Remove personally identifiable information from error messages for compliance
API error responses in Xero contain a substantial sack of unnecessary XML which complicates compliance with data-privacy legislation (GDPR for example). Included in the error response is the original request XML. The original request will most likely contain personally indefinably information which means these messages require substantial filtering before being returned into logging systems or error notification infrastructure.
In some cases the error message itself contains customer information i.e. <Message>The contact name Bob Smith is already assigned to another contact. The contact name must be unique across all active contacts.</Message>
. Perhaps in these examples it would be better if the message was simply <Message>The contact name is already assigned to another contact. The contact name must be unique across all active contacts.</Message>
.