• Home
  • Dynatrace API
  • Configuration
  • RUM
  • Web application configuration
  • Data privacy
  • PUT data privacy of a web application

Web application configuration API - PUT data privacy of a web application

Updates data privacy parameters of the specified web application.

This API only supports web applications (including agentless applications and browser extensions). For mobile apps and custom applications, see Mobile and custom app API.

The request consumes and produces an application/json payload.

PUTManaged https://{your-domain}/e/{your-environment-id}/api/config/v1/applications/web/{id}/dataPrivacy
SaaS https://{your-environment-id}.live.dynatrace.com/api/config/v1/applications/web/{id}/dataPrivacy
Environment ActiveGate https://{your-activegate-domain}/e/{your-environment-id}/api/config/v1/applications/web/{id}/dataPrivacy

Authentication

To execute this request, you need an access token with Change data privacy settings (DataPrivacy) scope. To learn how to obtain and use it, see Tokens and authentication.

Parameters

ParameterTypeDescriptionInRequired
idstring

The ID of the web application, where you want to update data privacy settings.

pathrequired
bodyApplicationDataPrivacy

JSON body of the request, containing new data privacy settings.

bodyoptional

Request body objects

The ApplicationDataPrivacy object

Data privacy settings of the application.

ElementTypeDescription
metadataConfigurationMetadata

Metadata useful for debugging

Can be null.

identifierstring

Dynatrace entity ID of the web application.

Can be null.

dataCaptureOptInEnabledboolean

Set to true to disable data capture and cookies until JavaScriptAPI dtrum.enable() is called.

persistentCookieForUserTrackingboolean

Set to true to set persistent cookie in order to recognize returning devices.

doNotTrackBehaviourstring

How to handle the "Do Not Track" header:

  • IGNORE_DO_NOT_TRACK: ignore the header and capture the data.
  • CAPTURE_ANONYMIZED: capture the data but do not tie it to the user.
  • DO_NOT_CAPTURE: respect the header and do not capture.
The element can hold these values
  • CAPTURE_ANONYMIZED
  • DO_NOT_CAPTURE
  • IGNORE_DO_NOT_TRACK
sessionReplayDataPrivacySessionReplayDataPrivacySettings

Data privacy settings for Session Replay.

Can be null.

The ConfigurationMetadata object

Metadata useful for debugging

ElementTypeDescription
configurationVersionsinteger[]

A sorted list of the version numbers of the configuration.

Can be null.

currentConfigurationVersionsstring[]

A sorted list of version numbers of the configuration.

Can be null.

clusterVersionstring

Dynatrace version.

Can be null.

The SessionReplayDataPrivacySettings object

Data privacy settings for Session Replay.

ElementTypeDescription
optInModeEnabledboolean

If true, session recording is disabled until JavaScriptAPI dtrum.enableSessionReplay() is called.

Can be null.

urlExclusionRulesstring[]

A list of URLs to be excluded from recording.

Can be null.

contentMaskingSettingsSessionReplayContentMaskingSettings

Content masking settings for Session Replay.

For more details, see Configure Session Replay in Dynatrace Documentation.

Can be null.

The SessionReplayContentMaskingSettings object

Content masking settings for Session Replay.

For more details, see Configure Session Replay in Dynatrace Documentation.

ElementTypeDescription
recordingMaskingSettingsVersioninteger

The version of the content masking.

You can use this API only with the version 2.

If you're using version 1, set this field to 2 in the PUT request to switch to version 2.

recordingMaskingSettingsSessionReplayMaskingSetting

Configuration of the Session Replay masking.

Can be null.

playbackMaskingSettingsSessionReplayMaskingSetting

Configuration of the Session Replay masking.

Can be null.

The SessionReplayMaskingSetting object

Configuration of the Session Replay masking.

ElementTypeDescription
maskingPresetstring

The type of the masking:

  • MASK_ALL: Mask all texts, user input, and images.
  • MASK_USER_INPUT: Mask all data that is provided through user input
  • ALLOW_LIST: Only elements, specified in maskingRules are shown, everything else is masked.
  • BLOCK_LIST: Elements, specified in maskingRules are masked, everything else is shown.
The element can hold these values
  • ALLOW_LIST
  • BLOCK_LIST
  • MASK_ALL
  • MASK_USER_INPUT
maskingRulesMaskingRule[]

A list of masking rules.

Can be null.

The MaskingRule object

The masking rule defining how data is hidden.

ElementTypeDescription
maskingRuleTypestring

The type of the masking rule.

The element can hold these values
  • ATTRIBUTE
  • ELEMENT
selectorstring

The selector for the element or the attribute to be masked.

Specify a CSS expression for an element or a regular expression for an attribute.

userInteractionHiddenboolean

Interactions with the element are (true) or are not (`false) masked.

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

json
{ "metadata": { "configurationVersions": [ 4, 2 ], "currentConfigurationVersions": [ "1.0.4", "1.23" ], "clusterVersion": "1.192.1" }, "identifier": "string", "dataCaptureOptInEnabled": true, "persistentCookieForUserTracking": true, "doNotTrackBehaviour": "CAPTURE_ANONYMIZED", "sessionReplayDataPrivacy": { "optInModeEnabled": true, "urlExclusionRules": [ "string" ], "contentMaskingSettings": { "recordingMaskingSettingsVersion": 2, "recordingMaskingSettings": { "maskingPreset": "ALLOW_LIST", "maskingRules": [ { "maskingRuleType": "ATTRIBUTE", "selector": "string", "userInteractionHidden": false } ] }, "playbackMaskingSettings": {} } } }

Response

Response codes

CodeTypeDescription
204-

Success. Data privacy settings have been updated. Response doesn't have a body.

400ErrorEnvelope

Failed. The input is invalid.

Validate payload

We recommend that you validate the payload before submitting it with an actual request. A response code of 204 indicates a valid payload.

The request consumes an application/json payload.

POSTManaged https://{your-domain}/e/{your-environment-id}/api/config/v1/applications/web/{id}/dataPrivacy/validator
SaaS https://{your-environment-id}.live.dynatrace.com/api/config/v1/applications/web/{id}/dataPrivacy/validator
Environment ActiveGate https://{your-activegate-domain}/e/{your-environment-id}/api/config/v1/applications/web/{id}/dataPrivacy/validator

Authentication

To execute this request, you need an access token with Change data privacy settings (DataPrivacy) scope. To learn how to obtain and use it, see Tokens and authentication.

Response

Response codes

CodeTypeDescription
204-

Validated. The submitted configuration is valid. Response does not have a body.

400ErrorEnvelope

Failed. The input is invalid.