example, health_info:patient_id). Next, you define the JSON key or value conditions that trigger the scanner.
When the scanner detects sensitive data, it tags the API endpoint with the category and type and displays it in API Endpoints.
To create an API data scanner and view its results, do the following:
category:type.category:type. Custom scanner category:type tags are also visible in the Sensitive Data column of the explorer. | |