Create a Public API JSON Subset from Internal Data

Filter JSON to Create a Public API Response Subset

Internal data models are richer than what should be exposed in a public API. Database records often carry internal IDs, admin override flags, cost prices, audit timestamps, and soft-delete markers that must never appear in the external API response. This tool lets you define a field whitelist — the keys that ARE safe to expose — and strips everything else from the JSON, showing you exactly what the public API response will look like before you write the serialization code.

How to filter json to create a public api response subset

Step 1
Paste the full internal data record — Paste a complete internal JSON record — the full database row or ORM object as it exists internally, including all fields you want to verify are excluded.
Step 2
Define the public field whitelist — List only the fields safe for public exposure: id, name, description, price, createdAt. Do not include: internalId, costPrice, adminNotes, deletedAt, or any field with internal meaning.
Step 3
Run the filter and verify the output — Confirm the output contains only the whitelisted fields. Verify that no internal fields snuck through by checking the key count and reviewing the output structure.
Step 4
Use as your serializer or DTO template — Use the filtered key list to define your DTO class, serializer schema, or OpenAPI response schema. The whitelist becomes the authoritative list of allowed fields in your API response.

Frequently asked questions

How is a whitelist approach safer than a blacklist approach for public APIs?+

A blacklist approach removes known-sensitive fields but fails silently when new internal fields are added to the data model — they appear in the public API by default. A whitelist approach is explicit: new fields are absent from the public API until they are consciously added to the whitelist, preventing accidental exposure of internal data.

What is the best way to implement this in a Node.js Express API?+

Define the allowed fields as a constant array and use lodash.pick(record, ALLOWED_FIELDS) to create the public response object. Alternatively, define a serializer class or a Zod schema that only includes the allowed fields and run every response through it before res.json().

Is the internal data record transmitted to JAD Apps?+

No. Processing runs entirely in your browser. Internal records including cost prices, admin flags, and private audit data are never transmitted to JAD Apps servers.

Privacy first

Conversion runs locally in your browser. No file is uploaded — only metadata counters are saved for signed-in dashboard stats.

Filter JSON to Create a Public API Response Subset

How to filter json to create a public api response subset

Step 1

Paste the full internal data record — Paste a complete internal JSON record — the full database row or ORM object as it exists internally, including all fields you want to verify are excluded.

Step 2

Define the public field whitelist — List only the fields safe for public exposure: id, name, description, price, createdAt. Do not include: internalId, costPrice, adminNotes, deletedAt, or any field with internal meaning.

Step 3

Run the filter and verify the output — Confirm the output contains only the whitelisted fields. Verify that no internal fields snuck through by checking the key count and reviewing the output structure.

Step 4

Use as your serializer or DTO template — Use the filtered key list to define your DTO class, serializer schema, or OpenAPI response schema. The whitelist becomes the authoritative list of allowed fields in your API response.

Frequently asked questions

How is a whitelist approach safer than a blacklist approach for public APIs?+

What is the best way to implement this in a Node.js Express API?+

Is the internal data record transmitted to JAD Apps?+

No. Processing runs entirely in your browser. Internal records including cost prices, admin flags, and private audit data are never transmitted to JAD Apps servers.

Privacy first

Conversion runs locally in your browser. No file is uploaded — only metadata counters are saved for signed-in dashboard stats.

Filter JSON to Create a Public API Response Subset

How to filter json to create a public api response subset

Frequently asked questions

Privacy first

Related guides

Filter JSON to Create a Public API Response Subset

How to filter json to create a public api response subset

Frequently asked questions

Privacy first

Related guides