ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CA API Management: OAuth Tokens are logged in clear text


Article ID: 107975


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


When reviewing the SSG log you may notice access tokens are being logged in clear text, for example:

20180726 13:16:53.822INFO -4error: invalid_request, error_description: Access token does not exist (expired, revoked, replaced, unknown, ...). access_token='e62d0e32-096e-424d-a29e-bf76d9857e8d'


Component: APIGTW


This entry is only logged for expired or revoked tokens. No active tokens will be logged on the system.
To avoid these being logged you can set the below cluster wide property:

Open Policy Manager
1) Navigate to Tasks -> Global Settings -> Manager Cluster-Wide Properties
2) Add the below property name and value:

name: audit.detailThreshold 
value: WARNING