QStash messages may contain sensitive data in the body or headers. Users need a way to redact these fields so they are not visible in the dashboard or API responses, preventing accidental data leaks. This also enables safer use of QStash in multi-tenant setups where customer data may be included in messages.
Allow specifying fields to redact when publishing a message.
" });
const res = await client.publishJSON({
url: "https://my-api...",
body: { hello: "world" },
redact: {
body: true,
header: ["Authorization"] // or header: true to redact all headers
},
});">import { Client } from "@upstash/qstash";
const client = new Client({ token: "" });
const res = await client.publishJSON({
url: "https://my-api...",
body: { hello: "world" },
redact: {
body: true,
header: ["Authorization"] // or header: true to redact all headers
},
});
In this example, the message body and the "Authorization" header are redacted and will not appear in the UI or API responses. Instead, the UI will display REDACTED: so users can verify the value without revealing the original data.
Fetched April 19, 2026