Custom Data Types

The AppSentinels API Security Platform supports predefined Sensitive and PII Data Types out-of-the-box. However, in many applications, there are parameters that may be unique to the organization or application but still require the same level of protection as standard sensitive information. To address this, the platform allows the creation and management of Custom Data Types.

While predefined types such as email, phone number, SSN, etc., cover a broad range of common sensitive data, custom data types provide flexibility to:

Creating a New Custom Data Type

Custom Data Types can be configured from the platform by navigating to Settings → Data Types → Custom

  1. Click on "Add Custom Data Type"
    This opens the form to define the properties of the custom type.
  2. Enter a Name
    This should be a descriptive label for the sensitive parameter (e.g., BankAccountToken).
  3. Specify Matching Criteria
    You can define how this data type should be identified in the traffic:
    • Regex Pattern: A regular expression that matches the expected value format.
    • Field Name Match: Keywords or parameter names such as bank_token, acctId.
  4. Choose Scope (Location)
    • Request Body
    • Query Parameter
    • Response
    • Header
    This tells AppSentinels where to look for the custom data.
  5. Save the Configuration
    Once saved, the custom data type becomes part of the sensitive data detection mechanism.
Add Custom Data Type

Managing Custom Data Types

Use Cases for Custom Data Types

Example

Name Field Match Scope Pattern
BankAccountToken bank_token Request Body [A-Z]{3}[0-9]{8,12}
CustomerUUID customer_id Query Param [0-9a-fA-F]{8}-[0-9a-fA-F]{4}

Visibility and Reporting

Notes