Bubble exposing all API Connector details on page load?

Hi there community,

I was looking at the network traffic on my app just now and noticed that I was retrieving “dynamic.js” on every page. Curious to see what it was, I found that on line 222 (see attached image), where the JSON is parsed, every single API connection I have including all inputs and example responses are just… there…

Now these are just the example responses that you can see through your API Connector plugin (“Manually Enter API Response”) but it seems like all the data is there to be seen, including all the endpoint URLs you’re making calls to along with the inputs they take (the json also includes details on which inputs are optional, private, etc.).

I am not a security engineer but this surprised me so I’m here hoping to be reassured that this is perfectly normal and not to be worried about.

Thanks!

Anything in your API Connector not marked as ‘private’ should not be expected to be private.