You could look at doing custom JS Post-processing middleware and store the masks in the session meta_data of the session token.
Quickly thinking about it, your process would be as follows:
All tokens have a meta-data key/value map, so when you create a token, you can add some matched paths:
{
"path/to/match": "key:value,key2:value2,key3:value3",
"another/path/to/match": "key:value,key2:value2,key3:value3"
}
You then create a JS Middleware post processor that would look like this:
var pathManipulationMiddleware = new TykJS.TykMiddleware.NewMiddleware({});
pathManipulationMiddleware.NewProcessRequest(function(request, session) {
// You can log to Tyk console output by calloing the built-in log() function:
log("Running PATH POST PROCESSOR JSVM middleware")
var pathFound = "";
if (session.meta_data != undefined) {
pathFound = session.meta_data[request.URL];
}
if pathFound != undefined {
// we have a querystring mask, since it needs to be a string, split out on commas
var parts = pathFound.split(",");
for (var i in parts) {
// Get the individual key/value pairs:
var keyVal = parts[i].split(":");
// Assign to request
request.AddParams[keyval[0]] = keyVal[1];
}
}
// You MUST return both the request and session metadata
return pathManipulationMiddleware.ReturnData(request, session.meta_data);
});
// Ensure init with a post-declaration log message
log("PATH POST PROCESSOR initialised");
This will basically grab the injectors for the identity, and then add the key/value pairs to the outbound request as parameters. You could, if you wanted to even grab some from the inbound request and add those too (the above code is not tested, I jut threw that together as a demo).