This content has 4 years. Some of the information in this post may be out of date or no longer work. Please, read this page keeping its age in your mind.When trying to return with a complex object in .NET Core API, which has a Type property in it, the serializer gives the following exception : Passing Type, DataSet, DataTable through the JSON or XML serializer gives possibility to remote code execution for attackers. More information available at https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/dataset-datatable-dataview/security-guidance Workaround:Declare an enumeration for your types (ex: enum { string, int, etc }) you can parse the value for the requested type explicitly.