Questa funzionalitร ti consente di oscurare i dati prima di inviarli come parte del payload di analisi.
Con questa funzionalitร , Apigee utilizza SHA512 per eseguire l'hashing del valore originale prima di comunicare dal piano di runtime al piano di controllo.
Procedura
Attiva questa funzionalitร impostando features.analytics.data.obfuscation.enabled su
true.
Con l'oscuramento abilitato, Apigee Hybrid eseguirร l'hashing dei seguenti campi con SHA512 nel piano di runtime prima di inviare le informazioni al backend di analisi:
client_id
client_ip
developer_email
proxy_client_ip
proxy_pathsuffix
request_urirequest_path
target_basepath
target_url
x_forwarded_for_ip
x-apigee.edge.true_client_ip
x-apigee.intelligence.client_ip_header
Apigee Hybrid eseguirร l'hash dei seguenti valori di dimensione nei report di analisi personalizzati:
I risultati offuscati vengono visualizzati nella dashboard di analisi ibrida di Apigee. Potrebbero essere necessari diversi
minuti prima che i risultati sottomessi ad hashing vengano visualizzati nell'interfaccia utente.
Esempio
L'esempio seguente mostra i dati prima e dopo l'oscuramento:
// JSON data sent to AX before obfuscating{"proxy_basepath":"/APP_NAME","x-apigee.edge.execution.stats.request_flow_endtimestamp":1582770652814,"apiproxy":"APP_NAME","x-apigee.edge.is_policy_error":0,"client_sent_start_timestamp":1582770652817,"x-apigee.edge.is_target_error":0,"client_received_start_timestamp":1582770652813,"client_ip":"10.10.0.99","is_error":false,"x-apigee.edge.stats.steps":"{\"JS1.0\":1}","request_size":0,"x-apigee.intelligence.client_ip_header":"10.10.0.99","virtual_host":"default","x-apigee.edge.mp_host":"mp","sla":false,"x-apigee.intelligence.service":"{}","client_sent_end_timestamp":1582770652817,"request_uri":"/APP_NAME","proxy":"default","proxy_client_ip":"10.10.0.99","x-apigee.edge.dn.region":"dc-1","apigee.edge.execution.is_apigee_fault":0,"x-apigee.edge.target.latency.stats":"{\"targetList\":[]}","useragent":"Apache-HttpClient/4.3.6 (java 1.5)","proxy_pathsuffix":"","x-apigee.edge.execution.stats.request_flow_start_timestamp":1582770652814,"x_forwarded_for_ip":"10.10.0.99","x_forwarded_proto":"http","response_status_code":200,"request_verb":"GET","x-apigee.edge.execution.stats.response_flow_end_timestamp":1582770652816,"gateway_source":"message_processor","environment":"env_82hw","client_received_end_timestamp":1582770652814,"organization":"Org_1582769880344","x-apigee.edge.execution.stats.response_flow_start_timestamp":1582770652814,"request_path":"/APP_NAME","gateway_flow_id":"rt-8644-188-1","apiproxy_revision":"1"}
// JSON data sent to AX after obfuscating{"proxy_basepath":"/APP_NAME","x-apigee.edge.execution.stats.request_flow_endtimestamp":1582749361836,"apiproxy":"APP_NAME","x-apigee.edge.is_policy_error":0,"client_sent_start_timestamp":1582749361884,"x-apigee.edge.is_target_error":0,"client_received_start_timestamp":1582749361790,"client_ip":"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445","is_error":false,"x-apigee.edge.stats.steps":"{\"JS1.0\":30}","request_size":0,"x-apigee.intelligence.client_ip_header":"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445","virtual_host":"default","x-apigee.edge.mp_host":"mp","sla":false,"x-apigee.intelligence.service":"{}","client_sent_end_timestamp":1582749361886,"request_uri":"0176937d9c4a33094d3c3f38ac8b15fa05dd6380a6bb544e4002c98de9f27bdbfea754901b0acb487f4980b09f7d312ad1e7027b96b2c8bfd8b9c24e833fbb5a","proxy":"default","proxy_client_ip":"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445","x-apigee.edge.dn.region":"dc-1","apigee.edge.execution.is_apigee_fault":0,"x-apigee.edge.target.latency.stats":"{\"targetList\":[]}","useragent":"Apache-HttpClient/4.3.6 (java 1.5)","proxy_pathsuffix":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","x-apigee.edge.execution.stats.request_flow_start_timestamp":1582749361833,"x_forwarded_for_ip":"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445","x_forwarded_proto":"http","response_status_code":200,"request_verb":"GET","x-apigee.edge.execution.stats.response_flow_end_timestamp":1582749361874,"gateway_source":"message_processor","environment":"env_xj25","client_received_end_timestamp":1582749361821,"organization":"Org_1582749068984","x-apigee.edge.execution.stats.response_flow_start_timestamp":1582749361836,"request_path":"0176937d9c4a33094d3c3f38ac8b15fa05dd6380a6bb544e4002c98de9f27bdbfea754901b0acb487f4980b09f7d312ad1e7027b96b2c8bfd8b9c24e833fbb5a","gateway_flow_id":"rt-6290-57-1","apiproxy_revision":"1"}
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema รจ stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-08-21 UTC."],[[["\u003cp\u003eThis document explains how to enable data obfuscation in Apigee hybrid 1.2 and newer, using SHA512 to hash sensitive data before sending it to the analytics backend.\u003c/p\u003e\n"],["\u003cp\u003eEnabling obfuscation involves setting the \u003ccode\u003efeatures.analytics.data.obfuscation.enabled\u003c/code\u003e property to \u003ccode\u003etrue\u003c/code\u003e in the environment's property settings, using a \u003ccode\u003ePUT\u003c/code\u003e request with the entire environment property set.\u003c/p\u003e\n"],["\u003cp\u003eOnce enabled, a list of fields, including \u003ccode\u003eclient_id\u003c/code\u003e, \u003ccode\u003eclient_ip\u003c/code\u003e, and \u003ccode\u003edeveloper_email\u003c/code\u003e, among others, are hashed at the runtime plane, and the corresponding dimensions in custom analytics reports are also obfuscated.\u003c/p\u003e\n"],["\u003cp\u003eObfuscated results will appear in the Apigee hybrid analytics dashboard, although there may be a delay of a few minutes, and unhashed data will be displayed for data sent before enabling or after disabling the feature.\u003c/p\u003e\n"],["\u003cp\u003eThe provided JSON example showcases the difference between the data sent to the analytics engine before and after obfuscation, highlighting how sensitive information is replaced with SHA512 hashes.\u003c/p\u003e\n"]]],[],null,["# Obfuscating user data for analytics\n\n| You are currently viewing version 1.3 of the Apigee hybrid documentation. **This version is end of life.** You should upgrade to a newer version. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nThis feature allows you to obscure data before sending it as part of the analytics payload.\nWith this feature, Apigee uses SHA512 to hash the original value before communicating from the runtime\nplane to the control plane.\n| This feature is for Apigee hybrid 1.2 and newer only.\n\nProcedure\n---------\n\nEnable this feature by setting `features.analytics.data.obfuscation.enabled` to **true**.\nWhen using `PUT`, be careful to include the entire set of properties for your environment. PUT overwrites the entire property set each time you issue it. \n\n```\ncurl -v -X PUT \\\n https://apigee.googleapis.com/v1/organizations/YOUR_ORG_NAME/environments/YOUR_ENV_NAME \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $TOKEN\" \\\n -d '{\n \"name\" : \"YOUR_ENV_NAME\",\n \"properties\" : {\n \"property\" : [ {\n \"name\" : \"features.analytics.data.obfuscation.enabled\",\n \"value\" : \"true\"\n },]\n }\n}'\n```\n\n\nWith obfuscation enabled, Apigee hybrid will hash the following fields with SHA512 at the runtime plane before\nsending the information to analytics backend:\n\n- client_id\n- client_ip\n- developer_email\n- proxy_client_ip\n- proxy_pathsuffix\n- request_urirequest_path\n- target_basepath\n- target_url\n- x_forwarded_for_ip\n- x-apigee.edge.true_client_ip\n- x-apigee.intelligence.client_ip_header\n\nApigee hybrid will hash the following dimension values in custom analytics reports:\n\n- Client ID\n- Client IP Address\n- Developer Email\n- Proxy Client IP\n- Proxy Path Suffix\n- Referred Client IP\n- Request Path\n- Request URI\n- Resolved Client IP\n- Target Base Path\n- Target URL\n- X Forwarded For\n\nSee [Analytics metrics, dimensions, and filters reference](https://docs.apigee.com/api-platform/analytics/analytics-reference#dimensions) for detailed descriptions of analytics dimensions.\n\nViewing obfuscated results\n--------------------------\n\n\nThe obfuscated results display in the Apigee hybrid analytics dashboard. It may take several\nminutes before you see the hashed results in the UI.\n\n| **Note:** Analytics reports will display unhashed data communicated from the runtime plane before you enabled obfuscating or after you disable it. \n\nExample\n-------\n\n\nThe following example shows the data before and after obfuscating: \n\n```scilab\n// JSON data sent to AX before obfuscating\n{\n \"proxy_basepath\":\"/APP_NAME\",\n \"x-apigee.edge.execution.stats.request_flow_endtimestamp\":1582770652814,\n \"apiproxy\":\"APP_NAME\",\n \"x-apigee.edge.is_policy_error\":0,\n \"client_sent_start_timestamp\":1582770652817,\n \"x-apigee.edge.is_target_error\":0,\n \"client_received_start_timestamp\":1582770652813,\n \"client_ip\":\"10.10.0.99\",\n \"is_error\":false,\n \"x-apigee.edge.stats.steps\":\"{\\\"JS1.0\\\":1}\",\n \"request_size\":0,\n \"x-apigee.intelligence.client_ip_header\":\"10.10.0.99\",\n \"virtual_host\":\"default\",\n \"x-apigee.edge.mp_host\":\"mp\",\n \"sla\":false,\n \"x-apigee.intelligence.service\":\"{}\",\n \"client_sent_end_timestamp\":1582770652817,\n \"request_uri\":\"/APP_NAME\",\n \"proxy\":\"default\",\n \"proxy_client_ip\":\"10.10.0.99\",\n \"x-apigee.edge.dn.region\":\"dc-1\",\n \"apigee.edge.execution.is_apigee_fault\":0,\n \"x-apigee.edge.target.latency.stats\":\"{\\\"targetList\\\":[]}\",\n \"useragent\":\"Apache-HttpClient/4.3.6 (java 1.5)\",\n \"proxy_pathsuffix\":\"\",\n \"x-apigee.edge.execution.stats.request_flow_start_timestamp\":1582770652814,\n \"x_forwarded_for_ip\":\"10.10.0.99\",\n \"x_forwarded_proto\":\"http\",\n \"response_status_code\":200,\n \"request_verb\":\"GET\",\n \"x-apigee.edge.execution.stats.response_flow_end_timestamp\":1582770652816,\n \"gateway_source\":\"message_processor\",\n \"environment\":\"env_82hw\",\n \"client_received_end_timestamp\":1582770652814,\n \"organization\":\"Org_1582769880344\",\n \"x-apigee.edge.execution.stats.response_flow_start_timestamp\":1582770652814,\n \"request_path\":\"/APP_NAME\",\n \"gateway_flow_id\":\"rt-8644-188-1\",\n \"apiproxy_revision\":\"1\"\n}\n``` \n\n```scilab\n// JSON data sent to AX after obfuscating\n{\n \"proxy_basepath\":\"/APP_NAME\",\n \"x-apigee.edge.execution.stats.request_flow_endtimestamp\":1582749361836,\n \"apiproxy\":\"APP_NAME\",\n \"x-apigee.edge.is_policy_error\":0,\n \"client_sent_start_timestamp\":1582749361884,\n \"x-apigee.edge.is_target_error\":0,\n \"client_received_start_timestamp\":1582749361790,\n \"client_ip\":\"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445\",\n \"is_error\":false,\n \"x-apigee.edge.stats.steps\":\"{\\\"JS1.0\\\":30}\",\n \"request_size\":0,\n \"x-apigee.intelligence.client_ip_header\":\"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445\",\n \"virtual_host\":\"default\",\n \"x-apigee.edge.mp_host\":\"mp\",\n \"sla\":false,\n \"x-apigee.intelligence.service\":\"{}\",\n \"client_sent_end_timestamp\":1582749361886,\n \"request_uri\":\"0176937d9c4a33094d3c3f38ac8b15fa05dd6380a6bb544e4002c98de9f27bdbfea754901b0acb487f4980b09f7d312ad1e7027b96b2c8bfd8b9c24e833fbb5a\",\n \"proxy\":\"default\",\n \"proxy_client_ip\":\"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445\",\n \"x-apigee.edge.dn.region\":\"dc-1\",\n \"apigee.edge.execution.is_apigee_fault\":0,\n \"x-apigee.edge.target.latency.stats\":\"{\\\"targetList\\\":[]}\",\n \"useragent\":\"Apache-HttpClient/4.3.6 (java 1.5)\",\n \"proxy_pathsuffix\":\"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e\",\n \"x-apigee.edge.execution.stats.request_flow_start_timestamp\":1582749361833,\n \"x_forwarded_for_ip\":\"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445\",\n \"x_forwarded_proto\":\"http\",\n \"response_status_code\":200,\n \"request_verb\":\"GET\",\n \"x-apigee.edge.execution.stats.response_flow_end_timestamp\":1582749361874,\n \"gateway_source\":\"message_processor\",\n \"environment\":\"env_xj25\",\n \"client_received_end_timestamp\":1582749361821,\n \"organization\":\"Org_1582749068984\",\n \"x-apigee.edge.execution.stats.response_flow_start_timestamp\":1582749361836,\n \"request_path\":\"0176937d9c4a33094d3c3f38ac8b15fa05dd6380a6bb544e4002c98de9f27bdbfea754901b0acb487f4980b09f7d312ad1e7027b96b2c8bfd8b9c24e833fbb5a\",\n \"gateway_flow_id\":\"rt-6290-57-1\",\n \"apiproxy_revision\":\"1\"\n}\n```"]]
