Get only certain data from web-API get request

Question

I made an MVC project which includes CRUD operations to all my classes, using default controllers and view pages which support those operations.

My new task was to make few API controllers to specific classes, which I have done correctly so far. The problem is when a get request is requested, an entire object is returned with all its connections to other classes (which is correct!), but say I have this class:

public class VM{
    public int Id { get; set; }
    public string MacAddress { get; set; }
    public string IpAddress { get; set; }
    public DateTime? CreateDate { get; set; }
    public string PrivateKey { get; set; }
    public int AppId { get; set; }
    public int CompanyId { get; set; }
}

I don't want the user to get the privateKey for instance, or ID. I would like the user to get all the rest, but certain information should NOT be sent.

What is the best practice to achieve that? Will making a new class which does not have those specific class members be the right answer? Say tomorrow I would like to add another data member which will not be sent, will I have to make ANOTHER class?

I assume changing those specific data members' data to null just before sending the object back to the client is not the right answer, is it?

Answer 1

Just setting them to null is not the right answer indeed.

But generally you want your application to be as consistent as possible, and thus, for similar request you should return about the same types of fields/objects.

Thus a few (2 or 3) DTO (data transfer objects) should be sufficient. If the project is of a small scale, or you just feel like being crazy you can always convert them to anonymous objects as follows:

List<VM> VMs = VMRepo.GetAll();
vms.ConvertAll(vm => new {vm.MacAddress, vm.IpAddress});

Or even give then custom names:      vms.ConvertAll(vm=> new {MAC= vm.MacAddress, IP= vm.IpAddress});