Forum Academy Marketplace Showcase Pricing Features

Get text result from BW - API Call to front without DB 🤷🏻‍♂️

Guys I’m building a pitch generator. Using OpenAI, Davinci. For a free plan I trigger API call on a client-side, store result (text) in a custom state & have text element referring to this custom state.

Everything works just fine.

Now I’m about to push the app to paid plan and I need to move the API call to backend workflows. I can’t figure out how to return the text back to the same page…

  1. After step 1 of initiating a call in Step 2 I’m using “Return Data from API”. But can’t process what should be the next move… Or how can I trigger a call on the front-end to get this data into a Custom State.
  2. I’m trying to avoid storing results into the DB… wanna avoid additional delete workflows.

You can call the backend wf via the api connector and return a result

1 Like

What if the initial API is not done retrieving data from OpenAI? Oh hold on:

  1. I could trigger the main API call.
  2. At the same time trigger another API call from my own app to get the API results and store inside Custom State. Until custom state is empty I should keep triggering the second API.

Oh this is brilliant. HOWEVER:

The only reason I’m moving the initial API server-side is the security. I don’t want to expose OpenAI Keys on the client-side. Based on the structure I explained above, I’ll be exposing my app’s API Endpoint. I don’t feel comfortable doing this. @jared.gibb would you have any suggestions in this regard?

If your api fields are set to private then the client doesn’t see them even when calling the API from the client

Even whend doing a call from the front end the server is still the middle man making the actual call and delivering the result to the front end

1 Like

What @tylerboodman said. Mark the field private and the connection occurs on the server and the result is sent to the client. No exposed api keys.

@tylerboodman @jared.gibb Obviously fields are marked Private. I thought it was enough but somebody said those still get exposed in inspect element. I was just checking but I’m not sure…

Any reference about this in Bubble Manual?

No the client doesn’t get any private fields, that would collapse Bubble as we know it :laughing:

1 Like

This is in their API Connector docs:

An API call’s URL is never sent to the user’s browser. Call headers and parameters are only sent to the user’s browser if you mark them as ‘client safe.’

Client safe meaning Private un checked

Another quote:

Note that even though by default, API calls are made from the server, a description of the call is sent to the browser and are thus visible to a savvy user. This means that any sensitive parts of the call, especially secrets / tokens, should be in fields marked “Private”.


What about the body?!

Right now I have a template prompt that I send to OpenAI. Some part of the prompt are dynamic, user fields. But most of the prompt it static.

I don’t want to expose my prompt to anybody, even users. I guess I’m safe right?

If the parameters in your body are also set to private then they don’t see it.