Skip to main content
Foveus applies redaction to help protect sensitive data before telemetry is stored or indexed. Redaction is used when the SDK captures request context, response context, headers, exception context, logs, or custom context.
Redaction is a safety layer. Do not intentionally send secrets, credentials, card data, or highly sensitive personal data to Foveus.

How redaction works

The SDK checks captured telemetry for sensitive keys and values. When a field or header is redacted, Foveus stores a masked value instead of the original value. For example: 
{
  "customerId": "cus_12345",
  "password": "secret-value"
}
becomes: 
{
  "customerId": "cus_12345",
  "password": "***"
}
Redacted fields are not useful for context search because the original value is not indexed.

Default redaction

Foveus redacts common sensitive headers and fields by default. Common redacted headers include: 
authorization
cookie
set-cookie
x-api-key
api-key
token
Common redacted fields include: 
password
passcode
pin
otp
token
accessToken
refreshToken
secret
apiKey
cardNumber
cvv
cvc
The exact defaults may change as Foveus improves its safety controls.

Add custom redacted fields

Add RedactedFields when your application uses domain-specific sensitive field names. 
{
  "Foveus": {
    "ApiKey": "fov_test_...",
    "RedactedFields": ["nationalId", "accountNumber", "dateOfBirth"]
  }
}
Use this for fields your team considers sensitive. Examples: 
nationalId
accountNumber
dateOfBirth
customerPhone
homeAddress

Add custom redacted headers

Add RedactedHeaders when your service uses custom sensitive headers. 
{
  "Foveus": {
    "ApiKey": "fov_test_...",
    "RedactedHeaders": ["x-internal-token", "x-session-secret"]
  }
}
Execution Context Search uses indexed context fields. If a field is redacted, Foveus does not index the original value. For example, if you redact accountNumber: 
{
  "Foveus": {
    "ApiKey": "fov_test_...",
    "RedactedFields": ["accountNumber"]
  }
}
And your response contains: 
{
  "accountNumber": "1234567890"
}
Foveus stores a masked value instead of the original. You should not expect this search to work: 
service:orders-api context:accountNumber="1234567890"
Use a safer identifier instead, such as an internal customer ID, order ID, or request ID.

Redaction and searchable context policy

Foveus also applies backend safety policies before indexing context for search. Sensitive keys are denied even if they are captured. Examples of blocked keys include: 
password
pin
otp
token
authorization
cookie
secret
api_key
card
cvv
Denylisted keys are not searchable. This protects against accidentally indexing sensitive data.

Redaction is key-based

Most redaction is based on field names and header names. For example, this is redacted because the key is sensitive: 
{
  "token": "abc123"
}
But this may not be redacted unless you configure the key: 
{
  "sessionCredential": "abc123"
}
If your application uses custom names for sensitive values, add them to RedactedFields.

Response body capture

Response body capture can be useful for debugging business outcomes. For example: 
{
  "orderStatus": {
    "value": 1,
    "label": "Confirmed"
  }
}
But response bodies can also contain sensitive data. Before enabling response body capture broadly, review:
  • what your APIs return
  • which fields should be redacted
  • whether response body capture is needed in production
  • whether a lower sampling rate is appropriate
Example: 
{
  "Foveus": {
    "ApiKey": "fov_live_...",
    "Mode": "live",
    "CaptureResponseBodies": false,
    "RedactedFields": ["nationalId", "accountNumber", "dateOfBirth"]
  }
}

Request body capture

Request body capture helps debug what a client sent to your API. It can also contain sensitive data. Before enabling it broadly, review:
  • login and authentication routes
  • payment or account routes
  • profile update routes
  • file upload routes
  • high-volume endpoints
Use path filters when needed. 
{
  "Foveus": {
    "ApiKey": "fov_live_...",
    "Mode": "live",
    "ExcludedPathPrefixes": ["/auth", "/health", "/metrics"],
    "RedactedFields": ["password", "otp", "nationalId"]
  }
}

Path filtering

Use path filters to skip routes that should not be captured. 
{
  "Foveus": {
    "ApiKey": "fov_test_...",
    "ExcludedPathPrefixes": ["/health", "/metrics"]
  }
}
Use exact path exclusions for specific endpoints. 
{
  "Foveus": {
    "ApiKey": "fov_test_...",
    "ExcludedExactPaths": ["/auth/login", "/auth/refresh"]
  }
}

IP addresses

If IP address anonymization is enabled, Foveus masks or anonymizes IP values where supported. 
{
  "Foveus": {
    "ApiKey": "fov_test_...",
    "AnonymizeIpAddresses": true
  }
}
Keep IP anonymization enabled unless you have a clear reason to disable it. For most production services, keep response context capture enabled with redaction, sampling, and path exclusions. This lets Foveus show what your service or a third-party provider returned without storing unlimited raw payloads. 
{
  "Foveus": {
    "ApiKey": "fov_live_...",
    "Mode": "live",
    "CaptureProfile": "Balanced",
    "CaptureRequestBodies": true,
    "CaptureResponseBodies": true,
    "ContextSamplingRate": 0.01,
    "ExcludedPathPrefixes": ["/health", "/metrics"],
    "RedactedFields": ["nationalId", "accountNumber", "dateOfBirth"]
  }
}
Use this setup when you need to:
  • inspect provider responses
  • search response fields with Execution Context Search
  • understand business failures returned inside HTTP 200 responses
  • debug user complaints without searching raw logs
For highly sensitive endpoints or services, disable body capture or exclude specific paths. 
{
  "Foveus": {
    "ApiKey": "fov_live_...",
    "Mode": "live",
    "CaptureProfile": "HighThroughput",
    "CaptureRequestBodies": false,
    "CaptureResponseBodies": false,
    "ExcludedPathPrefixes": ["/health", "/metrics", "/auth"],
    "RedactedFields": ["nationalId", "accountNumber", "dateOfBirth"]
  }
}
A better approach for many teams is to keep response capture enabled globally and exclude only the routes that should not be captured.

Verify redaction

After changing redaction settings:
  1. Trigger a test request.
  2. Open the execution in Foveus.
  3. Inspect request and response context.
  4. Confirm sensitive fields are masked.
  5. Confirm searchable context only includes safe values.
Use Test mode when validating redaction behavior.

Troubleshooting

A sensitive field is visible

Add the field name to RedactedFields. 
{
  "Foveus": {
    "ApiKey": "fov_test_...",
    "RedactedFields": ["sessionCredential"]
  }
}
Then trigger a new request. Redaction changes apply to newly captured telemetry.

A header is visible

Add the header name to RedactedHeaders. 
{
  "Foveus": {
    "ApiKey": "fov_test_...",
    "RedactedHeaders": ["x-session-secret"]
  }
}

Context search cannot find a redacted value

That is expected. Redacted values are masked and are not indexed with their original value. Search using a safe identifier instead.

Too much context is being captured

Use one or more of:
  • CaptureProfile: "HighThroughput"
  • CaptureRequestBodies: false
  • CaptureResponseBodies: false
  • ContextSamplingRate
  • ExcludedPathPrefixes
  • ExcludedExactPaths

Next steps