[Product enhancement] Updates to security defaults

Hi everyone,

I’m Kate, a product manager at Bubble. We’re sharing an important update to our security defaults that makes it even easier — and more secure — to build on Bubble!

Two new default settings will be automatically applied when you create new apps and new workflows:

• Hide Swagger API documentation access will now be set to true by default.
• Expose as a public API workflow will now be set to false by default.

api security defaults1920×1080 86.4 KB

These changes are designed to enhance security from the start, helping ensure your APIs are better protected without needing additional configuration. As a bonus, this update also saves you time — no more extra clicks to adjust these settings manually every time you create a new workflow!

Important to note:

• Existing apps and workflows you’ve already created will not be affected.
• These defaults only apply to new apps and workflows created as of April 30, 2025.

We’re always working to make Bubble more secure and user-friendly — and this is just one of many steps we’re taking to improve your development experience.

Happy building!

This is awesome, thanks @kate.mcnally !

Yes, thank you. That is a much better default for those.

Thanks @kate.mcnally , especially for the default settings for new API workflows, which in most cases we had to remember to disable manually. I also noticed the updates in Flusk, thanks for that.

Excellent! Those settings are not well understood by less technical builders and I’ve seen a lot of public API flows that weren’t ever used publicy.

Thank you @georgecollier , keep up the great work!