> ## Documentation Index > Fetch the complete documentation index at: https://upstash.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Redact Private Data > How to redact private data in your messages QStash messages can contain private data that you don't want visible in the Upstash Console, or API responses. QStash allows you to redact specific fields so they appear as `REDACTED:` in the dashboard and API. The original values are still used when delivering messages to your endpoint. The SHA256 hash lets you verify the two data without revealing the original data. To redact a field, pass the `redact` option when publishing a message. Available options: | Option | Description | | ---------------------- | --------------------------------------------------------- | | body | Redact the body of the message | | headers | Redact the headers of the message | | headers\[header\_name] | Redact a specific header (e.g., `headers[Authorization]`) | Redaction is one-way. Once a field is redacted, the original value cannot be retrieved from the API or dashboard. ```typescript TypeScript theme={"system"} import { Client } from "@upstash/qstash"; const client = new Client({ token: "" }); const res = await client.publishJSON({ url: "https://my-api...", body: { hello: "world" }, redact: { body: true, header: ["Authorization"] // or `header: true` to redact all headers }, }); ``` ```python Python theme={"system"} from qstash import QStash client = QStash("") client.message.publish_json( url="https://my-api...", body={ "hello": "world", }, redact={ "body": True, "header": ["Authorization"] // or `header: True` to redact all headers }, ) ``` ```bash cURL theme={"system"} curl -XPOST \ -H 'Authorization: Bearer XXX' \ -H "Content-Type: application/json" \ -H "Upstash-Redact-Fields: body, header[Authorization]" \ -d '{ "hello": "world" }' \ 'https://qstash.upstash.io/v2/publish/https://my-api...' ```

Redaction is configured per message, so you can redact different fields for different messages. If a message fails and moves to the DLQ, the redacted fields remain redacted in the DLQ. However, when you retry a DLQ message, QStash delivers the original values to your endpoint. ## Schedules You can also redact fields in schedules. Pass the `redact` option when creating a schedule, and all messages produced by that schedule will have the specified fields redacted. Schedule get and list endpoints also apply redaction, so private data won't appear in API responses or the dashboard. ```typescript TypeScript theme={"system"} import { Client } from "@upstash/qstash"; const client = new Client({ token: "" }); const res = await client.schedule.create({ name: "my-schedule", cron: "0 * * * *", url: "https://my-api...", body: { hello: "world" }, redact: { body: true, header: ["Authorization"] }, }); ``` ```python Python theme={"system"} from qstash import QStash client = QStash("") client.schedule.create( name="my-schedule", cron="0 * * * *", url="https://my-api...", body={"hello": "world"}, redact={ "body": True, "header": ["Authorization"] }, ) ``` ```shell cURL theme={"system"} curl -XPOST \ -H 'Authorization: Bearer XXX' \ -H "Content-type: application/json" \ -H "Upstash-Cron: * * * * *" \ -H "Upstash-Redact-Fields: body, header[Authorization]" \ -d '{ "hello": "world" }' \ 'https://qstash.upstash.io/v2/schedules/https://example.com' ```

When updating a redacted schedule via the dashboard or API, you must provide the original values for the redacted fields. If you don't provide the original values, the redacted fields will be saved as `REDACTED:` — which is the hash value visible in the dashboard, not the original data.