For some time I have been using Current User in the backend for DB writes and conditions such as Created By = Current User. Bubble kindly captures this token for authentication. But… I burnt myself and suggest that it should not be used in favor of passing a parameter User in the call. Here is why…
As you may know you can only return a value from a back-end API if the API is made public and accessed using Bubble’s API connector. Otherwise the returned value only gives you the ID of the API process on the server. But… here it comes! Accessing the API in this manner does not pass Current User. Hence, any data (things) created are created under different credentials. In my case I observer (App admin).
It is true that you may not use the Backend APIs in this manner, I though so too. However, things change and now I have hours of rework due to my poor understanding of API return values.
So, if you would like to avoid this possible pitfall just add User in each table you plan to update from the back-end (which is best practice), and never assume Created By will do. Pass Current User via the User parameter and always use your own User thing… True this will add to your table size… 32 bytes I believe which is inconsequential compared to the hours of frustration you may endure.
John