This article guides you through configuring role-based redaction of Personally Identifiable Information (PII) in the Admin Portal. You’ll learn how to set permissions, validate redaction via frontend and API tools.
Precondition
Ensure you have Admin access to the Admin Portal and familiarity with basic API testing tools like Postman or browser DevTools.
Steps to Configure and Validate PII Redaction
1. Access PII Management in the Admin Portal
- Log in to the Admin Portal.
- In the sidebar, go to the Users menu.
- Click Manage PII.
2. Configure Redaction Settings
- Ticked checkbox → Field is redacted in API responses.
- Unticked checkbox → Field is exposed in API responses.
Redactable fields include:
- First Name
- Last Name
- Username
- Phone Number
- Date of Birth (DOB)
- Line 1 & Line 2
- City, State, Postal Code
- Latitude & Longitude
- Country & Country Code
When redacted, field values are replaced with asterisks (*).
3. Validate Redaction via Frontend UI
- Log in using different roles: Merchant, Buyer, or Guest.
- Navigate to pages showing user data (e.g., Search Results, Item Details, Storefront).
- Confirm that redacted fields match the settings configured in the Admin Portal.
4. Validate via Page Source
- Right-click on the page and select View Page Source.
- Search for window.REDUX_DATA = {.
- Check that field values reflect the redaction settings.
5. Validate via Network Tab
- Open DevTools and go to the Network tab.
- Reload the page.
- Inspect API responses and confirm redacted fields are consistent with Admin Portal settings.
6. Validate via API
- Use Postman or any API client to make a request.
- Refer to the Arcadier API documentation:
https://apiv2.arcadier.com/ - Confirm that redacted fields are correctly masked in the response.
Final Notes
By managing PII redaction, you help safeguard user privacy, reduce the risk of data breaches, and support compliance with global data protection standards. This feature empowers your organization to control sensitive data visibility across user roles.