[Upgrade to Bubble version 31] Fix for API Connector private parameters and random string generation

Hi everyone,

My name is Mike, and I’m a product manager on the Editor team. We’re releasing a new Bubble version today that includes a few important fixes to improve API reliability and data handling.

In previous versions:

• Private parameters in the API Connector could occasionally read from irrelevant data sources instead of the intended context.

• Random string generation within API calls could sometimes produce identical results when multiple random strings were created in the same call.

With this update, we’ve fixed both issues:

• Private parameters in the API Connector now correctly reference only the relevant data context.

• Each call to generate a random string inside an API call will now reliably produce a unique value.

These changes improve both data integrity and security when using the API Connector, so we recommend upgrading .You can upgrade to the latest version in Settings > Versions.

As always, we welcome your feedback. Thanks for building on Bubble!

Mike

Will this break current incomming webhooks that are currrently working and have been working for years.

It would only impact API calls made using the API Connector.

Thanks for your answer. That helps!

Can you make a feature to turn auto-save off! It’s so laggy. It’s literally as simple as adding a button that puts - &issues_off=true - or something-or-rather in the url so that you can just manually save your work. Pretty unbareable the api connector with it refreshing after typing a single word.

You should report this as a bug instead

Thanks for these updates, but can I clarify why is this a new Bubble version? Based on the updates you have mentioned, doesn’t feel like it’s a breaking change.

Can you please share some highlights on that?

Yes it it and you can see how this was causing issue here Critical API Workflow Bug- Not Passing Tokens Fetched

Are you still using math.random() or an actually cryptographically secure random value?

Also, is it OK to jump up multiple versions? For example, from 29 to 31? What even happens if you never upgrade, do they eventually automatically get applied?

Thanks @mike.alvarez.

Can you give an example? A private parameter isn’t dynamic data, so how could it reference irrelevant data?

Previously if you had a parameter, and had an expression for it in a workflow action, then made it private, it would still inherit the expression’s value and that expression would still be evaluated rather than using the private value.

Ouch D: I did not know that, thankfully it’s fixed because that’s a huge privacy concern for API calls

Less than you might think, it didn’t ‘expose’ the the private value or anything like that.

More breaking API calls then a privacy issue. That would have been a bitch to troubleshoot.

@ihsanzainal84 @georgecollier It’s a potential privacy issue because it could potentially mean one user has access to another user’s information - can be really impactful if it’s connected to a payment or wallet api, for instance.

Only if they already have access via privacy rules

The question is, if the upgrade will brake something in the API connectors. I’m a bit afraid….

Does it also fix the issue when the passed parameter used in conditions fails randomly?

Isn’t it possible to upgrade on a test version, check if anything broken, then downgrade back if it did?