I'm building a public app that displays proprietary information to end-users from my own API and would like to prevent scraping of sensitive data.
I'm not sure if there are any measures in place already, but I'd really like to prevent users from doing thousands of queries to scrape my database. I could use rate-limiting on my API, but that would block out everyone if one person is trying to scrape the DB. Are there any tricks or tools I can use within Retool itself?
Hi @marc !
Thanks for reaching out. On public links, we actually collect no user info, which means any kind of authentication would be challenging. All authentication is associated with specific Retool user accounts, and since public app users are fully anonymous there is no user to work with that system. Public apps allow for unauthenticated, open access to the embedded app. If you need to give users access to confidential information or dangerous functionality, they would have to login with a Retool account.
In regards to limiting query runs with Retool, you can set a delay between runs.\
Or you can use temp state to count how many times the query is run and disable the query once it runs that number of times. Here's an example!
1. Create a new temp state and set the initial value to 0
2. Add an on success event handler to the query to +1 to the state value\