Expand my Community achievements bar.

Elevate your expertise and be recognized as a true influencer! Nominations for the exclusive Adobe Community Advisor program 2023 are now OPEN.

Use case for PII or Secure fields in Content Fragment Models


Level 1

1. At Schema Generation section: Enabling your GraphQL Endpoint of the below URL: https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/assets/admin/graphq..., there is a caution note that states:
"All the GraphQL schemas (derived from Content Fragment Models that have been Enabled) are readable through the GraphQL endpoint.
This means that you need to ensure that no sensitive data is available, as it could be leaked this way; for example, this includes information that could be present as field names in the model definition."
Can someone please elaborate on the point that how do we ensure that there is no sensitive data available in the Schema generated from the "Enabled" Content Models.
The example in the caution talks about: "this includes information that could be present as field names in the model definition." So my confusion is majorly around this example.

To state more clearly: If in a content model's definition we have a field that is a secure data or PII data, then if we do not enable that content model, I believe no GraphQL endpoint can be created, however what would be the use of having the secure field in this case?

2 Replies



@Esteban666 @Ritesh_Mittal @Shashi_Mulugu @Sady_Rifat 

I kindly request you to review this AEM question and share your expertise in addressing them. Alternatively, if you could provide some guidance to the author regarding the issue, it would be highly appreciated. Thank you in advance for your support.


Level 4

You must be aware that under the hood GraphQL is just a REST service, and in general terms, it is not recommended to expose Personally Identifiable Information (PII) fields through a REST API without proper security measures in place. Exposing PII fields through an API can pose significant privacy and security risks if not handled correctly. 


What the warning is saying is basically the same, it is warning you that if you define a PII field in your model, it will be exposed along with all the other fields when the model is enabled. In short, avoid using PII fields in your schemas, or if you use them, make sure the Endpoints are properly secured.


Now, if you define PII fields and do not enable the model, as you mentioned you won't "have an endpoint" from where you can get that info, but you could still use the content model's information within AEM (through the java API for example).