Comment on page
This section covers security related to incoming and outgoing API calls
Setting up connections with other applications and services is one of Bubble's core strengths, and gives you a lot of freedom in making outbound requests as well as accepting incoming ones.
Generally, Bubble's API tools (being among the more complex parts of Bubble development) are set up to handle security automatically and default to strict settings to reduce the risk of accidentally setting up vulnerabilities.
In this article series, we'll have a look at what you can do as a developer to make sure both your inbound and outbound connections are secure.
The principle of least privilege is all about ensuring that each individual or system gets just the right amount of access needed to perform its specific task, and not an inch more. When diving into the Bubble API Connector and Bubble API, think of this as a guiding principle.
For instance, if an API call is designed to simply fetch or read data, it shouldn't have the power to change or delete that data. By sticking to this "just-enough" approach, you're making sure that you're not unintentionally opening up potential security risks. It’s a straightforward but crucial step in maintaining the integrity and safety of your app and its data.
The API Connector is used to send outbound API requests to third-party apps or systems. The article below outlines the secure way of setting it up. If you are unfamiliar with the API Connector you may also be interested in reading our general article on the subject (bottom link).