Releases: speakeasy-api/speakeasy-go-sdk
Masking for sensitive data
The Speakeasy SDK now supports masking sensitive data. Details below:
Masking sensitive data
Note: this is only supported for JSON request and response bodies at the moment.
Speakeasy can mask sensitive data in the query string parameters, headers, cookies and request/response bodies captured by the SDK. This is useful for protecting against sensitive data leakage, and retaining control over the data that is captured.
Using the Advanced Configuration section above you can completely ignore certain routes by not assigning the middleware to their router, causing the SDK to not capture any requests to that router.
But if you would like to be more selective you can mask certain sensitive data using our middleware controller allowing you to mask fields as needed in different handlers:
func MyHandler(w http.ResponseWriter, r *http.Request) {
ctrl := speakeasy.MiddlewareController(req)
ctrl.Masking(speakeasy.WithRequestHeaderMask("Authorization")) // Mask the Authorization header in the request
// the rest of your handlers code
}The Masking function takes a number of different options to mask sensitive data in the request:
speakeasy.WithQueryStringMask- WithQueryStringMask will mask the specified query strings with an optional mask string.speakeasy.WithRequestHeaderMask- WithRequestHeaderMask will mask the specified request headers with an optional mask string.speakeasy.WithResponseHeaderMask- WithResponseHeaderMask will mask the specified response headers with an optional mask string.speakeasy.WithRequestCookieMask- WithRequestCookieMask will mask the specified request cookies with an optional mask string.speakeasy.WithResponseCookieMask- WithResponseCookieMask will mask the specified response cookies with an optional mask string.speakeasy.WithRequestFieldMaskString- WithRequestFieldMaskString will mask the specified request body fields with an optional mask. Supports string fields only. Matches using regex.speakeasy.WithRequestFieldMaskNumber- WithRequestFieldMaskNumber will mask the specified request body fields with an optional mask. Supports number fields only. Matches using regex.speakeasy.WithResponseFieldMaskString- WithResponseFieldMaskString will mask the specified response body fields with an optional mask. Supports string fields only. Matches using regex.speakeasy.WithResponseFieldMaskNumber- WithResponseFieldMaskNumber will mask the specified response body fields with an optional mask. Supports number fields only. Matches using regex.
Masking can also be done more globally on all routes or a selection of routes by taking advantage of middleware. Here is an example:
speakeasy.Configure(speakeasy.Config {
APIKey: "YOUR API KEY HERE", // retrieve from Speakeasy API dashboard.
ApiID: "YOUR API ID HERE", // this is an ID you provide that you would like to associate captured requests with.
VersionID: "YOUR VERSION ID HERE", // this is a Version you provide that you would like to associate captured requests with.
})
r := mux.NewRouter()
r.Use(speakeasy.Middleware)
r.Use(func (next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Mask the Authorization header in the request for all requests served by this middleware
ctrl := speakeasy.MiddlewareController(req)
ctrl.Masking(speakeasy.WithRequestHeaderMask("Authorization"))
})
})Go SDK Test Suite Parity
This release brings the Go SDK into line with our cross-language test suite for SDK output.
Fix: set correct default server address
This fixes an issue in the v1.1.0 release where the default server address for the GRPC endpoint was set incorrectly
Support SDK driven request identification to power enhanced platform capabilities
- Adds support for setting an apiID and versionID per SDK instance to allow requests to be associated with APIs in the platform unambiguously
- Adds support for extracting path hints (or providing them manually) which helps the platform associate requests with endpoints unambiguously
- Adds support for setting a customerID per request to allow requests to be filtered per API customer/user
- Adds support for limiting the size of request/response bodies capture to 1mb
- Adds support for routers and frameworks outside of gorilla mux including chi/gin/echo and the Default ServerMux
Fixes time precision
Merge pull request #11 from speakeasy-api/fix-time-precision fix: time precision
v0.0.2
Merge pull request #7 from speakeasy-api/fix-secure fix: support secure connections
v0.0.1
SDK using v1 design
v0.0.0
MVP Version