How To Setup API Authentication?

I am exposing an endpoint to collect data for the first time.

How do i provide a form of authentication for this? Do i need to add a paramater?


Sorted it out.

You have several ways to authenticate when you make a call to your Bubble app’s API, depending on the situation:

  • Use an API Token that you generate in the Settings Tab - API section. This API Token is secret and should not be shared with anyone. To authenticate with such a mechanism, add to your header Authorization: Bearer API_TOKEN. When you authenticate with such an API Token, the call is run in the context of an admin user of your app, that has access to all data.

  • Use OAuth 2.0 authentication. This is the preferred method of allowing an un-trusted web application to make requests on behalf of one of your users. Documentation coming soon; for now, contact for assistance.

  • Create sign up / login api workflows. This is useful for building an alternative front-end to your Bubble app, such as a native app that you develop. When an API workflow contains a sign up or a login action, a user ID, a token and an expiration (in seconds) are returned with the response of the call. Subsequent calls to your app’s API, with a header Authorization: Bearer API_TOKEN will runs all calls and workflows in the context of the user associated with the token. This user will be the ‘Current user’ you can access in your actions, etc. Privacy rules will apply to this user as they would if the user was logging in the Bubble app and using it in her own browser. This token should be kept safely wherever you’re using it.

  • No authentication. In some cases, you may want to enable calls that aren’t authenticated, for instance to let a user sign up or login to your app. To enable this, just check the box ‘This endpoint can be run without authentication’ at the endpoint level (see below). When a workflow is run in such circumstance, the privacy rules that apply are the one for ‘everyone’.

You can also add your API Token directly in the URL for both the Workflow/POST and the Data/GET API as a querystring parameter ‘api_token’. Note that this approach is not recommended as it’s less secure.


This topic was automatically closed after 70 days. New replies are no longer allowed.