#hide sensitive data from relationship field

11 messages ยท Page 1 of 1 (latest)

wise mica
#

In my collections I'm having a field called "author", having a relationship to my users table and per default set to user.id

But when querying the field using the rest api I'm getting the complete data from the users collections including all fields and also sensitive Data such as the api key.
The users name would be completely sufficient.

Can I change this anywhere? Some best practices?

celest cargoBOT
rancid drum
wise mica
#

Good point ๐Ÿ‘
I'll give it a try ๐Ÿ˜„

wise mica
#

@rancid drum thx, worked as expected

celest cargoBOT
rancid drum
#

how did you do could you share some dummy code

wise mica
#

@rancid drum I'll share it as I finished it.
Had some correlation with other data/fields

fair shale
#

@rancid drum Here's an example. If you don't want the field data to show at all in the response. set it to undefined like doc.apiKey = undefined. https://github.com/payloadcms/payload/discussions/4400#discussioncomment-8547663

GitHub
Prevent API key from being returned by API ยท payloadcms payload ยท D...

Link to reproduction No response Describe the Bug When using API keys with Payload, the actual API key value is returned in the response from the API. This is a security risk, as it allows anyone w...

rancid drum
#

i wanted to hide data from the res rather than the actual db

fair shale