Support Topics Documentation Slack YouTube Blog

How to retrieve objects not with all fields


(Timur Khasanov) #1

For example, if I have a simple model:
User: login(String), email(String), password(String)
If I send a GET request, I’d get only login and email.
But I want this: if I send a GET request, I would get only login field. In other words, how I can hide email field and get it if only that authenticated user send a request


(Stanislaw Grin) #2

You can use props parameter for this, which is references object properties which should be returned with every object. For example, objects in the result GET https://api.backendless.com/<application-id>/<REST-api-key>/data/Users?props=login,email will contain only the “login” and “email” properties, or leave just login if non-authenticated user send request.

Regards,
Stanislaw


(Timur Khasanov) #3

Ok, but it’s all about security. After reverse-engeering anyone can send another GET request and get an email.


(Mark Piller) #4

You are absolutely, correct, it is all about security. For this very reason, we provide a mechanism where you can restrict access to your data, users, files, etc by applying a security policy. You can restrict access to specific roles (built in or custom). Please see the documentation for more info:

https://backendless.com/docs/rest/doc.html#data_security


(Timur Khasanov) #5

Sorry, but my english skills don’t allow me to find the correct paragraph of this article.
By what mechanism I can restrict access not for all DB, but only for 1 field


(Mark Piller) #6

You can restrict access to a specific field using custom business logic. Here’s an example of how to do it using our new Codeless feature: https://youtu.be/Q4qVxrJyi38


(Timur Khasanov) #7

Thanks! Already though about custom BL. And am I right, that there is no other way to do it?


(Olga Danylova) #8

Hello,

Yes, you’re right - that’s the only way.

Regards, Olga


(Timur Khasanov) #9

http://support.backendless.com/public/attachments/265c1b3ca3e6227ab7327a89c30d21c5.png</img>http://support.backendless.com/public/attachments/3034ea08d8ef9df225626d9f87d74b6f.png</img>

One more question. I did all steps from the video and it didn’t help

265c1b3ca3e6227ab7327a89c30d21c5.png


(Timur Khasanov) #10

Even if I do simple operation like this http://support.backendless.com/public/attachments/e227ec2aced4be41b343b2d99681934a.png</img>
OR
http://support.backendless.com/public/attachments/06c2d4c2f5359653b00001ab73920ed4.png</img>

I have the same errorhttp://support.backendless.com/public/attachments/978778588e409ec11811873f50773e92.png</img>

e227ec2aced4be41b343b2d99681934a.png

06c2d4c2f5359653b00001ab73920ed4.png


(Vladimir Upirov) #11

Hi timuructus

Yes, we able to reproduce it, we will fix asap

Regards, Vlad


(Vladimir Upirov) #12

We just fixed it, check this out and let us know if the problem is gone


(Timur Khasanov) #13

Thanks a lot! Best support team I’ve ever seen. Problem is completely gone