I am using rest api query where the user is logging in via our authentication server.
If you intercept and check the retool response after request, the id and password are exposed to metadata.
like this
{
"__retoolWrappedQuery__": true,
"queryData": {
"data": {
"result": {
-- our auth token data --
},
"session": {
-- our auth session data --
}
},
"metadata": {
"request": {
"url": -- our auth request url --,
"method": "POST",
"body": "{\"email\":\"-- here --\",\"password\":\"--- here---\"}",
"headers": {
"Content-Type": "application/json",
"User-Agent": "Retool/2.0 (+https://docs.tryretool.com/docs/apis)",
"X-Retool-Forwarded-For": "183.100.246.91",
"x-datadog-trace-id": "8051596538550527141",
"x-datadog-parent-id": "5819506979922769498",
"x-datadog-sampling-priority": "0",
"ot-baggage-requestId": "undefined"
}
},
"headers": {
-- skip --
},
"status": 200,
"statusText": "OK"
}
},
"queryExecutionMetadata": {
"estimatedResponseSizeBytes": 8062,
"resourceTimeTakenMs": 284,
"isPreview": false,
"resourceType": "restapi",
"lastReceivedFromResourceAt": 1675928651795
}
}
There is a security issue and I do not want to receive a response from retool. Is there any way to block the response?