Building Secure RESTful APIs with NestJS: A Practical Guide/

...

/

Serialization

Serialization

Discover serialization in NestJS.

We'll cover the following...

Transform the response in NestJS using serialization

Serialization is the process of transforming data objects into a format that can be sent over a network or stored persistently, such as converting data to JSON. In this lesson, we’ll explore how to use serialization to transform the response in NestJS.

Why do we need serialization?

One common use of serialization is to control the data sent in API responses to prevent sensitive data from leaking. For example, we have a password field in the UserEntity class.

Press + to interact
import { Exclude, Expose } from 'class-transformer';
import {
  Entity,
  PrimaryGeneratedColumn,
  Column,
} from 'typeorm';
export const GROUP_DETAILS = 'group_details';
export const GROUP_LIST = 'group_list';
@Entity('user')
export class UserEntity {
  @PrimaryGeneratedColumn()
  id: number;
  @Column()
  user_name: string;
  @Column()
  email: string;
  @Column()
  password: string;
}

Let’s say we have an API endpoint to retrieve user entities. Without custom serialization that filters the sensitive information, the endpoint will return the entire entity, including the password property, which should not be exposed.

The main reasons for using serialization are as follows:

  • Data security: By selectively exposing only necessary information and filtering out sensitive details, serialization ensures that confidential data, such as passwords or private user information, is not inadvertently disclosed in API responses.

  • Structured response: Serialization plays a pivotal role in structuring API responses consistently. It allows us to define how data should be presented, ensuring a standardized format that’s easily understandable by clients.

  • Ease of consumption: By converting complex data structures into a format, such as JSON, that’s widely supported and easy to parse, serialization facilitates ...