Console Logs (User details / resources etc) - Privacy Concern

Hi,
I'm building an external app for external users. When logging on with my test user I can see in the Chrome console - network tab, a number of details about users and the resources for my application.

Similar to this post Privacy concerns: users details are visible through console, There is an API call "appUsers" which returns user details of people who seem to have access to the application, including name and email.

https://xxxxxxxx.retool.com/api/organization/permissions/appUsers

If I have eternal users accessing the application I don't want them to see the other user details. Is there a way to prevent this API from being called? Or only return the user who's logged in?

Also I notice the resources API https://xxxxxxx.retool.com/api/resources
returns a lot of information about the underlying services that my application is using. Ideally I'd like to abstract this information from the external users. Is that possible via settings? Or would I need to proxy the calls through an API Gateway or similar if I'd like to hide those details.

Thanks, Stephen

1 Like

Hi @stephenk :wave:

Thanks for sharing this. We've flagged it to our engineering team and they're investigating.

1 Like

What subscription plan do you have? Are you using embed or portal, where external users are logging in with their own credentials?

Hi Abbey,

  • We're on the Business Plan.
  • We're using the Portal.

I've created a test user below -

with the following with access to use our external app -
permissions

I open an incognito Chrome browser and login to Retool using the test users credentials. Once I've logged in, I can see the "AppUsers" call in the Dev Tools network tab returning all the other users details. Not sure if it helps but the AppUsers call is the last request after all the "On Page Load" queries are executed -

Thanks Stephen

1 Like

Thanks Stephen. Our engineers are looking at this now.

Hi Stephen, thanks for flagging - a fix to this issue should now be live! Let me know if you have any other questions/concerns :slight_smile:

3 Likes

Thanks Abbey / Brenna. The fix is working great. Thanks for the quick turnaround time!
Cheers Stephen