OData Delta Patch Security

Paul Hatcher
Posted in OData
My main project is using OData a lot and one of the requirements was to ensure that certain properties should not be updatable via PATCH - this is to ensure the integrity of the object e.g. audit fields should not be changeable post-hoc. There’s a couple of possibilities, depending on your use case… You want to exclude the changes if they are supplied You want to throw an error if non-editable fields are updated.