---
title: unpermitted_parameters.action_controller
description: Rails strong parameters filtered out unpermitted keys.
url: https://docs.honeybadger.io/insights/event-types/ruby/unpermitted_parameters.action_controller/
---

Rails strong parameters filtered out unpermitted keys.

Source **Action Controller** Category **Request** Fields **11** [honeybadger-ruby](https://docs.honeybadger.io/lib/ruby/)

## Fields

| Field                | Type           | Description                                                                                                            |
| -------------------- | -------------- | ---------------------------------------------------------------------------------------------------------------------- |
| `event_type`         | string         | Allowed value: `unpermitted_parameters.action_controller`.                                                             |
| `keys`               | array\<string> | Parameter keys that were not permitted.                                                                                |
| `context`            | object         | Request context at the time of the violation.                                                                          |
| `context.controller` | string         |                                                                                                                        |
| `context.action`     | string         |                                                                                                                        |
| `context.request`    | object         |                                                                                                                        |
| `duration`           | number         | Duration in milliseconds.                                                                                              |
| `instrumenter_id`    | string         | Rails instrumenter UUID.                                                                                               |
| `request_id`         | string         | Rails request UUID, present on any event fired during a web request context. Merged globally by the Honeybadger agent. |
| `hostname`           | string         | Server hostname. Attached to every event by default (events.attach\_hostname).                                         |
| `environment`        | string         | Application environment, e.g. "production". Attached to every event by default (events.attach\_environment).           |

## Example

```json
{
  "event_type": "unpermitted_parameters.action_controller",
  "keys": [
    "admin",
    "role"
  ],
  "context": {
    "controller": "UsersController",
    "action": "update",
    "request": {
      "method": "PATCH",
      "path": "/users/123"
    }
  },
  "duration": 0.12,
  "instrumenter_id": "d6a5b3f4c2e1908a7b6c",
  "request_id": "0f5e4bb2-3c46-4b1c-91d5-2f4e8a6b9c01",
  "hostname": "web-1.example.com",
  "environment": "production"
}
```

---

## Try Honeybadger for FREE

Intelligent logging, error tracking, and Just Enough APM™ in one dev-friendly platform. Find and fix problems before users notice.

[Start free trial](https://app.honeybadger.io/users/sign_up)

[See plans and pricing](https://www.honeybadger.io/plans/)