Bubble Docs
Comment on page


This section covers how to authenticate clients that initiate a connection to your Bubble application.
Help us improve this article
This article is part of a significant update to the Bubble manual and your feedback is critical to our efforts to continuously enhance our written documentation. We would greatly appreciate if you could take a moment to let us know your thoughts on the quality of it. Thank you for your support! Give feedback on this article
Authentication is the process of identifying who a client is in order to determine what resources they have access to your your application.


Both the Data API and the Workflow API can be set up to require the client to authenticate themselves in order for your app to determine what resources they are allowed to access. In simpler words, you can require all external systems that want to access your database and workflows to log in using a secret password.
The article in the link below explains how the bearer token is used to authenticate a client, regardless of the method you choose (except if you use no authentication).

Authentication methods

There are three different levels of authentication that you can set up in Bubble, each with their own pros/cons and security ramifications.
The articles below outline the three different authentication methods you can use: