Privacy-Ignoring Backend workflows

My user datatype has a “Friends List” which is a list of users.
I would like to display how many friends the two users have in common.
This would just be the count of the number of elements in the intersection of the two lists.

The only problem is that I would like for the friends list to be a private data type that isn’t made public.

I was thinking of using a backend API workflow which can ignore privacy settings and calculates this value and then feeds it back to the client-side.

Is this something that is generally done in Bubble? Back-end workflows that ignore privacy settings? Or is this a can of worms?

Hopefully this can start a little discussion regarding privacy and back-end APIs.
Thank you in advance.

That to me seems like a sensible approach.

This topic was automatically closed after 70 days. New replies are no longer allowed.