Hide Password from Django Serializer when using Depth
Hide password or sensitive information when using Django depth functionality in Django Rest Framework Serializer.

There are times when you create an API with user in it and then when you wanna need more details, you set depth of the API and to the surprise you see some confidential fields in it. First in User serializer (or in serializer in which you wanna hide fields) you need to exclude those fields.
1from django.contrib.auth import get_user_model2from rest_framework import serializers3
4class UserSerializer(serializers.ModelSerializer):5 class Meta:6 model = get_user_model()7 exclude = ['password', 'last_login', 'is_superuser', 'is_staff',8 'is_active', 'date_joined', 'groups', 'user_permissions']
And when you want to include user
into another serializer, instead of using PrimaryRelated
or StringRelated
or any other, use that serializer directly, like follows:
1from mymasters.models.Course import Course2from mymasters.serializers.UserSerializer import UserSerializer3from rest_framework import serializers4
5class CourseSerializer(serializers.ModelSerializer):6 teacher = UserSerializer()7
8 class Meta:9 model = Course10 fields = '__all__'11 depth = 1
👻