on my bubble app i just disenabled the Data API access since i don’t want it to be publicly visible to everyone, but i want it to be accessible for my python codes and endpoints, i created an API token for my python service that i want it to access the data but using the private key generated. i’m still getting this error: “Error fetching data from Bubble API: 404 Client Error: Not Found for url: https://upgradefromstr.bubbleapps.io/version-test/api/1.1/obj/listing?limit=100&cursor=0” which mean my API request couldn’t access the data, how can i properly set my API keys/tokens to access the data?, i’ve been reading all bubble articles on the API authentication section Data API endpoints | Bubble Docs and i can’t find where to set the authentication to access my database when the Data API is enable
You cannot disable Data API if you want to access it! You need to keep it enabled. You need to check your privacy rules to be sure nobody can read data without api key. Also, you can disable swagger to make it harder to guess.
Thanks! i tried enabling it and disabling it but now i have it enabled. “You need to check your privacy rules to be sure nobody can read data without api key” i was trying to do this but couldn’t set a privacy rule for that, how would be the expression?
Could be as simple as Current user is logged in. But this depend of the data. This could be also This thing 's creator is current user. But this is hard to tell you without knowing who can access this DB.
mmmm, the way i’m thinking of it is to set it that if you have the api token you can access the data, is that possible? because the privacy rules apply to users on the screen interacting with the app while sometimes i want to trigger the requests outside of bubble, if that makes sense. given that the field is enabled, more than allowing accessing the data, my mindset is more into disallowing it. we tried with the everyone else default permissions privacy rule and as soon as the find in searches is unchecked, the request worked with the authentication and it didn’t work without the authentication, that’s the behaviour we want but not on the everyone else default because i DO want every user to find the filelds in searches inside the app, not sure if i explained myself properly, thanks for everyhting Jici, and i hope you have an answer for me on this one too
If Data API is enabled and you call Data API using api token, you can access data even if you have set privacy rules yes. Privacy rules is to avoid someone without api token to access data. Privacy rules apply to ANY user inside or outside Bubble (when you use Data or WF API, privacy rules are applied (but in Backend WF, you can select ignore privacy rules, this is not possible with Data API).
If you want to trigger a request (I understand a workflow) you should use Backend/API Workflow instead. If you enabled authentication, only authenticated user or someone with api token created in Bubble API Settings can access to this endpoint.