Backendless Support
 
Answered

How to retrieve objects not with all fields

For example, if I have a simple model:

User: login(String), email(String), password(String)

If I send a GET request, I'd get only login and email.

But I want this: if I send a GET request, I would get only login field. In other words, how I can hide email field and get it if only that authenticated user send a request

Best Answer
photo

You can restrict access to a specific field using custom business logic. Here's an example of how to do it using our new Codeless feature: https://youtu.be/Q4qVxrJyi38

Leave a Comment

Comments (12)

photo
2

You can use `props` parameter for this, which is references object properties which should be returned with every object. For example, objects in the result `GET https://api.backendless.com/<application-id>/<REST-api-key>/data/Users?props=login,email` will contain only the "login" and "email" properties, or leave just `login` if non-authenticated user send request.

Regards,

Stanislaw

photo
1

Ok, but it's all about security. After reverse-engeering anyone can send another GET request and get an email.

photo
2

You are absolutely, correct, it is all about security. For this very reason, we provide a mechanism where you can restrict access to your data, users, files, etc by applying a security policy. You can restrict access to specific roles (built in or custom). Please see the documentation for more info:

https://backendless.com/docs/rest/doc.html#data_security

photo
1

Sorry, but my english skills don't allow me to find the correct paragraph of this article.

By what mechanism I can restrict access not for all DB, but only for 1 field

photo
2

You can restrict access to a specific field using custom business logic. Here's an example of how to do it using our new Codeless feature: https://youtu.be/Q4qVxrJyi38

photo
1

Thanks! Already though about custom BL. And am I right, that there is no other way to do it?

photo
2

Hello,

Yes, you're right - that's the only way.

Regards, Olga

photo
1

265c1b3ca3e6227ab7327a89c30d21c53034ea08d8ef9df225626d9f87d74b6f

One more question. I did all steps from the video and it didn't help

photo
1

Even if I do simple operation like this e227ec2aced4be41b343b2d99681934a

OR

06c2d4c2f5359653b00001ab73920ed4

I have the same error978778588e409ec11811873f50773e92

photo
2

Hi timuructus

Yes, we able to reproduce it, we will fix asap

Regards, Vlad

photo
2

We just fixed it, check this out and let us know if the problem is gone

photo
1

Thanks a lot! Best support team I've ever seen. Problem is completely gone

photo