Hello everyone,
I have a question regarding the restriction of standard fields of the Rest API.
Is it possible to restrict standard fields, especially modified_by and owner in queries from the REST API?
My setup:
I have a frontend which authenticates via Oauth. However, users should not see the fields modified_by and owner.
In my eyes, this is a data protection and security problem. Private mail addresses are exposed through this.
Is there any other way to restrict access to the API? For example, that only whitelisted methods can be used for this role and not the REST API. How else can data records be made freely available via the API without disclosing this sensitive data?