Handling sensitive or internal data
The API handles sensitive data and internal coderefs values in the following ways:
- Sensitive data in API responses
- In API responses, the system masks the following types of data with asterisks:
- Tax ID
- Bank account number
- Customer login credentials
- Insurance score
- Debit card number
- Credit card security code
- Credit card expiry year
- Credit card expiry month
- Credit card number
- Sensitive data in API requests
- API requests submit un-masked sensitive data when there is requirement to add or update the data. When updating a resource with a PUT or PATCH request, the API request can leave masked values as-is unless the request includes an update to the masked the value.
- coderefs in API response
- API requests that begin with
GET /coderefonly return coderefs that are needed to issue and manage policies. For example, API responses can include coderefs that define lists of valid values for a field. However, the API will not return coderefs related to third-party integrations or data related to integrations between InsuranceNow modules.Note: The coderef-exclusion.xml file includes the list of coderefs that the API excludes from API responses. You can add additional coderefs to the exclusion list by overriding the coderef-exclusion.xml (coreAPI/src/main/resources/com/guidewire/insurancenow/api/impl/core_v5/model/coderef/coderef-exclusion.xml) file in your build-out and registering the override file with the APIV5 namespace and the coderef-exclusion repository.