External App - Resources API - Exposes a lot of information about my backend

💬 External Apps
1

Hi,
When logging on as an external user to the External App, in the Chrome dev tools you can see a call to a resources & workflow APIs i.e. https://xxxxx.retool.com/api/resources
https://xxxxx.retool.com/api/workflow/

In the response it contains a lot of information about the backend resources e.g.
base urls, resource type, authentication methods
Database connection host names, port numbers, and database names
Workflow who last deployed the workflow etc.

Is there a way to remove this sensitive information from the resource & workflow APIs

image
image1012×443 94.3 KB

Thanks, Stephen

1 Like
3

Hi @skringles, we created the internal feature request to hide these k-v pairs and will update you here with any news.

Thank you for your feedback!

2 Likes
4

no update?

5

Hi @jjfoster,

Thanks for checking in. Unfortunately, this issue hasn't been prioritized over other projects yet :disappointed: I will reach out if it gets picked up by our team

6

Hi,

Is there an update on this change/internal request?

Thanks Stephen

7

Hi @skringles,

It looks like this request recently had it's priority bumped up and will be on our roadmap. No solid timeline yet, unfortunately.

I added a +1 to the ticket for you to increase it's weight. I will update this thread as soon as news comes in from the engineering team :+1: