Delete $updatedAt attribute

Hi! Is there a way to make the $updatedAt attribute private or deleted? I don't want users to see when were the documents updated in a collection.

create a new object with all the atributs except of this

@zombikaa

you can use the .map functionality

but in general i don't know why you even give them access to the whole document object... why would they ever see this attribute?

I made it with a function

But thanks!

You can use Query.select as well, in that case you only pass the attributes you want

Yeah but the problem with that was that anyone can make their own code and get that attribute

Yeah, you're right your best and secure option is a function

The thing i dont understand is that can anyone make a function to my project if they give my project id?

You can assign execution permissions, if you allow permission to all users, any user logged in will be able to execute your function

But not executing, making their own functions

No, they will need an API key to do that, the API key must be associated with your project

I have a dynamic key

Cant they just request it from header too

Check this blog post: https://appwrite.io/blog/post/how-to-leverage-dynamic-api-keys-for-better-security

Dynamic API keys are short-lived API keys that Appwrite automatically generates for each function execution. These keys are unique to each function run and have specific scopes which enhances security by reducing their lifespan and exposure. In contrast, long-lived keys pose a higher risk if compromised.

If they generate an API key from their function, it won't work as each key is associated to a function and project