Returning API response based on user role + sanitizeEntity()

In Strapi, a type’s fields can be set to “private”, which gets removed by sanitizeEntity() before an API response is sent out.

If this were to be enhanced by taking into account user role, what is the recommended method to do so? Is there a popular pattern used in custom controllers?


  • User admin see’s full fields
  • User authenticated see’s some fields
  • User anonymous see’s bare-minimum fields