diff --git a/backend-services/user-service/controllers/appController.js b/backend-services/user-service/controllers/appController.js
index dbabe14c2e129f82a92ac05a91c49cc72ee46b44..d453a4f72e328f41ed25e764d1da29f2b5be7893 100644
--- a/backend-services/user-service/controllers/appController.js
+++ b/backend-services/user-service/controllers/appController.js
@@ -225,7 +225,8 @@ export const GetUserList = async (req,res) => {
 }
 
 /**
- * GET /searchuser
+ * GET /search
+ * This endpoint OMITS the password and email fields
  * @param {*} req 
  * @param {*} res 
  * @returns 
@@ -239,8 +240,9 @@ export const GetUserList = async (req,res) => {
     if(query === undefined || query.length === 0){
       throw new Error("Please provide a valid query!")
     }
-    const usersWithMatchingId = await UserModel.find({"username": {"$regex": `^${query}`}})
-    const usersWithMatchingName = await UserModel.find({$or: [{"firstName": {"$regex": `^${query}`}}, {"lastName": {"$regex": `^${query}`}}]})
+
+    const usersWithMatchingId = await UserModel.find({"username": {"$regex": `^${query}`}}, {password: 0, email: 0})
+    const usersWithMatchingName = await UserModel.find({$or: [{"firstName": {"$regex": `^${query}`}}, {"lastName": {"$regex": `^${query}`}}]}, {password: 0, email: 0})
     return res.status(201).send({ usersById: usersWithMatchingId, usersByName: usersWithMatchingName});
   } catch(error){
     return res.status(401).send({ error: error.message });