Data api - meta endpoint

Hi, apparently I can’t hide (or put behind auth) the meta api i.e /api/1.1/meta
It exposes details of things and workflows.
I think this is so not secure.
Is there a way to restrict it?

2 Likes

+1 here… is there anyway to restrict access to it? (with api token?)

An interesting question, I assumed checking the box “Hide swagger documentation” but apparently that doesn’t do it.
@sam.morgan

Maybe I’m a dummy but what do you mean with your original question? It’s kind of vague and hence why no one responded.

Add /api/1.1/meta to the end of your app domain it exposes every workflow name and API endpoint, it’s different from the swagger documentation tho

2 Likes

For example here’s the Bubble.io entire data structure: https://bubble.io/api/1.1/meta

And all the juicy yes/no fields for if a User is an official Bubble employee, etc.

2 Likes

Interesting :face_with_monocle: :thinking:

2 Likes

@bubble please fix this asap

+1 also

1 Like