I have a Bubble app where users can login and enter their data. I am using Bubble API’s also to get all the Users data and there are a few more API calls with external API calls i am doing and returning data back to Bubble Table. The API Integration, i have done this on third party platform like Zapier.
I can see that if i don’t use privacy rules than someone with technical skills can access my data. But how can i use privacy rules if i want to use API’s also? If i use privacy rules, than i am not able to get table data via API. If i don’t use privacy rules, than i am able to get table data via API.
Seems promising and I am interested in this as well. Maybe there’s a workflow to setup so each user can have their own API key and Bubble would know to follow the User’s privacy rules…
@exception-rambler, any advice on refreshing it automatically? Couldn’t it check if the token is expired (via a date field for something) and call for a new token when they log in?
No workarounds that I know of - tokens are valid for a year (where ‘Stay logged in’ has been ticked on backend) .
If you’re storing the tokens off-Bubble and using them on behalf of the user - e.g. you’re using a Bubble backend for a native app and holding tokens in local storage - then what you suggest should work → using a login event to automatically update the token as the expiry date approached.
But if the user takes their token and places it themselves in some 3rd party app in order that it can authenticate them and interface with endpoints / data API, I don’t know of any way that you can avoid them manually needing to update that token within 12 months…. But there might be one out there somewhere!
