Filter Response Data
Return Only the Fields That Flow Needs
When you return the entire upstream payload, you expose internal fields, admin-only fields, and PII that Flow doesn't need. Flow Builder users and downstream consumers receive every field that your connector returns.
Do: Explicitly list the fields that each operation returns.
Don't: Return payload or payload.records without filtering.
Example
Vulnerable
1payloadSecure
1{ id: payload.id, email: payload.email, displayName: payload.displayName }Don't Copy All Object Fields
When you map an upstream object with ($), you copy every field, including hidden, admin, and internal fields that the partner didn't intend to expose.
Do: List each field explicitly in the mapping.
Don't: Use map ($) or mapObject ($) to copy whole objects.
Example
Vulnerable
1payload.users map ($)Secure
1payload.users map ((u) -> { id: u.id, name: u.name, email: u.email })Don't Echo Internal Metadata Selectors
DataWeave's metadata selectors, such as .^class and .^encoding, expose internal Java class names and encoding details. When you echo these selectors into a response, you leak implementation details to Flow Builder and downstream consumers.
Do: Strip metadata selectors before you return a response.
Don't: Include .^class, .^encoding, or other metadata selectors in your output shape.
Example
Vulnerable
1{ type: payload.^class, enc: payload.^encoding }Secure
1{ status: "ok" }Annotate Sensitive Fields
When your connector returns sensitive data, downstream consumers (Flow Builder, Data Cloud, the customer's flow) handle masking. Your connector's job is to signal which fields are sensitive so consumers can mask correctly. If you mask values inside DataWeave, handle complex-valued fields explicitly. The mask() function replaces only scalar values and it leaves fields whose values are objects or arrays untouched.
Do: Annotate sensitive fields with @Sensitive or @PII so downstream consumers can apply appropriate masking.
Don't: Rely on mask() alone for fields whose values are objects or arrays.
Example
Vulnerable
1payload mask field("credentials") with "*****"Secure
1payload update {
2 case c at .credentials ->
3 if (c is Object) { token: "*****", expiry: c.expiry } else "*****"
4}