• Home
  • Dynatrace API
  • Configuration
  • RUM
  • Web application configuration
  • Data privacy
  • PUT data privacy of a web application

Web application configuration API - PUT data privacy of a web application

Updates data privacy parameters of the specified web application.

This API only supports web applications (including agentless applications and browser extensions). For mobile apps and custom applications, see Mobile and custom app API.

The request consumes and produces an application/json payload.

PUTManagedhttps://{your-domain}/e/{your-environment-id}/api/config/v1/applications/web/{id}/dataPrivacy
SaaShttps://{your-environment-id}.live.dynatrace.com/api/config/v1/applications/web/{id}/dataPrivacy
Environment ActiveGatehttps://{your-activegate-domain}/e/{your-environment-id}/api/config/v1/applications/web/{id}/dataPrivacy

Authentication

To execute this request, you need an access token with Change data privacy settings (DataPrivacy) scope. To learn how to obtain and use it, see Tokens and authentication.

Parameters

ParameterTypeDescriptionInRequired
idstring

The ID of the web application, where you want to update data privacy settings.

pathrequired
bodyApplicationDataPrivacy

JSON body of the request, containing new data privacy settings.

bodyoptional

Request body objects

The ApplicationDataPrivacy object

Data privacy settings of the application.

ElementTypeDescriptionRequired
metadataConfigurationMetadata

Metadata useful for debugging

optional
identifierstring

Dynatrace entity ID of the web application.

optional
dataCaptureOptInEnabledboolean

Set to true to disable data capture and cookies until JavaScriptAPI dtrum.enable() is called.

required
persistentCookieForUserTrackingboolean

Set to true to set persistent cookie in order to recognize returning devices.

required
doNotTrackBehaviourstring

How to handle the "Do Not Track" header:

  • IGNORE_DO_NOT_TRACK: ignore the header and capture the data.
  • CAPTURE_ANONYMIZED: capture the data but do not tie it to the user.
  • DO_NOT_CAPTURE: respect the header and do not capture.
The element can hold these values
  • CAPTURE_ANONYMIZED
  • DO_NOT_CAPTURE
  • IGNORE_DO_NOT_TRACK
required
sessionReplayDataPrivacySessionReplayDataPrivacySettings

Data privacy settings for Session Replay.

optional

The ConfigurationMetadata object

Metadata useful for debugging

ElementTypeDescriptionRequired
configurationVersionsinteger[]

A sorted list of the version numbers of the configuration.

optional
currentConfigurationVersionsstring[]

A sorted list of version numbers of the configuration.

optional
clusterVersionstring

Dynatrace version.

optional

The SessionReplayDataPrivacySettings object

Data privacy settings for Session Replay.

ElementTypeDescriptionRequired
optInModeEnabledboolean

If true, session recording is disabled until JavaScriptAPI dtrum.enableSessionReplay() is called.

optional
urlExclusionRulesstring[]

A list of URLs to be excluded from recording.

optional
contentMaskingSettingsSessionReplayContentMaskingSettings

Content masking settings for Session Replay.

For more details, see Configure Session Replay in Dynatrace Documentation.

optional

The SessionReplayContentMaskingSettings object

Content masking settings for Session Replay.

For more details, see Configure Session Replay in Dynatrace Documentation.

ElementTypeDescriptionRequired
recordingMaskingSettingsVersioninteger

The version of the content masking.

You can use this API only with the version 2.

If you're using version 1, set this field to 2 in the PUT request to switch to version 2.

required
recordingMaskingSettingsSessionReplayMaskingSetting

Configuration of the Session Replay masking.

optional
playbackMaskingSettingsSessionReplayMaskingSetting

Configuration of the Session Replay masking.

optional

The SessionReplayMaskingSetting object

Configuration of the Session Replay masking.

ElementTypeDescriptionRequired
maskingPresetstring

The type of the masking:

  • MASK_ALL: Mask all texts, user input, and images.
  • MASK_USER_INPUT: Mask all data that is provided through user input
  • ALLOW_LIST: Only elements, specified in maskingRules are shown, everything else is masked.
  • BLOCK_LIST: Elements, specified in maskingRules are masked, everything else is shown.
The element can hold these values
  • ALLOW_LIST
  • BLOCK_LIST
  • MASK_ALL
  • MASK_USER_INPUT
required
maskingRulesMaskingRule[]

A list of masking rules.

optional

The MaskingRule object

The masking rule defining how data is hidden.

ElementTypeDescriptionRequired
maskingRuleTypestring

The type of the masking rule.

The element can hold these values
  • ATTRIBUTE
  • ELEMENT
required
selectorstring

The selector for the element or the attribute to be masked.

Specify a CSS expression for an element or a regular expression for an attribute.

required
userInteractionHiddenboolean

Interactions with the element are (true) or are not (`false) masked.

required

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

json
{
  "metadata": {
    "configurationVersions": [
      4,
      2
    ],
    "currentConfigurationVersions": [
      "1.0.4",
      "1.23"
    ],
    "clusterVersion": "1.192.1"
  },
  "identifier": "string",
  "dataCaptureOptInEnabled": true,
  "persistentCookieForUserTracking": true,
  "doNotTrackBehaviour": "CAPTURE_ANONYMIZED",
  "sessionReplayDataPrivacy": {
    "optInModeEnabled": true,
    "urlExclusionRules": [
      "string"
    ],
    "contentMaskingSettings": {
      "recordingMaskingSettingsVersion": 2,
      "recordingMaskingSettings": {
        "maskingPreset": "ALLOW_LIST",
        "maskingRules": [
          {
            "maskingRuleType": "ATTRIBUTE",
            "selector": "string",
            "userInteractionHidden": false
          }
        ]
      },
      "playbackMaskingSettings": {}
    }
  }
}

Response

Response codes

CodeTypeDescription
204

Success. Data privacy settings have been updated. Response doesn't have a body.

400ErrorEnvelope

Failed. The input is invalid.

Validate payload

We recommend that you validate the payload before submitting it with an actual request. A response code of 204 indicates a valid payload.

The request consumes an application/json payload.

POSTManagedhttps://{your-domain}/e/{your-environment-id}/api/config/v1/applications/web/{id}/dataPrivacy/validator
SaaShttps://{your-environment-id}.live.dynatrace.com/api/config/v1/applications/web/{id}/dataPrivacy/validator
Environment ActiveGatehttps://{your-activegate-domain}/e/{your-environment-id}/api/config/v1/applications/web/{id}/dataPrivacy/validator

Authentication

To execute this request, you need an access token with Change data privacy settings (DataPrivacy) scope. To learn how to obtain and use it, see Tokens and authentication.

Response

Response codes

CodeTypeDescription
204

Validated. The submitted configuration is valid. Response does not have a body.

400ErrorEnvelope

Failed. The input is invalid.