API Connector body type and parameters

Security is huge! Wondering what best practices are for sending data to an endpoint.

Yes, there are URL parameters:


And then there are parameters under the body type:

Are the parameters under the body type safe to send as though they’re being sent via the JSON body? I want to ensure my URL isn’t holding ALL of my parameters and that when I select the JSON body and then add parameters under that section that the parameters are only being added to the JSON body.

Recently was told that this may not be the case, which then begs the question why Bubble’s UI is misleading.

Would love to have some discussion about this! @NigelG , maybe with your years of experience you’d be able to shine some light on this?



This is a GET vs POST question I think.

URL parameters on a GET are not as secure (they are, for example, stored in logs).

Yeah - just wanted to double check cause the UI is whack.

Confirmed URL params are URL params, an in the event you’re on GET, params means URL params.

Whereas you’re on POST, the params button is the JSON body.

Very silly.

@bubble please fix :slight_smile: