Hello all!
I have a API call set up.
In this api call i have a private key and a header and some other params.
I want this api call to be user based. The keys are set in the user data base.
How can i achieve this?
Run the calls in backend workflows and check box to ignore privacy rules.
Why to run backend wf and ignore privacy rules?
This is not needed. As long as the field that contain the key have privacy rules and set to only owner of the key can access it.
Bubble already run API call on server side.
@jr_aulakh please search forum before posting. There’s a lot of topics about that already.
A) Set auth selfhandled
B) Add header for authorization/api key to each call, remove private checkbox
C) User Current user API key dynamically
D) Make sure to apply privacy rules for this field. Only current user should have access to it
E) The only reason to use @boston85719 method is if you need to access API key to a different user than the current user.
I thought bubble has a built in feature to run calls in client if possible which Bubble handles and that api calls are not by default ran via server. Seen lots of forum topics on exposed api keys when calls ran on the page.
API call that contains header are run on the server. Key are exposed to the owner of the key. This is not an issue. This is why i said that the only reason tonuse backend WF is if you connect API of another user than thenon currently logged in. For example, you want to share a user google calendar to another user
1 Like
hello @Jici
Thank you so much for your help. I really appreciate it. I have added everything into the headers instead and now i can add the current users data instead.
Could you explain a little about point D that you made about privacy?
Thanks so much!
Go in privacy tab in Data and set privacy rules so only Current user is this user can access to this value