Forum Academy Marketplace Showcase Pricing Features

API authentication good practices


would it be ok to mark a WF API endpoint as “can run without authentication” but then apply condition on the workflow which would check if supplied parameters (for example clientid and secretkey) match those which are hardcoded in the user’s table?

The reason is that we don’t want to complicate things for the clients by requiring 2 step authentication (like login/signup flows that return token) and don’t want to give out manually API tokens configured in the app settings (that would require manual work and will provide clients sort of admin access rights).

Please share your opinion.

Founder at Bubblewits - Bubble Certified Partner – a place to buy Bubble templates for landing pages, e-commerce, workflows, APIs etc. - one page Bubble demo - Collection of apps built on Bubble

1 Like