Bubble Docs

API Glossary

This section covers widely used API terminology.
Help us improve this article
This article is part of a significant update to the Bubble manual and your feedback is critical to our efforts to continuously enhance our written documentation. We would greatly appreciate if you could take a moment to let us know your thoughts on the quality of it. Thank you for your support! Give feedback on this article
Authentication and authorization
Authentication is the process of verifying the identity of a client sending an API request (who the client is). For example, the Bubble API can be set up to require a bearer token to prove the identity of the client trying to connect. This process of providing the credentials and the server verifies them is the authentication process. Authorization is the process of determining what a client has access to after they have authenticated themselves. It is the mechanism by which an API can determine what a user or system is allowed to do once they have been authenticated. For example, after a client has authenticated themselves with the Bubble API, the API will check your app's Privacy API settings, Privacy Rules and other details to determine whether they have access to specific resources.
In short: Authentication is the process of verifying who you are, while authorization is the process of verifying what you have access to.
Further reading:
API stands for "Application Programming Interface" and it is a set of protocols, routines, and tools for allowing different software systems to communicate with each other. Further reading: Article: Introduction to APIs Article: What is a RESTful API?
In the context of an API call, the Client is the one that initiates the call and the server is the one to respond. In the case of an incoming API request (The Data API or Workflow API) the system sending the request is the client and the Bubble server that hosts your app is the server. In the case of outgoing API request (The API Connector) your Bubble app is the client and the system you are connecting with is the server. Further reading: Article: The Client/Server relationship
An endpoint is a specific URL that an application can send requests to, to retrieve or manipulate data. In the Bubble API, the endpoint is the URL that identifies a data type or a specific API Workflow. In outgoing requests made via the API Connector, the endpoint is the HTTP action and URL that you are pointing the call towards. Further reading:
HTTP Method
The HTTP method is the instruction for the server to indicate the desired action to be performed on the specified resource (e.g. GET, POST, PUT, DELETE). Further reading:
JSON is a lightweight data interchange format typically used in Javascript. It uses human-readable text to transmit data objects that consist of attribute–value pairs and array data types. It is commonly used both in incoming API Connections (the Data API and Workflow API) and outgoing API Connections (The API Connector). Further reading: Article section: What is the JSON format?
OAuth2 is a protocol used by a server to determine a client's authorization. It lets a User grant an app (like your Bubble app) access to the resources stored in an external app without having to share their login credentials with the first app. Instead, the server that hosts the external app will issue a token that your app can use to access the User's resources. That way, subsequent requests can be made without the User having to authorize each one or share their credentials. Examples:
  • A User wants to connect their social media account (such as Facebook or Twitter) to your Bubble-built social media management app in order to share posts automatically. The User grants your app access to their social media account using OAuth2, and your app is issued a token that it can use to post photos on behalf of the User.
  • A User wants to be able to automatically add appoints to Google Calendar when a meeting is booked in your Bubble-built CRM. The User grants your app access to their Google account your app is issued a token that lets your app make changes to the User's calendar as needed.
  • An enterprise clients wants to allow your app to access resources from their server without giving them actual login credentials. They use OAuth2 to issue a token to your app that you can use for subsequent calls.
The payload is the data or information sent in an API request or response.
A resource is a specific data object or service that is made available by an API and can be accessed via a unique endpoint using methods such as GET, POST, PUT, and DELETE. For example, if you are trying to access data about a specific User in your Bubble app from an external application, the User endpoint can be considered a resource. The same can be said about a specific API Workflow. In other words, a resource represents a specific piece of information or functionality that an API can provide. Further reading: Article: What is a RESTful API?
In an API call, the request is the data sent from the client to initiate the connection. It contains all the data needed to authenticate and instruct the server what the request is about. The response is the data sent back from the server to the client in response to the request. Further reading:
APIs that are RESTful mean that they are built on a set of architectural principles for building web services known as Representational State Transfer (REST). Most commercial and public API services adhere to these principles. In short, this is a way to ensure that APIs that communicate with each other are compatible, or "speak the same language" if you will. Bubble's API and the API Connector is built around RESTful principles, which means it can connect to almost any web API. Further reading:
A token is a string that identifies the client sending an API request. In the case of incoming requests (The Data API or Workflow API) the token is issued by Bubble. In the case of outgoing requests (The API Connector) the token is issued by the server you are connecting to. Further reading: Article section: What is a bearer token?