Forum Academy Marketplace Showcase Pricing Features

Django Rest API Backend and Bubble Integration

I have a mobile app using a react-native frontend and django rest api for the backend.

I’m interested in using Bubble to build the web frontend, and am wondering how to best integrate the two - specifically for the authentication side. I’ve used the API Connector plug-in to successfully pull in data that doesn’t require a user to be logged in, but I’m stuck on what the best way is to handle the login/authentication side of things.

I’m looking at using token authentication, session authentication, or something like JWT. For those, where would I store the token/csrf cookie/etc? Maybe with the Cookie Handler plugin like in this post:

Or is a better approach building a plugin that handles this, instead of using the api connector?

Anyone have experience with integrating their own django rest api backend with bubble including the authentication side of things?


Hey @mladen1, I run a Saas Software company built on the web with SQL and C# backend. We have built several APIs as well including authentication. In my other post you referenced, I built a bubble app for our company (separate from the other C# code) where the Bubble app authenticates with those APIs and then stores the API tokens as a cookie in the browser, and then each API call uses the cookie from the browser to authenticate all the calls to get the data into Bubble. When the user logs into my app, the workflow calls the other API and stores the token. from there, the user is logged in and authenticated to make other API calls. I used the API connector to do this.

My Bubble app has no Bubble database tables. It’s 100% front end only and uses the APIs to push and pull data to the SQL database.

Hi @robertpbrinton - thanks for the response and the original post! The main hang up I have with that model is that the Django REST API docs say to use token authentication only for mobile or native desktop applications, but not for the web due to security concerns:

Have you used your method with JSON Web Tokens? It seems like that might solve some of the concerns from using a simple token.

In my case, the token expired every 1 hour, so having it stored on the browser wasn’t too much of an issue. So there was a refresh token that would fetch a new one assuming the user was still authenticated. or else it could force a new login. the refresh can be automated or manual using the refresh token. I think this is the JSON web token, no?

Ahh right, you have a refresh token, so that is probably JWT.

Thanks for the help - I’ll take a crack at implementing it, and let you know how it goes!

@mladen1 — any update on how this went? looking into something similar and would love an update on your progress.