An OpenAPI specification, also known as a Swagger file, is a JSON document that describes the capabilities of an API. It includes information about the API's endpoints, the parameters that can be passed to each endpoint, and the structure of the responses that the API returns.
It is most often used to communicate with other developers on how to use the API. If your business doesn't need that, then you don't need a Swagger file.
And by default, Bubble exposes this Swagger specification publicly for all our data and backend workflows.
You can find it at this URL: https://appname.bubbleapps.io/api/1.1/meta/swagger.json
Here is what it looks like:
But it is not easy to extract valuable pieces of information from it with this JSON layout.
A way to format this data is to go to this website: https://editor.swagger.io/ and paste the JSON file in the left part of the page.
Here’s what we get:
We can see an API Workflow called « case-close-case » that requires 3 parameters:
Case, type: String (UUID of the Case object)
By, type: String (UUID of the User)
Message, type: String (the message), optional
We can even see it clearly if we scroll down the page:
And this is not a problem by itself.
You always have to remember that obfuscating is not secure. It is not because you hide the access to your API documentation that someone will not be able to reverse engineer it.
Keep it in mind: the heart of the matter is in the privacy rules.
Solution
If you don’t have any use for this Swagger file, then it just makes sense to hide it.
To hide it, it’s just a checkbox to uncheck under « Settings > API » :
