Another "404: Workflow Not Found" Thread

Seeing this across other threads but the solution for them was to expose the API.

My API is visible and initializes when I make it public, but I don’t think it should really be public.

I have set up the API key, as well as the API itself, but as soon as I set it as not public, the call can’t see the workflow anymore.

The API is supposed to return a value, whicih is does when public.

Any idea what I could be doing wrong?

You need to expose the workflow as a public API in order to access it from the API connector.

3 Likes

Also… you have set GET request, but the backend endoint seem to be set as POST (however ,actually you don’t see the option to switch to GET because public is unchecked like @adamhholmes said)

2 Likes

Doesn’t that present a security risk, as it’s accessing data that is protected by privacy rules?

But your endpoint is protected with authentication…

1 Like

Yes, public with authentication is generally fine.

However, people don’t really understand what ‘authentication’ means in a Bubble context.

Anyone with an admin API key can use a BE workflow that requires authentication. However, any logged in user can also do this.

I’ll say that again:
Any backend workflow that is public, even if it requires authentication, can be run by any logged in user. This will be constrained by the privacy rules of the user that made the request. Be very mindful of which endpoints you make public, and be sure that you’re fine with any logged in user being able to call that endpoint because depending on its contents, that could lead to dangerous behaviour / exploits.

3 Likes

It looks like you have added Authorization twice. Delete the one inside your api call under ‘Headers’. It should work fine then.