Data api - meta endpoint

developers7 · August 5, 2023, 5:52am

Hi, apparently I can’t hide (or put behind auth) the meta api i.e /api/1.1/meta
It exposes details of things and workflows.
I think this is so not secure.
Is there a way to restrict it?

antonio1 · August 7, 2023, 3:45pm

+1 here… is there anyway to restrict access to it? (with api token?)

tylerboodman · August 18, 2023, 10:21pm

An interesting question, I assumed checking the box “Hide swagger documentation” but apparently that doesn’t do it.
@sam.morgan

ihsanzainal84 · August 22, 2023, 3:02pm

Maybe I’m a dummy but what do you mean with your original question? It’s kind of vague and hence why no one responded.

tylerboodman · August 22, 2023, 3:19pm

Add /api/1.1/meta to the end of your app domain it exposes every workflow name and API endpoint, it’s different from the swagger documentation tho

tylerboodman · August 22, 2023, 11:57pm

For example here’s the Bubble.io entire data structure: https://bubble.io/api/1.1/meta

And all the juicy yes/no fields for if a User is an official Bubble employee, etc.

jared.gibb · August 23, 2023, 12:17am

Interesting

developers7 · August 29, 2023, 10:37am

@bubble please fix this asap

tauno · October 13, 2023, 1:38pm

+1 also

Topic		Replies	Views
Bits of your Bubble app you might not know are public Tips	25	6672	July 23, 2024
Generate Swagger Documentation - APIs	13	7206	April 17, 2024
Exposing my Data as a Rest API APIs	5	3876	April 29, 2021
API permissions according to API key - possible? Need help	3	180	November 20, 2023
My API documentation. Where did it go? APIs	5	505	December 23, 2022

Data api - meta endpoint

Related topics