APIM - response data masking

we need to expose an internal API to vendor, however for development we need to mask the data the internal API replies, looking for a similar feature with apigee (https://docs.apigee.com/api-platform/security/data-masking), can this doable via APIM?

Solution

Generically, the Azure APIM allows flexibility on the handling of requests and responses, mainly with the concept of policies. In short, these are operations that may be defined in the incoming, outgoing or during the execution of requests.

This allows the changing of the requests/responses (for example, adding or removing headers), which may be what you want. Some typical examples/snippets of policies are depicted here in Azure's own GitHub, as well as in APIM itself, as shown here.

These two walkthroughs may also be helpful: Setting Policies and Transforming APIs.

Cannot login to Azure API Management Developer Portal with AAD
APIM developer portal test console does not show gateway custom domains
Azure AD Graph API or Powershell Graph: Gathering all the assigned roles that are associated to a group
Why does Azure Self-hosted agent receive Connection refused error when connecting with EventHubs?
Terraform AzureRM Not working to create api managment (APIM) backend ValidationError
Default version for API Management
How do I conditionally restrict API Endpoint Access based on Audience ID?
restrict requests to storage account container based on blob name via request header using APIM policy
Can AWS Lambda and API Gateway fully map and url, because azure function apps and apim can't
How to share xml_content in Terraform API Management resource
Api Management stv2, unable to remove region powershell
API mgmt. error in bicep when setting backend
Azure APIM subscription-key policy not working
How to get value from response body in API management policy?
Azure APIM: How can I link an existing API to a new product using Bicep?
Azure API Management: Import definition with components.schemas pointer to external URL
API management policy - backend based on agency label
Print all incoming headers in Azure API Manager
How to identify (from client) which Azure API Management backend host provided the response?
Azure APIM and Function app Oauth2.0 Azure AD authentication
Rewriting URLs for Azure APIM Polices
Validate JWT in Azure APIM policy
API Management - make set-query-parameter work in a case insensitive way
Azure API Management Wildcard operation returns 404
Unable to remove backslash from json response in azure APIM policy
API Manager OAuth server generates wrong audience claim
The 'calls' attribute is invalid - The value '' is not within allowed values range
Assign Global Headers/Parameters to all APIs in Azure APIM
Access the JSON property from JSON Response - Azure APIM Policies
How to set up the link for the paginated files in the Get Rows(V2) Logic App connector and pass it via Azure API call?