I did a test
- FieldA is not visible for anyone (set in Privacy settings)
- a user triggers an API workflow which send him an email with this FieldA in the email’s subject
- the user receives the email with FieldA.
However, when I did the same thing trying to modify the FieldA with an un-autorized user, Privacy setting seemed to apply well. FieldA has not been modified.
Does it mean Privacy “Visible fields” settings do not apply according to the user who did the call, but it does for modification actions ? Should I consider that all the fields are visible for any user calling an endpoint ?