The Data API is Bubble’s automated way of providing external systems access to your app’s database. It allows one-click creation of a RESTful interface to some or all of your application's data. You can let a client read, modify, and delete individual data items, search for data using a flexible query language, and create and bulk upload new things

You can grant full admin access to the database and allow another system to be able to freely make changes (even in bulk) or you can exert exact control over what data types they can access and what kind of actions they can take. Since the Data API in theory can give any external system complete control over your database, it’s important to learn how to set it up in a secure way.

Remember that Bubble offers strong security, but we don’t enforce it – because we want to allow flexibility you are free to set up your Data API to be as open or closed as you prefer. This is why it’s important to learn how different decisions affect security so you can make informed decisions that suit your project.

Activating the Data API

You’ll find the Data API by navigating to Settings - API. To make sure that no one can access your database unless you want them to, the Data API is disabled by default. To enable it, check the Enable Data API checkbox.

As soon as you have the Data API enabled, you’ll see a list of all your data types along with a second checkbox: this is where you select which data types to expose in the API

Keep in mind the following:

• Unchecked data types are not available in the Data API regardless of how the user authenticates

• Checked data types are exposed, but adhere to the privacy rules in combination with the client’s authentication