I am creating an API and I don’t want to expose all and I don’t want to add any authentication. I only want to make specific endpoints for a model but don’t want to use the Bubble default of having all data exposed. Meaning, let’s say I have a Tweet object. As opposed to having:
return all Tweet data, I would want that not to work. Then I want to make a specific endpoint to access all tweets where the first letters of the tweet’s content are hello. Something like:
and then I can make the internal logic to handle that endpoint with Bubble. The problem is the API Workflow only works with POST requests. I can’t figure out how to make specific GET endpoints.
To define GET endpoints you pick the types you want to expose in the settings tab.
You want be able to define the URL structure, but if you use the built in structure, you’ll be able to do pretty much anything you want: retrieve a particular object and return search results.
Whether you have authentication or not here is based on the privacy rules you’re setting. Just make sure you know what you’re doing, because if you make everything accessible without authentication, well, your all app database is readable by anyone.
The settings tab only allows you to expose all or none for a table. Is there a way to make a specific endpoint to target the rows I mention in the question?
I also found that when you create a role you can define events, but that only allows you to target a specific row, not set conditions to find rows, which is a huge part of most GET requests. There has to be a way?! Bubble is too awesome to not include such a fundamental feature?
Well, since so far users are using the GET api themselves in other tools/apps, it doesn’t really matter what the endpoint is, since they know their own app.
Specifically though, to limit the search for a GET call for a given user, this is exactly what the ‘find is searches’ box is about in the privacy tab.
I’m wondering if one should simply use the POST API to define endpoints that return specific combinations of data. For example, if you want to return an Organization that has a list of Users, I could do that with one request rather than two. Any problem with that?