Prevent developer modify DB field

Currently, I have an app that stores user balances as a numeric field in the Users table. I don’t want developers to be able to modify the database field and change user balances to whatever they want.

So, I’m thinking of creating a third-party API that encrypts user balances with their ID and returns the encrypted message to store in the database. This way, anyone with access to the database can see it, but they won’t know how to decrypt and change it because the encrypt key is on third party server.

However, the problem is that anyone with access to the editor can also see the API endpoint and call it themselves. They could do this either inside the app (by creating a hidden site or workflow) or outside the app (using Postman) to send their ID and desired balance, and then set the returned encrypted message to the database field.

How can I solve this? Or, is there any feature in Bubble that hides the balance field like the password field?

  1. Then don’t let them, make the endpoint require auth and don’t give them access to the editor? You can also make live access view only (or none at all)
  1. Okay but this kind of stuff shouldn’t be public anyway, even if encrypted…

make the endpoint require auth

But isn’t that mean you still need to store the auth token inside bubble and they can see it.

You can also make live access view only (or none at all)

This does sound promising! Is there an option to set the app to view-only mode when going live, preventing any edits (including by myself) to the live database? If so, that might be the solution I’m looking for. Can you point me towards how to enable that option?