App token per user without expiration


I have an app with external (HW) sensors that are distributed worldwide. Each user who logs into my app has a group of sensors associated to the user. I need the sensors to be able to receive configuration from the app and provide updates into the app. I looked at the “Data API” and “Workflow API”.

Here are the options I found and their flaws:

  1. Use an API token and provide it to the sensors. However, the owner of the API token has admin rights and can modify the data for all users. This is not ideal.

  2. I looked into and one can use a temporary token supplied after the user logs in. But the problem is…the app allows external logins from Google or Amazon users. So the sensors wouldn’t (and shouldn’t) have the user logins in them. So this does not work at all for me.

Ideally, I think what I want is:

  1. When user signs up, I create an API token just for that user.

  2. The token from #1 are provisioned in the sensors.

  3. All updates using the tokens from #1 are restricted to the user’s data.

  4. Sensors poll the app every 5-10 seconds to receive updated configuration changes and also write sensor data for display in the app.

Anyway I could make this work? I was thinking maybe providing a sign up workflow that creates an API token, assigns it a role that is limited to the data for that user? I couldn’t figure out how to do that. I emailed support and they sent me here. Thank you!

BTW, is awesome! I don’t know if it’s feasible for this to work for people who have never done programming. But certainly great for backend/datapath engineers to create a front end along with datasource without having to hire and iterate with a bunch of frontend and database engineers. Great product and service!!


1 Like

Bubble Team any hint?

That’s probably the first step needed to allow our users integrate with other tools, or just pull data that are theirs.

@philippe1 If you are using Bubble auth, you can already using do it using the referenced link in the first post.

The issue is when you are using external login process. What I suggest is to do exactly what the first topic suggest by creating a flow on user sign up to create an API key for this user, store it in user DB. Create API Workflow without authentication data, but use Conditionnal filter to run it and search data related to this user.

It seems @philippe1 already found my posts on this, but I describe how to do this starting at this response in another thread:

1 Like

Thank you!

It’s still not very typical, as the user will have to add his GUI password and email in the headers if I understand well?

Duh, I know.

as you said…
Or do I create a virtual user for this sole purpose ? (and manage the API keys myself…).

My goal is to create an “app to app” integration (so my user could link another app he uses), not build a mobile app.