Forum Academy Marketplace Showcase Pricing Features

Dynamic APIs and Dynamic User API Keys

I’m building a new dashboard that works alongside my employer’s tool and I need help creating dynamic API connections that each user enters information for. For example, I need a user to be able to enter their own API keys from the 3rd party tool then pull data from that 3rd party tool into my dashboard specific to that user’s account. Here is the example code from my company’s API:

curl -X POST {baseURL}/public-api/v1/agent/{agent_id}/device/{device_id}/connection
-H ‘Content-Type: application/json’
-H ‘Accept: application/json’
-H ‘X-Api-Key: API_KEY’

All users need their own unique API key and all of them have different {agent_id} and {device_id}.

in bubble api connector plugin the use of {} doesn’t get dynamic values but replacing them with [] will

Then from there would I just have fields in the dashboard that users can enter their info and it would populate the APIs?

When using the APIs if it is a data the dynamic values are added when setting up the datasource (being the API) and if it is an action you would have the ability to set those parameters when setting up the action.

Knowing how that works, you could then figure an easy way to store the values provided by the users in the DB and uses the DB values to populate the dynamic values for the API calls.

Did you find a solution to this @bobby2 ?
I’m struggling with the same thing.

Hi Christopher,

I was able to create a field where users can provide their unique API keys, but now I have the problem of them being in plaintext. I’m exploring using an encrypt/decrypt plugin to see if that will do what I need.

I haven’t been able to spend as much time on this project as I would like so I’m hoping soon I’ll be able to test everything and make sure it all works as needed.


Thanks for the reply!

My problem is exactly the same.
I’m building an app where each user will connect to their own account in the external api source I’m building support for, and each of them will have a personal token.

When I removed the check on “private” of the Authorization header, I was able to provide the token dynamically from within the builder, but as you say, it is in plain text and therefore exposed when the request runs.

This alone makes it seem like the scope of Bubble is limited to applications built for one to one connections between accounts on different external data sources/systems, and not one to many.

Cheers anyways Bobby, and thanks again for your response.

Could you do the call in the backend workflows? I do this in my apps, not for the same purpose, but I have some parameters for calls that I have stored in the DB that have privacy rules applied to them. I then run the calls in the backend workflows and check the box to ignore privacy rules…My assumption here is that since the calls are happening on the server (due them being done in backend workflows) there is not the issue of sensitive parameters being exposed.

To be honest I have no idea whether I could do that or not.

The use case is simple:

  1. The logged in user has an account on an external system/service.
  2. There are objects called projects in the app I am building in Bubble.
  3. There are also objects called projects in the external system/service the user is using.
  4. I want to make it possible for the user to view a list of projects in the other system/service, within my Bubble application.
  5. In order to do so, I make it possible for the user to save his/her private api_tokens in the Bubble database of my app.
  6. Whenever this user is logged in, and goes to a page where he/she can view this list of projects, I want the API Connector to use the api_token that the user has saved to the Bubble database as the Authorization header for any request to this API.

I had a look at the documentation, and I can find a way to run the request as a backend workflow. Given that this is in fact view specific, I guess it would also be really hard to trigger the workflow in the backend and then return the data to the client?

If the data itself is not sensitive, you could create a data type to store the data and once the user has finished viewing you could delete it…this way in the backend do the calls, then create the data using the data from call on the data type in Bubble and then have a listener event on the page for some change to the data to signal its finished processing and then display it on the page.