Skip to content

Hiding Sensitive Information

We need to configure ScanAPI in order to hide the sensitive information of /login in our report. Create a configuration file scanapi.conf in root directory with the following content:

report:
  hide_request:
    body:
      - password
  hide_response:
    body:
      - key

The folder structure should look like this now:

- scanapi (root directory)
|── .env
|── scanapi-report.html
|── scanapi.conf
|___  scanapi.yaml

Let's run ScanAPI again and reload the report:

$ scanapi run

Hidden Credentials

Hidden key

Note that all sensitive fields are properly hidden now. Great, so let's make some authenticated requests using the Authentication Token you received in the /login response.