Sanitize Input when fields are marked as Private

I have the problem that the if a rest create request was made with the user api, you can still send fields that are marked as private and it gets saved.

Is that intentional or a bug?

i dont want users to set privat fields via the api

This topic has been created from a Discord post (1236299408707158117) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord