Need SQL Server Help

Hi, I am relatively new to Bubble and have found working with the Bubble database quite easy to learn.
My next step would be to get connected to an Azure SQL Server database which is currently secure from all external access.

My question is what would be the most secure way to allow Bubble access to my database without compromising security? Can the Bubble team provide static IP for me to whitelist for example?

Anyone else out there successfully achieved a secure Azure connection?

Thanks in advance.

Can anyone from Bubble help please?
Without this I will need to look at alternatives which would really be a shame.
Thanks

Maybe this post will help: Settings parameters for SQL

In short, Bubble does not use a static ip, so you cant use whitelisting. Another, but more complex option is to create you own api in Azure that you then connect with the api connector in bubble. I’m not familiar with Azure, but from my knowledge you could create your api endpoints with Azure Functions, and give you Azure Functions access to your db through the security settings.

I run a similar setup, but in the AWS universe. It makes it possible for me to run heavy duty workflows outside bubble, and also access my own database securely.

1 Like

Thanks Simon. I must admit I am surprised that Bubble not only use dynamic IP’s but they also haven’t thought about secure integrations with Azure and AWS yet.
Guess I will need to learn Azure API’s to get to where I need to be.
Appreciate you taking the time to respond.

Hi Mat,
I think part of the reason is that they use Lambdas (among a lot of other AWS stuff), and static ip can be kind of a hassle with those. And, even if they did use a static ip, you would be open for attacks from other users on the bubble platform (lower risk, but still…).

So in my opinion the best and most secure way is having your own gateway/api in front of the database, its more work, but the solution can be used everywhere afterwards. So if you ever need to move from bubble, your database + api already exists. Ditto if you make a iOS app, a spinoff product etc. etc.

Cheers Simon.

1 Like

How do you authenticate the API gateway (Azure)? I am using the same type of Infrastructure. But I do not know how to authenticate bubble user for using API gatway.
I have got three options

  1. Basic Auth
  2. Certificates
  3. Active directory

I want to use Active directory, but users do not have an active directory access. Hence, I do not know how to authenticate them using active directory.

Let me know if you have any suggestions.

As of now my whole app authenticates via a token. In each flow I then do authorisation. So for my api calls I always include a couple of ids (accountId, userId).
I did experiment with sending both a JWT and also a custom encryption method but am not using this right now (decided it was overkill). See this topic as well: