Comment on page
The Data API
This section covers the Data API, which lets you set up your application to accept incoming requests to read, create, edit and delete records in your database.
This article is part of a significant update to the Bubble manual and your feedback is critical to our efforts to continuously enhance our written documentation. We would greatly appreciate if you could take a moment to let us know your thoughts on the quality of it. Thank you for your support! Give feedback on this article
The Data API is Bubble’s automated way of providing external systems access to your app’s database. It allows one-click creation of a RESTful interface to some or all of your application's data. You can let a client read, modify, and delete individual data items, search for data using a flexible query language, and create and bulk upload new things
You can grant full admin access to the database and allow another system to be able to freely make changes (even in bulk) or you can exert exact control over what data types they can access and what kind of actions they can take. Since the Data API in theory can give any external system complete control over your database, it’s important to learn how to set it up in a secure way.
Remember that Bubble offers strong security, but we don’t enforce it – because we want to allow flexibility you are free to set up your Data API to be as open or closed as you prefer. This is why it’s important to learn how different decisions affect security so you can make informed decisions that suit your project.
You’ll find the Data API by navigating to Settings - API. To make sure that no one can access your database unless you want them to, the Data API is disabled by default. To enable it, check the Enable Data API checkbox.
As soon as you have the Data API enabled, you’ll see a list of all your data types along with a second checkbox: this is where you select which data types to expose in the API
Only activate the Data Types that you want to expose in the Data API.
Keep in mind the following:
- Unchecked data types are not available in the Data API regardless of how the user authenticates
- Checked data types are exposed, but adhere to the privacy rules in combination with the client’s authentication