Hello, I’m not sure if this is possible, but currently anyone who views
https://mysite.com/api/1.1/obj/User
will see everything in that object.
I only want those who have a special key to see this, but when trying to set up privacy conditions / users this does not seem to be an option. Is there any way to go about this?
You need to set privacy like current user is logged in. If you share the api key, they will be able to see this data but also edit because this is like an admin. The best thing is to user to authenticate using their own credentials
Read this https://bubble.io/reference#API.authentication
The problem I am having though, is that if a user does not have permission to see the info in the API, they wont have permission to see the info displayed on the site either. For example, Emails are visible on the API which I would not want, but if I change the privacy rules to make emails not visible, it ruins any workflows that might need or use them. So ideally it would be nice if only those with the key could visit the API page, but that seems to not be an option
Not sure to follow. Do you have any login you app?
Basically what I mean is, regardless of what info is on that API page, I would not want anyone to visit that page. I don’t like how anyone with the url to /api/1.1/obj/User can view the page but there is no way that I know of to password protect it, or refuse to display info there without a key
You need to set privacy. Now my question was about to know if user need to login to your app (not to api)
You can change it in your settings > API > Enable Data API
