Forum Academy Marketplace Showcase Pricing Features

API - Privacy settings

I did a test

  • FieldA is not visible for anyone (set in Privacy settings)
  • a user triggers an API workflow which send him an email with this FieldA in the email’s subject
  • the user receives the email with FieldA.

However, when I did the same thing trying to modify the FieldA with an un-autorized user, Privacy setting seemed to apply well. FieldA has not been modified.

Does it mean Privacy “Visible fields” settings do not apply according to the user who did the call, but it does for modification actions ? Should I consider that all the fields are visible for any user calling an endpoint ?

It depends on the authentication you’re using. if you use a private key, you’re running workflows as the app owner, so you can see anything. Which means you’re responsible for what the workflow does, and for not giving that key to others.

See this https://bubble.io/reference#API.authentication

I did read the doc but could not understand well enough.

I don’t use authentification ( I mean I don’t use the API key). The endpoint is called by the logged in user from my Bubble app :

So with these parameters, all fields are visible, whoever call this endpoint, right ?
Then I don’t understand why in my test action for modifying a thing is restricted ?

No, if it’s called by the logged in user with his token, then the data should be visible or not as set in the privacy rules.

Now in the specific case of your email, we test security when we send data to the client. As as email is sent from the server, the security rules aren’t applied there. It’s the responsibility of the app owner not to create situations like this.

The point of security is really to make sure malicious people can’t access data from a client. In this case, it’s different, it’s a workflow that you have set up. See the difference?

I was wondering if rules where the same for emails… so my test was not right and that explains why privacy rules did not apply in this case
So yeah I get the point, thanks. Then rules are as expected

Actual privacy rules work well in my app for ensuring anonymity and preventing modifications by users not allowed to. Which is already a very good start :slight_smile: but now I’m getting a bit stucked in by them.

Here an exemple of a recurrent issue I’ve got which doesn’t not make things easy :

  • I’ve got different buyers, each with their private orders, participating together to a group purchase.
  • A buyer can’t see other buyers’ orders.
  • But after a user has paid, I need him to call an action which merges in a list all buyers’s orders. (I know I could add the new orders to a global list each time a buyer pays, but there would be a risk of non-compliance at the end).

so here my question : Can I trigger an endpoint without being limited by the Privacy settings set in for the user who called it ? For @developers, I’ve no idea whether this kind of endpoint running a workflow with superior rights is usual ?
Because in this case there would be no privacy concern (no data returned), only a ddb update.

You can, if you use the endpoint with a private key.

then i would need to use a third party app ?

What do you mean?

I don’t see how I can I use a Private Key (from API > API Tokens) when I create a call to an endpoint with the action “Trigger a Future WF”

You don’t need a key there, but in that case, the workflow will be run in the context of the current user.

So I could achieve that if I was doing Api call with the Token from a third party app, but here I’m limited because I use Bubble Editor ?!
Can’t be define for an endpoint “full data access” or “run as an admin”, whoever the user calling it ?

It would solve my issues which are all of the type of this use case : update stocks for products, genererate a sum up of all the orders…

Why not changing the privacy rule there then. To me, it makes sense that we run the scheduled workflow as the user the scheduled it (for instance, if you want to send an email to the current user, we need to keep the same current user), so it seems like you should update the privacy rule instead.

1 Like

Sure it makes sense to me as well. But being also able to make a call for updating things a user don’t have access to makes sense too, right ?

Dealing with the privacy rules I needed to set in for my users is something I’m trying to do. But it makes things much more complicated than there are when trying to calculate things I need.

The only solution I came up up is having a copy of the list I need others users to acess (for exemple with the use case aboce the list of the user’s Orders)

  • the original one would be used for displaying things on pages & is only visible by the user
  • the copy would not be displayed on pages but would be visible for all so it can be used when calculation are needed.
    That would complicate my app in a non-necessary way I think. A not that secured as well.

I thought also using Zapier : Action send an email to Zapier > which make a POST API call
but that would a big workaround. and may not be that reliable i think

Would it be technically difficult to have an endpoint “by-passing” Privacy rules" ? so any user can trigger some updates of the database

Let me check and get back to you on this.

Thanks. If you need more details on the use case, or need another one, I can explain more. I really hope something is feasible in the way :slight_smile:

So we just added his. You can now ignore privacy settings when you schedule a workflow.

We also changed the system so that privacy rules are also applied to workflows on the server (which wasn’t the case before). If you check the box at the schedule action level, the workflow that will run in the future won’t use these rules, but that’s the only case.

2 Likes

That’s super great, really ! Thank you.

1 Like