We want to import/export some data (e.g. books and orders) from Bubble to a 3rd party app. We are using the Bubble Data API for this. We have two options for authentication here as far as I know. The first one is the Admin Access Token, the second one a User Access Token. We would prefer the User Access Token, due to privacy and security. As fas as I see it the only option to generate this is, to use the Username and Password. We dont want the user to put in the Password though every 12 months and we dont want to store the password in plain text as well. Is there a other option to generate these tokens and handle the Authentication alone?
Funny you should ask as I’m researching the same thing. I was looking at this article: As a User - Bubble Docs
The issue I have is we don’t use email/password but rather OAuth with Microsoft/Google. I’m not sure how to implement this.
Have an api_key field (text), and key_expiration_date (date) on the User datatype. When they login, have it check if the expiration date is empty or older than the current date/time, if so run the API call to generate a new key using the email and password input boxes, then store the result.
For @treb.gatte , no clue 
3 Likes
Thanks for the great tips @tylerboodman . As far as I can see that, this makes it still necessary though for the user to re-enter his credentials every 12 months. Is that correct?
I know what you mean. As far as I understood the Bubble docs you can only do this with the bubble native sign in process. We are using Google OAuth as well. If anybody has a solution for this, I would be really glad, if he could share it.
Yea, I figured they would be signing in every day or something and you can keep the token fresh. But if they are also signing on once a year then correct.
Maybe it’s good they at least sign in. yearly??
How do you generate the user api key as a consequence of the log in? I mean, I was looking for a specific action that made that or some checkbox (as for example when you use the send verification email action and take advantage of just generating the token) but I couldn’t find it anywhere
You do the “Log the user in” action and any subsequent actions can reference the Result of the login step (the API key)
Thank you. I guessed it but I can’t actually get the “result of step1” (the login action) in my following action (I use the “make changes to current user” one as I have created the api_key field in the user datatype as you suggested, but I have checked with the “make changes to a thing” as well)…
I also tried to check, as a first action, the “sign the user up”, but also with this I can’t see any result of this step in the following ones…sure I am doing something wrong but I can’t figure out what…
It says it has to happen in a backend API Workflow, but even so I just tried it and I’m not seeing the result either…
Thank you for confirming…
so I think the correct (and only) way is that exposed in this post: