Filter Response Data

Return only the data that Flow needs. When you return more data than necessary, you expose internal fields and sensitive data to every Flow that uses your connector.

Return Only the Fields That Flow Needs

When you return the entire upstream payload, you expose internal fields, admin-only fields, and PII that Flow doesn't need. Flow Builder users and downstream consumers receive every field that your connector returns.

Do: Explicitly list the fields that each operation returns.

Don't: Return payload or payload.records without filtering.

Example

Vulnerable

1payload

Secure

1{ id: payload.id, email: payload.email, displayName: payload.displayName }

Don't Copy All Object Fields

When you map an upstream object with ($), you copy every field, including hidden, admin, and internal fields that the partner didn't intend to expose.

Do: List each field explicitly in the mapping.

Don't: Use map ($) or mapObject ($) to copy whole objects.

Example

Vulnerable

1payload.users map ($)

Secure

1payload.users map ((u) -> { id: u.id, name: u.name, email: u.email })

Don't Echo Internal Metadata Selectors

DataWeave's metadata selectors, such as .^class and .^encoding, expose internal Java class names and encoding details. When you echo these selectors into a response, you leak implementation details to Flow Builder and downstream consumers.

Do: Strip metadata selectors before you return a response.

Don't: Include .^class, .^encoding, or other metadata selectors in your output shape.

Example

Vulnerable

1{ type: payload.^class, enc: payload.^encoding }

Secure

1{ status: "ok" }

Annotate Sensitive Fields

When your connector returns sensitive data, downstream consumers (Flow Builder, Data Cloud, the customer's flow) handle masking. Your connector's job is to signal which fields are sensitive so consumers can mask correctly. If you mask values inside DataWeave, handle complex-valued fields explicitly. The mask() function replaces only scalar values and it leaves fields whose values are objects or arrays untouched.

Do: Annotate sensitive fields with @Sensitive or @PII so downstream consumers can apply appropriate masking.

Don't: Rely on mask() alone for fields whose values are objects or arrays.

Example

Vulnerable

1payload mask field("credentials") with "*****"

Secure

1payload update {
2  case c at .credentials ->
3    if (c is Object) { token: "*****", expiry: c.expiry } else "*****"
4}