Two enhancements are requested:

(1) UI capture masking for AjaxListener data

(2) Pipeline privacy support for AjaxListener (and general JSON) data

Currently, while the UI Capture library supports masking of page data (DOM content and Change events, etc.), application API calls captured by the AjaxListener do not have a masking feature. A masking feature is needed, similar to how Form Fields are masked... where specified name-value pairs have their values masked.

Example:

{

type": 5,

offset": 9801,

screenviewOffset": 4875,

count": 26,

fromWeb": true,

customEvent": {

"name": "ajaxListener",

"data": {

"interfaceType": "XHR",

"originalURL": "p.login.mycompany.com/api/v1/authn",

...

"request": {

"username": "MyUserID",

"password": "MyPassword123"

},

"responseHeaders": {

...

The field .sessions[0].message.customEvent.data.request.password requires masking. Ideally this Dotted Notation syntax will be flexible, to support wildcards and partial path names.

The same masking syntax is also required in the Pipeline privacy session agent for general purpose use... as currently masking often requires complicated regular expressions.

This is made more complicated as a target ID may have both a "currState" and "prevState" value that require masking, in both the [RequestBody] and [RawRequest] sections. Multiple masking rules may therefore be required for each field to be masked.