Get your FREE copy of "The Clean Coder's Guide to Laravel" and subscribe for future posts!

Join over 6,500+ developers who have already downloaded their copy!

Drop your email in the box below and you'll get notified every time a new post is published. You'll also get a FREE copy of my 70 page PDF that shows you how you can make your Laravel projects cleaner.

The following article is a short snippet from the "Code Techniques" chapter of my book "Consuming APIs In Laravel".

The book teaches you how to write powerful and robust code to build API integrations in your Laravel apps. It's packed with over 440+ pages of actionable advice, real-life code examples, and tips and tricks.

In the book, I teach you how to write code that can help you sleep easy at night having confidence that your API integration works!

If you enjoy this content, you might want to check out the rest of the book. You can download a FREE sample from the "Webhooks" section that covers "Building Webhook Routes" and "Webhook Security".

๐Ÿ‘‰ Make sure to use the discount code CAIL20 to get 20% off!

Redacting Sensitive Parameters in PHP

When working with external APIs in your application, you'll likely need to pass sensitive data (such as passwords and API keys) to your service classes as method parameters. In these scenarios, you may wish to prevent those parameters from being logged in your application's logs and stack traces.

To provide some context, let's look at an example of where we might want to redact sensitive parameters.

Imagine we are building an API integration that requires us to pass a username and password to an identity API endpoint that will return a token we can use to interact with the rest of the API. The code to do this might look something like this:

        
1class IdentityApiService
2{
3    public function authenticate(
4        string $username,
5        string $password
6    ): string {
7        // Authenticate the user and return the token.
8    }
9}

If, for any reason, an exception is thrown within this method, the exception may be logged in your application's logs. This means that the username and password will be logged in plain text, which we want to avoid. For instance, imagine we called this method using the following code:

        
1$identityApiService->authenticate('ash-jc-allen', 'PASSWORD HERE');

If an exception were thrown, the following lines would be found in the stack trace logged in your application's logs:

        
1Something went wrong! {"exception":"[object] (Exception(code: 0): Something went wrong! at /Users/ash/www/api-project/app/Services/IdentityApiService.php:13)
2Stack trace:
3#0 /Users/ash/www/api-project/app/Services/ApiService.php(48): App\\Services\\IdentityApiService->authenticate('ash-jc-allen', 'PASSWORD HERE')

As we can see in the stack trace, the password is logged in plain text. To prevent this from happening, we could update the authenticate method to redact the password from the stack trace by using the #[\SensitiveParameter] attribute:

        
1class IdentityApiService
2{
3    public function authenticate(
4        string $username,
5        #[\SensitiveParameter] string $password
6    ): string {
7        // Authenticate the user and return the token.
8    }
9}

As a result of doing this, if the authenticate method threw an exception, the password would be redacted from the stack trace:

        
1Something went wrong! {"exception":"[object] (Exception(code: 0): Something went wrong! at /Users/ash/www/api-project/app/Services/IdentityApiService.php:13)
2Stack trace:
3#0 /Users/ash/www/api-project/app/Services/ApiService.php(48): App\\Services\\IdentityApiService->authenticate('ash-jc-allen', Object(SensitiveParameterValue))

As we can see in the stack trace, the password has been redacted and replaced with an instance of the SensitiveParameterValue class. This means the password will no longer be logged in plain text.

Redacting sensitive parameters in your projects can be beneficial because it can prevent them from being transmitted to an external logging or bug-reporting system (such as Honeybadger, Flare, or Bugsnag). Sending this data to an external service introduces a new attack vector to your application. For example, if the external system was to be compromised (such as someone gaining access to your account or the service accidentally leaking data), this could allow malicious hackers to see any sensitive data that was logged. As a result, they may be able to gain access to the API you're using and cause damage. For instance, if you use a third-party API to send SMS messages, and the API key is logged in plain text, a malicious hacker could use this to send SMS messages to premium rate numbers, which could cost a lot of money.

However, there may be times when you must log your parameters in plain text. This may be for debugging reasons or because you're using a third-party package that prevents you from being able to redact the parameters. In these scenarios, you'll need to decide on a case-by-case basis whether you're happy taking the risk with the sensitive data being logged in plain text.

It's worth noting that most third-party error monitoring services allow you to define a list of parameters or fields that you'd like to redact and prevent transmitting to them. Make sure to check the documentation for the service you're using to see if this is something that they support.

Enjoyed This Snippet?

If you enjoyed this snippet, you might want to check out the rest of the "Consuming APIs in Laravel" book.

๐Ÿ‘‰ Make sure to use the discount code CAIL20 to get 20% off!

Get your FREE copy of "The Clean Coder's Guide to Laravel" and subscribe for future posts!

Join over 6,500+ developers who have already downloaded their copy!

Drop your email in the box below and you'll get notified every time a new post is published. You'll also get a FREE copy of my 70 page PDF that shows you how you can make your Laravel projects cleaner.

Blog post banner image by Jess Pickup.