REST Assured: Blacklist Headers from Logging

Profile picture for user devraj

As of REST Assured 4.2.0 it's possible to blacklist headers so that they are not shown in the request or response log. Instead the header value will be replaced with [ BLACKLISTED]. You can blacklist one or more headers. The purpose of a blacklist is to prevent sensitive information to be included in the log. 

BlackList From Request

You need to specify header key. Like Accept, content-type etc. 

given().config(RestAssured.config().logConfig(LogConfig.logConfig().blacklistHeader("Accept"))
.log().headers()

This will output

Accept=[ BLACKLISTED ]

make sure you are .config() statement before .log().headers()

BlackList From Response

given().config(RestAssured.config().logConfig(LogConfig.logConfig().blacklistHeader("set-cookie"))
then().log().headers()

This will output

set-cookie: [ BLACKLISTED ]

BlackList Request and Response Together

.given().config(RestAssured.config().logConfig(LogConfig.logConfig().blacklistHeader("Accept","set-cookie")))
.log().headers()
.then().log().headers()

Thi will output

Accept=[ BLACKLISTED ]
set-cookie: [ BLACKLISTED ]

BlackList Request and Response Together using collection

List headers = new ArrayList<String>();
headers.add("Accept");
headers.add("set-cookie");

.given().config(RestAssured.config().logConfig(LogConfig.logConfig().blacklistHeader(headers)))
.log().headers()
.then().log().headers()

This will output same

Accept=[ BLACKLISTED ]
set-cookie: [ BLACKLISTED ]

BlackList Multiple Request Together

This is same as above. You just need to specify header key specific to request.

BlackList Multiple Response Together

This is same as above. You just need to specify header key specific to response.