How to use the latest Bubble feature releases in your app

bubble-tom · June 8, 2026, 5:47am

State changes from backend custom events leak to the frontend regardless of privacy rules

Did some testing on the new Trigger a backend custom event action. If a synchronous, page-triggered backend custom event writes to a field, the written value comes back in the workflow’s network response (state_changes) in cleartext — even if the field is privacy-hidden. It only sends back the fields that are written to with the written values, it does not appear to leak the entire datatype for the record being edited.

In my testing I was not passing in the datatype that I was changing into the backend workflow event, I was actually perform a search in the backend workflow and then making changes to it. Not sure what happens when you pass in the datatype / record you are updating.

Workaround: Schedule an API Workflow inside the backend event to do writes. It runs detached, so it never hits the frontend response. Keep your checks in the synchronous event, put the sensitive write in the async scheduled WF. So atleast you can still do checks and return custom values e.g. isError from the backend event, you wont know the write was successful but it still may be useful.

@georgecollier does this sound right to you?

georgecollier · June 8, 2026, 8:52am

Yes, though this is the same as page workflows.

The only difference here is that because it’s a backend custom event you expect only the returned value to be returned (and that’s not what happens). But I know Bubble team is aware so they’ll either do that, or document it clearly.

th18 · June 8, 2026, 1:20pm

My parameters to a call to a external API won’t show right? Just the full response for that API? About the conditions to trigger it, will show to the frontend? For example, ‘Current user company’ is ‘company’

georgecollier · June 8, 2026, 1:53pm

No they won’t, only the response

th18 · June 8, 2026, 2:30pm

Good to know, thanks

fede.bubble · June 8, 2026, 8:30pm

Team is investigating and might make changes in coming days depending on what they find. All this feedback is very useful though!

greg18 · June 15, 2026, 8:27pm

Thanks @georgecollier @ihsanzainal84 @randomanon and others for pointing out the limited utility of the Trigger a backend custom event from frontend.

@fede.bubble please keep us posted on updates to this feature

georgecollier · June 15, 2026, 8:34pm

They changed the behaviour Now only the data you return is returned to the frontend!

greg18 · June 16, 2026, 5:14pm

That’s great news, thanks @georgecollier

And when I use Trigger a backend custom event – from either the backend, or now from the frontend – there are no direct WU costs for triggering the custom event, right?

In other words, Trigger a backend custom event by itself does not cost 0.6 WU for “Running a server-side workflow action”, right? (Although the custom event is likely to include a database lookup/search, which will cost both the 0.6 WU as well as the lookup/search WU costs.)

Is my understanding correct?

georgecollier · June 16, 2026, 5:15pm

I haven’t tested but I would assume you do get charged for that.

Topic		Replies	Views
Josh and I are going live on June 3 with product demos and Q&A Announcements	29	665	June 4, 2026
[New Feature] Return data on custom events New features	78	6822	November 12, 2024
My take on Global Expressions Tips	11	397	June 6, 2026
Note to self: use custom triggers to untangle hairy if statements Tips	16	403	November 10, 2025
Multiple parameters on custom events New features	99	9683	January 31, 2024

How to use the latest Bubble feature releases in your app

Related topics