Here’s an example.
You have two workflows:
- App workflow
- Backend API workflow
You’re running app workflow which creates a bunch of records in your database, it does this by firing the backend API workflow, which runs recursively.
You do validation within your App workflow to check user entered data.
The Backend API workflow is exposed publicly but requires authentication.
Theoretically a logged in user could call this API endpoint with their session token as Bearer and the correct parameters(?).
If the above is true, presumably you need validation on both App workflow AND Backend API workflow?
As you can probably tell I’ve just started building on Bubble, and haven’t yet put any validation on the data coming into my backend workflows. I THINK it should be required but asking beforehand (I’m conscious of WU usage).
Thanks