I have another system that will drop in a data.json file somewhere onto my Laravel site/folder structure.
I want only Laravel to be able to be able to read the json file (i.e. a user can't see it by typing a url into a browser).
Where should this file go?
I'm currently torn between putting it in application/models folder or application/[new folder]. My webroot is set to the public folder, so you can't access the application folder via a browser.
If it is in there, I'm assuming I will be able to read it within php but not javascript (which is okay).
Just create a new folder in the app/ directory. Thats not visible to outsiders. Everything visible is in the public folder, as you said. If you create a new folder you can autoload it by setting up composer.json.