The API discovery feature is already parsing payloads to identify data types such as credit card, email, SSN. Allowing payloads to be included in the global log receiver provides enrichment of API Inventory and also for high risk APIs such as login, account recovery, registration and payments allows security and analytics to monitor and alert on attack types such as credential stuffing (single attempt per user id) and brute force.

This would only be impactful to the customer's log collector, not to the F5 stack.

Limiting to a max number of characters, such as 50,000 helps avoid space issues with very large requests. Allowing the user to specify which APIs require payload logging via combination of domain, URL Path and HTTP Method helps limit scope. And lastly where the value to be logged is both encrypted and then base 64 encoded. The encryption ensures any sensitive data is safe to log. The encoding ensures any special characters or formats will not break parsing when the payload field is parsed into the logging tool.