Can someone clarify something for me
When I’m in Settings -> API and check “This app exposeses a GET/DATA API” and check the table I want to make available.
I can successfully access the data from a table if the checkbox is ticked by entering: http://yourdomain.com/api/1.1/obj/type_name
This requires no authorization whatsoever
How do I make it such that this data is only available if the Authorization: Bearer API_Token is entered?
Hi @CJF, I’ve not actually used the Bubble API yet myself, but it seems reasonably well documented in the manual and the reference.
You can’t. Creating a token is only relevant as an authorisation for your api workflow endpoints.
You restrict information provided as a GET using privacy rules
I posed the same question Bubbles own api tokens, privacy rules query
Having reread that…I sound as if I know I’m talking about! I don’t it’s just a method of exclusion which I have exhausted over the past few days from work out for myself. This question in the forum I made was just asking for any insights from anyone else.
OK, so here is how you can do it (it isn’t particularly clear in the documentation).
Expose the GET API in Settings/API for whatever table(s) you need to access.
Create an API KEY.
Go to Data/Privacy and set up a new Data Role.
In the header on the GET use api_token rather than Authorization : Bearer in the reference (it is correct in the example in the manual).
What I haven’t worked out yet is how to differntiate the role of the API user from another logged on User. In this case I just tell Bubble that any User with a User name is OK.
@NigelG thank-you once again, really great.
@NigelG, thanks for the reply! I’ve tried exactly what you’ve said and it works for the live version, not for the development version strangely enough.
