Anyone have experience in using the Data API but setting changes for a particular user.
I see this article Authentication | Bubble Docs but it states that we need to log the user in and I dont want to have to change the user’s password each time we want to do this.
For example right now I have a pretty detailed logging system for a clients app. When a user changes a field we track who added or changed it. However when this is changed using the backend API it always comes in as App Admin.
This is because you are using Admin API key and not password auth process
You don’t need to change the password of the user each time. The user need to send it to a BW like a token endpoint (with email) and you log the user in there and Bubble will return a token that can be used in Authorization: Bearer header (like for admin key) for both Backend workflow or Data API.
Thanks, but what if the user is already logged in and is just using the app. We dont log users out.
Does this mean we will have to force users to keep logging in when they want to use this feature or an extra step?
It also doesn’t let me reference Log a User in step later in a workflow chain so how do I get that key?
Is it because you are doing batch create operation? If not, why are you using Data API?
Yeah, I created a plugin for a client which does a lot of bulk data changes. But its now not being logged, such as who changed the item or added new ones because all the data appears as App Admin.
There’s no way without getting an access token using backend WF for what I know. Maybe using session cookies but I’ve never tested this for calling batch data api endpoint.
Can you explain what your plugin is doing? Maybe this can be done with Bubble native functions?
I’ve suggested in the past that each user come with an API key. This is not implemented and I don’t expect this to be added soon 
Yeah no problem. Its an excel sheet.
So a user can modify a list of items at once by copy/paste or importing values.
All with a built in Undo/Redo function, real time saving and more.
We have an old version of this at the moment using a bunch of Repeating groups but I wanted to see if I could build a better thing. One that could lock a header and a column 
We have a bunch of data modified logs in the app that check when data is changed and then create logs. These reference who changed it. And since this data is all being changed or created all in the backend data api, I cant attribute it to a user. So not knowing who was the one who went on the sheet and deleted everything isnt great.
Bubble table can do that
But your plugin is nice and I understand what you are doing. Maybe using a backend WF with Schedule WF on a list? Anyway, if this is doing also update (not just create), You are calling data API for each row updated and not batch endpoint. Using Schedule on a list will be very similar.
That is just a few things it does on top of many many others. Too much to explain. Tables wouldnt work and the backend workflows is what we have but again its not ideal.
If you could explain how I could “log” a user in to get that API Token Endpoint, that would be much appreciated. or share an example where you were able to do it.
I have not done that before and can’t find any examples
Create a backend WF with two parameters: email and password. No auth and set it as public.
Add one action: Log the user in
The response will contain an access_token
You will need to use API connector to call this backend WF
I’m wondering actually if a custom oauth2 to your own bubble app could work.
You create API connector set to manual/self-handled and add fields to current user (or a related DB) for access_token, refresh_token and expiration date.
when needed, you use this access token (and if expired, you refresh it first)
Thanks for sharing, I will have to take a look at this. I don’t love the idea of saving a users username/password in order to refresh the access token.
Not many people would have access to this sheet so even attributing a API key to a user would have been perfect. But of course that doesnt exist.
I totally understand and you shouldn’t do that. This is why I suggested to instead use the oauth2 function and save the access token with the user. The user will only need to connect once and after you save this to your DB.
