I’m not sure exactly what you mean, I’ll explain more.
Bubble server to API
Making a GET call can have:
- query parameters, these are part of the URL sent by the server, so can be seen by routers, etc.
- headers, which aren’t visible to routers (assuming a https call). This is where authentication usually takes place.
Making a POST call (for example to the API workflow) can have the same as GET, plus:
- body, optionally containing body parameters. EDIT body data isn’t seen by routers either.
Bubble client (user’s browser)
The parameters set to Private don’t allow data from the page, so the field is missing in the app editor when setting up to invoke the call, and should be filled in by the server from the values in the Plugins section.