Sensitive Data Redaction On Console/API

[mehmettokgoz]

QStash messages may contain sensitive data in the body or headers. Users need a way to redact these fields so they are not visible in the dashboard or API responses, preventing accidental data leaks. This also enables safer use of QStash in multi-tenant setups where customer data may be included in messages.

API

Allow specifying fields to redact when publishing a message.

import { Client } from "@upstash/qstash";

const client = new Client({ token: "<QSTASH_TOKEN>" });

const res = await client.publishJSON({
  url: "https://my-api...",
  body: { hello: "world" },
  redact: {
    body: true,
    header: ["Authorization"] // or `header: true` to redact all headers
  },
});

In this example, the message body and the "Authorization" header are redacted and will not appear in the UI or API responses. Instead, the UI will display REDACTED:<SHA256> so users can verify the value without revealing the original data.

Docs: https://upstash.com/docs/qstash/howto/redact-fields