How to authenticate
This section covers what kind of authentication method the Bubble API accepts.
Last updated
This section covers what kind of authentication method the Bubble API accepts.
Last updated
This section covers what kind of authentication method you can use when you are making an incoming request to to your Bubble application from an external app.
If you are looking for how to authenticate outgoing requests sent via the API Connector, check out this article.
There are many different ways to an API request. Bubble uses the method known as bearer token.
The bearer token is a string that identifies who the client is. It serves as both username and password and is included in the header of the API request. Tokens are generated by Bubble by creating an or by .
Since every request is made independently of any previous or later requests, the token needs to be included with every API request coming into your app that requires authentication.
The bearer token needs to be included in the Authorization header of an HTTP request, in the following format:
In the example above, <token> represents the actual token string. Do not include "<" and ">" in the final string.
In an application like , the authorization should look like this:
When included like in the above illustration, Bubble will recognize the token and respond to the call according to the privileges (if any) of the User that the token represents.
