What is the use of /metamodel.json

Hello, A recent security audit revealed the presence of a “metadata metamodel.json” file that is accessible for some applications when navigating to <URL>/ metadata metamodel.json. It seems to show all microflows that are available to a certain user, which parameters they use and what associations are used. Can anybody tell me what the use of this file is, and why I'm able to see it for a certain application, but not for others? Thanks Greetings Martin
2 answers

This page in the documentation explains the metadata.json file and it’s use:



Hi Martin,

I think that you are referring to the metaMODEL.json file, not the metaDATA.json file.

The metadata.json is located in the model folder of a deployment package (or in the deployment/model folder when running locally).
As far as I know it should never be presented to a user through the browser. It contains a lot of detailed info about the application including values of contstants.

The metaMODEL.json file is contained in the web folder of your deployment package (or deployment/web) when running locally.
I can't find anything in the documentation about that file though and am interested in finding out what it is too.
To me, it seems like it should not be exposed because it can show information about what entities and microflows are in your model, regardless whether the user is allowed to access/use those.

Maybe someone from @Mendix can pitch in?