External App - Resources API - Exposes a lot of information about my backend

Hi,
When logging on as an external user to the External App, in the Chrome dev tools you can see a call to a resources & workflow APIs i.e. https://xxxxx.retool.com/api/resources
https://xxxxx.retool.com/api/workflow/

In the response it contains a lot of information about the backend resources e.g.
base urls, resource type, authentication methods
Database connection host names, port numbers, and database names
Workflow who last deployed the workflow etc.

Is there a way to remove this sensitive information from the resource & workflow APIs

Thanks, Stephen

Hi @skringles, we created the internal feature request to hide these k-v pairs and will update you here with any news.

Thank you for your feedback!

1 Like