I'm using Rest API in my application. When I call the API, I can see API details including the response value in the Network tab of DevTool. I want to hide those details. Please help me.Thanks in advance.
Hi Arun,
As Ramesh posted, this is not possible. Everything that is received by the client (your browser) is visible in the browser using the developer tools (F12). That's not something OutSystems can restrict, this is purely how Chrome / Edge / Safari work.
If the API returns data that shouldn't be seen by the user, you shouldn't send that data to begin with.
Hi @Kilian Hekhuis, thank you for the response.
Hi @Kilian Hekhuis!
Can you please help me with this topic?If OutSystems is already "hiding" the attribute's values that are not used in a screen during a screen aggregate, why can't OutSystems hide also the attributes from the structure?
I'm getting a hard time justifying to the clients why should we follow the best-practices of using screen aggregates if that built-in feature is a security flaw (OWASP API3)?
I detail a bit more in this post:
https://www.outsystems.com/forums/discussion/98140/owasp-api3-security-risk-giving-database-schema-information-on-screen-aggregate/
Thanks!
Network tab in the inspect section of browser correct?
Yes.
Hey Arun Arivazhagan,
No
please click this link and get more details...
https://stackoverflow.com/questions/53630002/angular-5-is-there-way-hide-api-call-or-make-it-private/53630102#53630102
https://stackoverflow.com/questions/54926879/hiding-angular-api-calls-from-developers-tool-network-of-browser#:~:text=You%20can't%20hide%20api,from%20client%20and%20pass%20data.
thanks
Hi Ramesh, thank you for the response.