How to hide the sensitive information in postman

Your question may already have an answer on the community forum. Please search for related topics, and then read through the guidelines before creating a new topic.

I have a xml response with sensitive information. I want to hide this information from others to view in my test report. How do i achieve it?

Hey @jency.stella19

Welcome to the community! :wave:

How are you creating the test report?

Hi @dannydainton using the below coomand
newman run collection.json -r htmlextra

That’s a wonderful reporter… :heart:

So you could use the --reporter-htmlextra-hideResponseBody flag on the latest version to hide the response of a particular request, in the final report.

For example:

newman run collection.json -r htmlextra --reporter-htmlextra-hideResponseBody "Auth Request"

@dannydainton: Is it possible to hide/encrypt particular response tag alone, just because it has some private information?

Not currently but it is something that I’ve taken a look at and I have an open FR for:

It’s easy to hide the full response because you can trigger that on a particular request but it’s super difficult when it’s an individual part of a response body.

You would need to parse all the data, which could be huge, to mask or hide a single part.

It’s even crazier because you also need to account for all the different types of responses their could be XML, JSON, plain text etc.

1 Like

@dannydainton Thank you :slight_smile: I tried to use the snippet you shared for the making.


let maskValue = '*******',

    ld = require('lodash');

let masker = ld.cloneDeepWith(jsonObject, (value, key) => {

    if (ld.some(['ns2:CountryCode', 'ns2:Uci', 'ns2:LocalCustomerId'], item => ld.toLower(key) === ld.toLower(item))) {

        return maskValue;


    if (ld.isObject(value)) {



    return value;



its working. same logic wen used for JSON response I can directly access the nodes by console.log(masker.fieldname);

but for the XML response any way to reach the masked node directly?

That was a basic example of what I created to mask something on the console.log() for a JSON response - It doesn’t change the response in anyway, it’s just showing that masked value for a certain key in the response.

Thanks @dannydainton the post was quite useful

1 Like