In this tutorial, you will learn how to configure properties so they will not be returned from the Episerver content delivery API. Using out-of-the-box configurations, it is likely that your API will return a number of properties that the client will never need. This is not only a security issue, it will also make your website load slightly slower. When you are using the content delivery API, you should always restrict Episerver from returning more data than the client needs. Performance matters and honing your API will be time well spent!

The simplest way to prevent a property from being returned from the content delivery API is to use the [JsonIgnore] attribute. If you use reflection and look within the 'ContentModelMapperBase ' you will notice that any property marked with [JsonIgnore] will be ignored.

This means you can simply decorate any property either on a page or block declaration and it will not be returned with the API:

If you thought hiding data would be more complicated, sorry to disappoint. Episerver does a good job of making it super-simple to hide properties, so there really are no excuses, happy coding!