Data Transfer Object (DTO)
A data transfer object (DTO) is an object that carries data between processes. You can use this technique to facilitate communication between two systems (like an API and your server) without potentially exposing sensitive information.
DTOs are commonsense solutions for people with programming backgrounds. If you're a developer, you probably know what these things are and how they work. If you're an average user, DTOs can be incredibly confusing.
OOP environments rely on a system of "calls." Each one is a bit like a data lookup, and they require both time and processing speed. If you’re not careful, calls can also expose sensitive data you'd like to keep hidden, such as:
Social Security numbers
As one programmer explains, you might require an employee's name and photo to enter your company. You need to provide that data for a match, but you don't need to give other information about the employee that you have within your database. A DTO can transfer only the information required.
Data Transfer Objects have only public fields, and these fields may have one of a limited set of types. This limits the risk of unnecessary coupling between modules, allows DTOs to be easily serialized (even though they are not java.io.Serializable), and makes DTOs easy to transform using the OSGi Converter. DTOs are therefore excellent candidates for service API parameters and return values, they can be used remotely, or outside of Java, and can be represented using JSON, YAML or any format of your choice.