Hello everyone,
I’m working with Bubble’s Connector API and have configured dynamic fields to pass values in my requests. These dynamic fields are currently defined publicly in the Connector API. If I configure these fields and assign values to them through a backend workflow, does this dynamic data remain invisible to the end user (for example, through their browser or developer tools)?
Thank you for your clarifications! 
There’s nothing visible for user in backend WF itself.
However, the return url will contain a visible transaction token when used… So is there really an issue to pass it from frontend?
Also, I don’t think you should use the return_url to validate that a TX is successfull. You could use it to pass a TX ID and validate the status when the user come back (but with the callback url, the should be sent to a Backend/API Workflow, this shouldn’t be an issue and you should use that to update the TX status).
Yes, there is a problem sending it from the front end.
Normally I should receive this token via a webhook call.
But with the free version of Bubble, the webhook is not included.
So I want to send the transaction information through the backend and specify to my service provider to return the success URL with a token.
I would test this out with the browser’s dev tools’s network tab open. I might have misunderstood your workflow, but I’ve got a hunch that the value gets assigned in the backend, but the actual call is done via the user’s browsers. Meaning that you could be leaking this secret.
This topic was automatically closed after 14 days. New replies are no longer allowed.
