I use Bubble myself to build personal side-projects, however I am considering suggesting in my company that we use Bubble to build a consumer facing product. This would at least be a fully functional MVP which we would then use to build the “real” version with developers.
However, the data subject is very sensitive, so I would not want any of the data stored in Bubble servers. We have a very good, fast GraphQL API we can use for our product, and if/when we build the “real” version all data would be served via this API. I just wondered whether this was possible in Bubble?
This would also apply to use information. Ideally we would get users to authenticate using their National ID card, or using a PSD2 - i.e. sign in with your bank details - again no data being stored in Bubble.
So Bubble would be the navigation and functionality for ordinary users to basically communicate with our API.
Is there any reason this should not be possible in Bubble?
I’m looking forward to the responses you get.
The lack of responses are actually a bit worrying…
IMO it’s a valid scenario.
Yes it’s possible, except the PSD2 that I haven’t worked with yet so I can’t tell for sure, but one can look into it and test.
also interested on answers from more experienced people,
but if i understand correctly; you want to use bubble as a front end that request everything from the GraphQL API (authentication included?)
However, the data subject is very sensitive, so I would not want any of the data stored in Bubble servers.
Bubble is GDPR OK, but yeah i can understand not wanting to answer to that responsibility
From the documentation
As soon as you want the external world to do something with your app (run workflows or read data), the Bubble API is the right tool. On the other hand, If you want your app to read external data or trigger some action in another system (like fetching a Facebook profile picture or sending a SMS with Twilio), the Bubble API is not the right tool. Instead, you should use a plugin or the API connector, or build a new plugin to add this new service.
Correct - Bubble would just be the front end, ingesting all data from our own GraphQL API. Authentication would have to be via PSD2 (i.e. using your bank credentials) or your National ID card, which in Germany is somehow possible via certain smart phones as the ID cards here have a chip and the government has some kind of service/API for this very use case.
OK, so it seems to be feasible to do this then…
I’d be worried, national id sounds like gov data?
Bubble can’t even build hippa compliant, if 100% stored in a separate DB, id be careful with messing with such sensitive data.
please keep us posted, if anything you can go the POC route, test the minimal connection and if it works, you will have more information to invest or not in that “stack”
Your GraphQL server/api is on premise or a SaaS like hasura ?
From my IT team:
It’s cloud hosted, but not SaaS. It’s a combination of AWS API Gateway and AWS Lambda (FaaS, Function as a Service).
As you say, this may end up being a PoC more than anything else. Let’s see…
perfect, keep us in the loop
Yes, it is possible to use only APIs and not save anything in bubble. I have answered how to practically do that in bubble in this thread.
You can authenticate with any OAUTH2 provider, but Bubble will need to store the tokens.