openBuild
  • Introduction
    • Introduction
    • The Framework
    • The Library
    • Release Notes
  • Core Concepts
    • Bubble vs openBuild
    • Responsive Design
      • Repeating groups
      • Advanced Responsiveness
    • Styles
      • Typography
      • Colors
      • Groups & Box Shadow
      • Inputs
      • Buttons
      • Style Variations
      • Changing styles
      • Custom CSS
    • Pages
      • index
      • base-menu
      • base-top
      • base-ribbon
      • base-mobile
      • admin
      • verify
      • styleguide
      • terms
      • login
      • reset_pw
      • privacy
      • 404
      • Menu
      • Base Layouts
  • WORKING WITH the framework
    • Getting Started
    • Navigation
      • Go to page
      • Navigation through custom states
      • Navigation through URL parameters
      • Navigation through URL parameters with Option sets
    • Data & Workflows
      • Custom States
      • Custom Events
      • Working with Reusables
      • CRUD
      • Source Popup
      • Backend Workflows
    • Users and Roles
    • Signup, Login, Password reset
    • Security & Privacy
      • Authenticating endpoints
    • Transactional Email
      • Setup Sendgrid
      • Setup Postmark
    • Alerts and Confirmations
    • Customization
    • Best Practices
      • Syntax
      • Color Coding
  • openBuild Library
    • Chrome Extension
  • Framework Elements
    • Menus
    • Option sets
    • Plugins
    • API Connector
    • User Access Management
    • CRUD Floating Group
    • CRUD Popup
    • Data Table
    • Security Redirect
    • Mail management
    • User Settings
    • Header & Footer
Powered by GitBook
On this page
  • Method 1: Include the Authorization header in the call.
  • Method 2: URL parameter
  • Method 3: Act on behalf of a API User
  1. WORKING WITH the framework
  2. Security & Privacy

Authenticating endpoints

PreviousSecurity & PrivacyNextTransactional Email

Last updated 2 years ago

Authenticating endpoints is a secure way to run workflows as admin of the app. Workflows will not get initiated if they are not authenticated.

Method 1: Include the Authorization header in the call.

a) Generate a token in settings

b) Include the header 'Authorization' in your call. Use 'Bearer' + TOKEN as the value.

Method 2: URL parameter

If you are working with 3rd party API's and you are not able to add Custom header, include 'api_token' parameter in the URL when making the call.

POST: https://app.bubbleapps.io/version-[env]/api/1.1/wf/create?api_token=TOKEN

Method 3: Act on behalf of a API User

a) Create API endpoint that contains Log in action as a workflow (Have user created within your app or you can have a signup workflow before login action to create a new user)

  • Setting the field “Stay logged in” to ‘yes’ will give you token valid 365 days.

  • Setting the field “Stay logged in” to ‘no’ will give you token valid 24 hours.

b) Initiate the endpoint via Postman or API connector. The response of the api will look like this:

{
"status": "success",
"response": {
"token": "1646485307119x480839771339487600", // API TOKEN Generated
"user_id": "1646485006806x789796348942187500",
"expires": 31536000 // valid 365 days
}
}

In the response, you will get an API Token (valid 365 days) that will allow you to create an endpoint with the 'require authentication' option set to run the workflow, but all subsequent actions will have access to the data as that User and Privacy Rules set to that User (e.g. you can set a special Privacy Role set to that only API User, etc.)

c) see Method 1 or Method 2 to authenticate the endpoint.