JSON is a key standard for REQ (request body) or RSP (response body). However, to Tealeaf a JSON REQ/RSP is still treated as a string. This makes it very hard, if not impossible, to process it correctly, such as for events or for data privacy. Of course we can do start/end string matches, but the order of JSON properties is not fixed (=not a JSON requirement). And often this requires complex regular expressions. Either solution is fragile (likely to break when the JSON has any changes), and quite heavy on Tealeaf system processing).
Instead, we have created a customer session agent (canister pipeline) that handles JSON parsing: it converts the JSON request/response body into name=value pairs, using dot notation. We have also defined a whitelist to handle data masking of any JSON property that is not in the whitelist. We do this based on the URL or TLT_URL, such that a property is only unmasked for the specified API/URL, not for any other API that "happens to" have the same property name in the JSON contract. The result of this is two new REQ sections: [jsonproperty_request] and [jsonproperty_response], using name=value pairs.
This enhancement request is to build a similar solution into Tealeaf, natively. If needed, we can demo our custom solution, to clarify what we mean.
P.S. The Tealeaf SDK data (TealeafTarget) is also JSON, and it is processed quite nicely, using step events that use dot notation as well. Our proposed solution for any other JSON REQ/RSP data is somewhat similar.
What is your industry? | Financial Markets |
What is the idea priority? | High |