Inbound Route

Create an Inbound Route to Secure PII-Sensitive Data

  1. If not already logged in, log into your VGS Dashboard (https://dashboard.verygoodsecurity.com).
  2. On the top, left-hand side, just under the organization name, click on the “Vault” tab.
  3. On the left-hand side, under “Vault”, click on “Routes”.
  4. At the top, just under the “Vault ID”, select the “HTTP” tab.
  5. Under the “HTTP” tab, select “Inbound”.
  6. On the right-hand side, click on the “Manage” button.
  7. The following picture highlights, with red boxes, the areas to select/modify in steps #2 through #6.

VGS Dashboard Routes

  1. Confirm the Upstream Host points to the simulated customer network, “https://vgs-simulated-customer-network.ngrok.io” as shown in the following picture.

VGS Dashboard Inbound Routes Upstream Host

  1. Scroll down to bottom and hit “Add filter”.
  2. Under “Conditions” in the default filter, note the following settings:
    * PathInfo matches “/post”. This points to your server-side API endpoint destination.
    * ContentType equals “application/json”. This defines the content type of the request.
  3. Phase: “On request”. This defines the API phase. In this case, this filter will trigger on initial API call.
  4. Scroll down and select the “Basic” tab below “Tag”.
  5. Under “Operation”, select “REDACT” to secure sensitive data.
  6. Under “Content Type, select “Json” to identify the content type of the request.
  7. Under “Fields in JSON path”, enter “$.phone_number” into field 1.
  8. Scroll down to “Storage” below “Targets”.
  9. Click on “Storage” field and select “Persistent”.
  10. Under “Alias Format”, click the field and select “Account Number - Number Length Preserving (A4) - xxxxxxxxxxxx<last_four>.
  11. The following pictures highlights, with red boxes, the areas to select/modify in steps #9 through #18.

VGS Dashboard Inbound Routes Add Filter

VGS Dashboard Inbound Routes Phone Number Conditions

VGS Dashboard Inbound Routes Redact Phone Number Variable

  1. Scroll down and hit “Add filter”.
  2. Scroll down to “Conditions”.
  3. Under “Conditions” in the default filter, note the following settings:
    * PathInfo matches “/post”. This points to your server-side API endpoint destination.
    * ContentType equals “application/json”. This defines the content type of the request.
  4. Phase: “On request”. This defines the API phase. In this case, this filter will trigger on initial API call.
  5. Scroll down and select the “Basic” tab below “Tag”.
  6. Under “Operation”, select “REDACT” to secure sensitive data.
  7. Under “Content Type, select “Json” to identify the content type of the request.
  8. Under “Fields in JSON path”, enter “$.ssn” into field 1.
  9. Scroll down to “Storage” below “Targets”.
  10. Click on “Storage” field and select “Persistent”.
  11. Under “Alias Format”, click the field and select “SSN - Format Preserving (A4) - xxx-xx-<last_four>.
  12. Scroll to the bottom and hit “Save” in the bottom, right-hand side.
  13. The following pictures highlights, with red boxes, the areas to select/modify in steps #20 through #31.

VGS Dashboard Inbound Routes Redact SSN Conditions

VGS Dashboard Inbound Routes Redact SSN Variable

Congratulations, you have finished this section.