wso2 / product-microgateway

Choreo Connect is a cloud-native, open-source, and developer-centric API gateway.
https://wso2.com/choreo/choreo-connect/
Apache License 2.0
294 stars 252 forks source link

The IP address of the API consumer should be masked before publishing to analytics. #2033

Open manjulaRathnayaka opened 3 years ago

manjulaRathnayaka commented 3 years ago

Describe your problem(s)

The IP address of the clients are published to the API analytics and certain dashboards are created. Due to the GDPR concerns, we should either mask it or look for a replacement depending on the analytics we are planning to provide for the customers.

Describe your solution

Mask it and get the geo-location instead of the direct IP.

How will you implement it

N/A


Optional Fields

Related Issues:

N/A

Suggested Labels:

GDPR

Suggested Assignees:

N/A

jaadds commented 3 years ago

IP address is gathered for Geo-Map processing. In Geo-map processing, once user's region has been found, IP is discarded. So IP doesn't get stored in summarized tables. However since EventHubs have a default retention of 1 day, all raw events would stay in EventHub for a day. But since the IP isn't maintained in the long run, risk of using it as a PII is minimal.

manjulaRathnayaka commented 3 years ago

@ayomawdb FYI.