Are publicly defined API dynamic fields visible to the user in a backend workflow?

mamadoucirecamara99 · 2025-01-04T03:31:02.834Z

Hello everyone,
I’m working with Bubble’s Connector API and have configured dynamic fields to pass values in my requests. These dynamic fields are currently defined publicly in the Connector API. If I configure these fields and assign values to them through a backend workflow, does this dynamic data remain invisible to the end user (for example, through their browser or developer tools)?

api connector694×413 21.3 KB

Thank you for your clarifications!

Jici · 2025-01-04T03:52:31.562Z

There’s nothing visible for user in backend WF itself.
However, the return url will contain a visible transaction token when used… So is there really an issue to pass it from frontend?

Also, I don’t think you should use the return_url to validate that a TX is successfull. You could use it to pass a TX ID and validate the status when the user come back (but with the callback url, the should be sent to a Backend/API Workflow, this shouldn’t be an issue and you should use that to update the TX status).

mamadoucirecamara99 · 2025-01-05T07:50:45.368Z

Yes, there is a problem sending it from the front end.
Normally I should receive this token via a webhook call.
But with the free version of Bubble, the webhook is not included.
So I want to send the transaction information through the backend and specify to my service provider to return the success URL with a token.

rico.trevisan · 2025-01-05T08:37:15.444Z

I would test this out with the browser’s dev tools’s network tab open. I might have misunderstood your workflow, but I’ve got a hunch that the value gets assigned in the backend, but the actual call is done via the user’s browsers. Meaning that you could be leaking this secret.

system · 2025-01-18T03:31:26.134Z

This topic was automatically closed after 14 days. New replies are no longer allowed.