Bubble Docs
Search…
Bubble Docs
Introduction
New? Start Here
Help Guides
Structuring an Application
Building a User Interface
Building Workflows
Working With Data
Using Plugins
Using The Bubble API
Testing an Application
Maintaining an Application
Optimizing an Application
Bubble App Security Best Practices
Performance & Scaling
Capacity Usage
Notes on Queries
Limitations & Known Issues
Customizing an Application
More about Bubble apps
🆕
Responsive Engine [beta]
Core Reference
Bubble's Interface
Elements
Workflows
Events
Actions
Data
Styles
Bubble-made Plugins
Application Settings
API
Account & Marketplace
Account & Billing
Dedicated Plans
Building Plugins
Building Templates
Miscellaneous
The Showcase
More features for your to-do app
The Glossary
Powered By GitBook
Bubble App Security Best Practices
Bubble offers you a lot of flexibility and power - with all the building blocks Bubble provides, you can build any idea you have! But, just like if you had your idea built in code, you have to think about data security and general security of your Bubble app. Luckily, Bubble has a variety of features to help you set up the security situation you desire.
It is highly recommended that you think about security as you build your app but especially before you launch your app to actual users!!
There are a variety of security tips throughout the Docs, but here is a compilation of top things to keep in mind:
  1. 1.
    (Very important!) Privacy Rules help you specify what data a given user should be allowed to see - make sure to use them!
  2. 2.
    Be careful with how you've set up your API Connector calls - for example, always make sure that credentials go in "private" fields, and be additionally cautious if you're choosing to make an API call from the client.
  3. 3.
    When activating your app's Data or Workflow API, be careful with how an outsider authenticates to make a call, and for the Data API, make sure Privacy Rules are set up!
  4. 4.
    Certain aspects of how the app is built are visible to technically savvy users, including: which apps exist in an app, what data types and fields exist in an app, any static content on a page even if it's in a hidden element, all option sets (including their options and attributes) in an app, etc.
In case you'd like extra help with security best practices, there are third-party tools in the Bubble ecosystem that can assess an app for any known security weaknesses, e.g. nocode:nohack.
Help Guides - Previous
Optimizing an Application
Next
Performance & Scaling
Last modified 1mo ago
Copy link