Bubble Docs

Workflow API Privacy Rules

This section covers how API Workflows are affected by Privacy Rules.
Help us improve this article
This article is part of a significant update to the Bubble manual and your feedback is critical to our efforts to continuously enhance our written documentation. We would greatly appreciate if you could take a moment to let us know your thoughts on the quality of it. Thank you for your support! Give feedback on this article
Whenever you run any kind of workflow in your app, they will respect the privacy rules of any data type referenced in that workflow. The same applies to API workflows - the authentication of the client sending the request determines what kind of data they have access to.
Privacy Rules serve as a secure filter to stop unauthorized access to your app's database.
It’s important to note that privacy rules apply to what data they can see, but it doesn’t affect the actions in your workflow. For example, a workflow may be affected by the Find this in searches privacy setting: in this scenario, an authenticated client would only be able to search for things that a privacy rule grants them access to.
Privacy Rules affect your database. They can stop an API Workflow from accessing specific data based on who the client is, but it will not stop the API Workflow from running altogether.
Let’s say that you have a Make changes to a thing action inside of that workflow. The action would complete regardless of Privacy Rules, but if you are searching for a thing to make changes to, Privacy Rules may stop you from finding the thing you want to change.
In other words, the action would technically complete, but if you don’t find the record you want to make changes to it won’t make any difference.
The new Privacy Rule settings that are introduced when you activate the Data API in your app’s settings (Create via API, Modify via API and Delete via API) do not affect your API workflows.
In essence, by running an API workflow you have the freedom to change anything you want in the database, but the access to database records is still protected by privacy rules.

Overriding Privacy Rules

In any API workflow you can override Privacy Rules by checking the Ignore privacy rules when running the workflow box. This is useful in cases where you need to execute a workflow that needs to have access to data that the Current User does not have have access to because of Privacy Rules.
Checking Ignore Privacy Rules lets you override the rules that affect the User that initiated the workflow in all the actions associated with this workflow.