Bubble Docs
  • Introduction
  • New? Start Here
  • What is Bubble?
  • The Glossary
  • User manual
    • Getting started
      • What is Bubble?
      • Building your first app
        • Planning features
        • Database structure
        • Design and UX
        • eCommerce and payments
          • Shopping cart
          • Checkout page
          • One-time payments
          • Subscriptions
          • Marketplace
      • Creating and managing apps
      • The Bubble editor
        • Tabs and sections
          • Design tab
            • The element tree
            • The property editor
          • Workflow tab
          • Data tab
          • Styles tab
          • Plugins tab
          • Settings tab
            • Application settings
              • Custom headers/body
              • Visual settings
              • Social media sharing
              • Translating your app
              • Email settings
              • Collaboration
            • Custom domain and DNS
          • Logs tab
        • Tools
          • Key features
          • The search tool
          • The Issue Checker
          • The element tree
          • The element property editor
          • The debugger
          • Notes
        • Previewing your app
      • Transitioning to Bubble from...
        • JavaScript
        • HTML and CSS
        • SQL
    • Design
      • Elements
        • The element hierarchy
          • The element tree
        • The page
        • Containers
          • Groups
          • Repeating groups
          • Table elements
          • Popups
          • Floating groups
          • Group focus
        • Visual elements
        • Input forms
          • Text and numbers
          • Dates and time
          • File uploads
          • Selection controls
        • Reusable Elements
      • Styling
        • Color variables
        • Font variables
        • Styles
        • Custom Fonts
      • Responsive design
        • Building responsive pages
        • Legacy articles
          • The Basics (Legacy)
          • Building Responsive Pages (Legacy)
          • Migrating Legacy Pages
          • Tips When Designing (Legacy)
      • Templates
      • The Component Library
      • Importing from Figma
    • Data
      • The database
        • Data types and fields
        • Creating, saving and deleting data
        • Finding data
        • Displaying data
        • Protecting data with privacy rules
        • The database editor
        • Export/import data
          • Exporting data
          • Importing data (CSV)
        • Working with location data
        • Using Algolia
        • Database structure by app type
          • Marketplace Apps
          • Directory & Listings Apps
          • Social Network Apps
          • SaaS Apps
          • Project Management Apps
          • CRM Apps
          • Professional Services Apps
          • On-demand Apps
          • Documentation/ CMS Apps
          • Applicant Tracking System (ATS) Apps
          • Portfolio Apps
          • Gallery Apps
          • Online Store / Ecommerce Apps
          • Blog Apps
          • Messaging App
          • Dashboards
          • Building Block Apps
          • Bubble as a backend
      • Files
      • Images
      • Static data
        • App texts (translations)
        • Option sets
      • Temporary data
        • Custom states
        • URL parameters
      • User accounts
        • Authentication plugins
          • Facebook plugin
          • Fitbit plugin
          • Google plugin
          • Instagram plugin
          • LinkedIn plugin
          • Pinterest plugin
          • Slack plugin
          • Wistia plugin
          • YouTube plugin
        • Cookies set by Bubble
      • Time, dates and time zones
    • Logic
      • The frontend and backend
      • Workflows
        • Events
          • Frontend events
            • Recurring workflows
            • Custom events
          • Backend events
            • Database trigger events
        • Actions
        • API Workflows
      • Dynamic expressions
      • Conditions
      • Navigation
        • Single-page applications (SPA)
        • Multi-page applications
        • Page slugs
    • Workload
      • Understanding workload
        • Activity types
        • The workload calculation
        • Client-side and server-side processing
      • Tracking workload
        • Measuring
          • Using App Metrics
        • Monitoring
          • Workload notifications
          • Infinite recursion protection
      • Optimizing workload
        • Optimization framework
        • Optimization checklist
          • Page load
          • Searches
          • Workflows and actions
          • Backend workflows
        • Agency showcases
          • Minimum Studio
          • Neam
          • Support Dept
    • Security
      • Bubble's security features
      • Planning app security
      • Client-side and server-side
      • Bubble account security
      • App security
      • Page security
      • Database security
      • API security
        • API Connector security
        • Data API security
        • Workflow API security
      • Flusk
        • Overview
        • Flusk plan features
        • Getting started with Flusk
        • Flusk security tools
          • The Issues Explorer
          • Issue details
          • Tools and settings
            • Pages rating
            • Database rating
        • Flusk FAQ
      • Cookies
      • Security checklist
    • Publishing your app
      • Web app
      • Native mobile app
        • Global native mobile settings
        • iOS App Store
        • Google Play Store
        • Publishing FAQ
    • AI
      • Generate apps with AI
        • About AI app generation
      • AI page designer
      • Connect to AI agents
    • Maintenance
      • Collaborators
      • Version control
        • Best practices: Version control
        • Transitioning from the legacy version control
        • Terminology: Version control
        • Version Control (legacy)
      • Commenting
      • Database maintenance
        • Copying the database
        • Restoring database backups
        • Bulk operations
          • Bulk operation methods compared
        • Wiping change history
      • Performance
        • Hard limits
        • Capacity Usage (legacy)
        • Notes on queries
      • SEO
        • Introduction to SEO
        • SEO: App
        • SEO: Page
      • Testing and debugging
        • Introduction to testing and debugging
        • The debugger
        • The server logs
        • Supported browsers
      • API workflow scheduler
    • Integrations
      • API
        • Introduction to APIs
          • What is a RESTful API?
        • The Bubble API
          • Bubble API terminology
          • Authentication
            • How to authenticate
            • No authentication
            • As a User
            • As an admin
          • The Data API
            • Data API Privacy Rules
            • Data API endpoints
            • Data API requests
          • The Workflow API
            • Workflow API privacy rules
            • Workflow API endpoints
            • API workflows
              • Creating API workflows
              • Scheduling API workflows
              • Recursive API workflows
              • API Workflow Scheduler
              • Case: Stripe notifications
        • The API Connector
          • Authentication
          • API Connector security
          • API guides
            • OpenAI
              • Authentication
              • Calls
                • ChatGPT
                  • Chat
            • Google Translate
              • How to setup Google API keys
          • Streaming API
        • API security
        • Plugins that connect to APIs
        • API Glossary
      • Plugins
        • What Plugins Can Do
        • Installing and using Plugins
        • Authentication plugins
        • Special Plugins
      • SQL Database Connector
      • Bubble App Connector
      • WorkOS
        • WorkOS SSO
        • WorkOS API
    • Infrastructure
      • Sub-apps
      • Bubble release tiers
      • Hosting and scaling
        • How Bubble hosting works
        • Scaling with Bubble
        • CDN (Cloudflare)
        • Bubble app names
        • Domain and DNS
      • Compliance
        • GDPR
        • SOC 2 Type II
        • HIPAA
        • Other frameworks and standards
    • Bubble for Enterprise
      • Hosting and infrastructure
        • Dedicated instance
          • The Dedicated editor experience
          • Technical specs
          • Main cluster dependencies
          • Customizable options
          • Migration process
            • Pre-migration
            • During migration
            • Post-migration
      • Security and compliance
        • Single sign-on (SSO)
        • GDPR
        • SOC 2 Type II
        • HIPAA
        • Other frameworks
        • Bubble's security features
      • Admin and collaboration
      • Priority support
      • Billing and Payment Guideline for Dedicated Instances
  • Core Reference
    • Using the core reference
    • Bubble's Interface
      • Design tab
      • Design tab (Legacy)
      • Workflow tab
      • Data tab
      • Styles tab
      • Styles tab (Legacy)
      • Plugins tab
      • Settings tab
      • Logs tab
      • Template tab
      • Toolbar
      • Top and context menu options
      • Deployment and version control
        • Deployment & Version Control Dropdown (legacy)
      • Notes
    • Elements
      • General properties
      • General properties (Legacy)
      • Styling properties
      • Styling Properties (Legacy)
      • Responsive Properties
      • Responsive Properties (Legacy)
      • Conditional formatting
      • States
      • Page Element
        • Page Element (Legacy)
      • Visual Elements
      • Containers
      • Container Layout Types
      • Containers (Legacy)
      • Input Forms
      • Reusable Elements
      • Element Templates (legacy)
    • Workflows
    • Events
      • General events
      • Element events
      • Custom events
      • Recurring event
      • Database trigger event
    • Actions
      • Account
      • Navigation
      • Data (things)
      • Email
      • Element
      • Custom
    • Data
      • Data Sources
      • Operators and comparisons
      • Search
      • Privacy
    • Styles
    • API
      • The Bubble API
        • The Data API
          • Authentication
          • Data API endpoints
          • Data API requests
        • The Workflow API
      • The API Connector
        • Authentication
        • Adding calls
    • Bubble-made Plugins
      • AddtoAny Share Buttons
      • Airtable
      • API Connector
      • Blockspring
      • Box
      • Braintree
      • Bubble App Connector
      • Chart.js
      • Circle Music Player
      • Draggable Elements
      • Dropzone
      • Facebook
      • Fitbit
      • Full Calendar
      • Google
      • Google Analytics
      • Google Optimize
      • Google Places
      • Ionic Elements
      • iTunes
      • Slidebar Menu
      • LinkedIn
      • Localize Translation
      • Mixpanel
      • Mouse & Keyboard Interactions
      • Multiselect Dropdown
      • Progress Bar
      • Rich Text Editor
      • Rich Text Editor (Legacy)
      • Screenshotlayer
      • SelectPDF
      • Slack
      • Segment
      • Slick Slideshow
      • SQL Database Connector
      • Star Rating
      • Stripe
      • Tinder-like Element
      • Twitter
      • YouTube
      • Zapier
    • Application Settings
      • App plan
      • General
      • Domain / email
      • Languages
      • SEO / metatags
      • API
      • Collaboration
      • Sub-apps
      • Versions
  • Account & Marketplace
    • Account and billing
      • Pricing and plans
        • Plans and billing
        • Billing cycle
        • FAQ: Pricing and Workload
      • Account Management
      • Building Apps for Others
      • Selling on the Marketplace
      • Plans & Billing (legacy)
    • Official Bubble Certification
      • Hiring certified developers
    • Building Plugins
      • The Plugin Editor
      • General Settings
      • Updating to Plugin API v4
      • Adding API Connections
      • Building Elements
      • Building Actions
      • Loading Data
      • Publishing and versioning
      • Github Integration
    • Building Templates
    • Application and data ownership
    • Marketplace policies
    • Bug reports
  • Vulnerability Disclosure Policy
  • Beta features
    • About the Beta features section
    • Native mobile apps 🔒
      • Introduction
        • What is a native mobile app?
        • Native mobile vs. web development
        • Differences in native and web elements
        • Native mobile app terminology
      • Building
        • Views and navigation
        • Native mobile actions
        • Components and gestures
        • Device resources
          • Location services
          • Camera/photo library
      • Previewing
      • Publishing
Powered by GitBook
On this page
  • How it works
  • Terminology
  • Recursive workflows
  • Workflow Chain
  • Depth
  • Depth limit
  • Understanding workflow depth
  • Setting the right depth limit
  • Examples:
  • Scenario 1:
  • Scenario 2:

Was this helpful?

  1. User manual
  2. Workload
  3. Tracking workload
  4. Monitoring

Infinite recursion protection

Last updated 10 months ago

Was this helpful?

Infinite Recursion Protection helps prevent runaway recursive workflows from causing large, accidental spikes in workload or CPU consumption. This feature allows you to set an app-level limit on workflow “depth”, which is the number of times workflows schedule themselves (direct recursion) or another workflow (indirect recursion) consecutively. Any workflow that is scheduled beyond the maximum depth you set will be terminated automatically. While workflow-level constraints on scheduling remain the primary method for managing recursion, this feature creates a backstop for the entire app.

How it works

You can now set a maximum depth for your entire app. If any workflow exceeds this limit, it will automatically stop. When a workflow is terminated it's captured in the server logs under Workflow errors and an automated email notification is sent to the app admins.

Note that we limit these notifications to once per day, so there may be additional terminations occurring. To check, you can review the Workflow errors in your server logs.

Getting started:

  1. Find the feature in the API subtab under Settings.

  2. If you're not using recursive workflows, we recommend starting with the default limit of 10.

  3. If you are using recursive workflows, set a limit that accommodates your longest intentional recursive chain.

As of July 1, 2024, all new Bubble apps will have this feature enabled with a default limit of 10. Apps created before July 1 won't have any limit applied automatically, but you can enable it any time.

To cover this more in-depth, we’ll introduce a few new phrases:

Terminology

Recursive workflows

Recursive workflows in Bubble involve one or more API workflows scheduling themselves to run again, typically over a list of database items.

There are two types of recursive workflows:

  • Direct recursive workflow: An API workflow that runs through a list of actions, and then schedules itself at the end

  • Indirect recursive workflow: A set of two or more API workflows that schedule each other in a circular fashion

Either type of recursive workflow has the potential to lead to a scenario where a misconfigured constraint or scheduling logic results in the workflow chain running indefinitely. They require carefully set conditions to avoid creating infinite recursions.

Mitigating the impact of unintentionally ending up in this scenario is what infinite recursion protection is for.

Workflow Chain

A workflow chain refers to the entire sequence of workflows triggered by a common root workflow or any part within it. It can be a straight line of workflows (like a single API workflow that schedules itself), but doesn’t have to be: at any point, a workflow can trigger multiple other workflows, forming a workflow chain that includes all of them.

This can include simple chains with just a few processes or more complex ones, like the examples shown in the diagram.

Depth

Depth represents the total number of workflows in the direct scheduling sequence from a given workflow back to the root workflow. In a simple case of direct recursion like in our example, the maximum depth can be equal to the total number of workflows in the chain. However, in other cases a single workflow may schedule multiple other workflows, which would each be assigned the same depth. In this case, the total number of workflows in the workflow chain is not equal to the maximum depth.

Think of it like family generations: your parents are one generation before you, and your grandparents are two generations before you. While you may have siblings, aunts, uncles, and cousins, they do not change your generation.

The illustration below shows how works in different scenarios.

Depth limit

The depth limit refers to the total depth you allow for an individual chain of workflows to go to. Since each workflow is assigned a depth number, a depth limit enables you to instruct Bubble to stop the process at a specified number. This prevents the chain from continuing indefinitely.

Understanding workflow depth

Workflow depth applies whenever a workflow schedules other workflows, regardless of whether it's a single workflow scheduling itself repeatedly, or a collection of workflows that are being scheduled in a cascading fashion. To illustrate how this depth level is determined for workflows in your app, we can evaluate some example workflow chains below:

Note that each box in the diagram represents a workflow; an arrow indicates a workflow scheduling another workflow

In the example, we are assuming a depth limit of 10, resulting in the following:

  • The Direct Recursion Example would result in creating 10 things before hitting the depth limit

  • The Complex Direct Recursion Example would result in creating 8 things because the first iteration of the direct recursion workflow for creating things didn’t start until a depth of 3

  • The Indirect Recursion Example has two workflows that both include an action to schedule the other; this workflow chain would result in creating 5 things because a thing is only created every other level of depth (when the ‘create_thing’ workflow runs) until it reaches the limit of 10

  • The Schedule API Workflow on a List Example would successfully create 1000 things; this is because all 1000 ‘create_thing’ workflow runs are scheduled by the same root workflow and therefore all have the same depth of 1

Setting the right depth limit

Many apps don’t use recursive workflows, and if that’s the case, you can simply leave the setting at the default of 10, as there are vanishingly few examples of non-recursive workflows getting to depths of 10 or higher.

If you use recursive workflows, we recommend setting a buffer above the longest expected chain. Predicting the number of times a recursive chain will run can be imprecise, but the key to protecting yourself from infinite recursion is to have some (any!) limit in place to prevent them from running infinitely.

Recursive workflows are often used for bulk operations, and canceling one midway can be difficult to correct, especially with live data. Therefore, if you are unsure about what value to set, it’s safer to go higher. The tradeoff is that as the limit is increased, any accidental recursive workflow chains will be terminated later than they would have if the setting was lower. However, WU consumption from accidents will still be significantly less than it would have been otherwise, so the protection is still valuable even at a high limit.

Remember, we offer different depth limit settings for development and live environments. Misconfigured recursive workflows often occur during testing, and restoring a test database after an early cancellation is generally easier in the Development environment.

Let’s have a look at a few different scenarios, and how you can approach setting a depth limit for each one:

Examples:

Scenario 1:

Your longest recursive workflow schedules itself iteratively until it has processed all items on a list. In this case, depth is equal to the number of items on the list because there is one workflow run for every item. Therefore, the maximum depth in this setting should be greater than the longest list that you expect it to process.

Example:

Your longest recursive chain is a recursive workflow that iterates over a list of things and processes each item, where the list is typically around 500 things; we would recommend setting the limit at 1,000 or higher.

Scenario 2:

You build a pair of API workflows in a modular way in order to accomplish different aspects of an operation. To implement the full operation over a list, you’ve configured your workflows to schedule each other in a circular pattern as they iterate through the list. Because there would be two workflow runs for each item on the list, if this was your longest chain then you’d configure your depth setting based on 2x the longest list that you expect it to process.

Example:

Let's say the list of things to process with this pair of circular workflows is around 500. Since there are two workflow runs per item, the typical depth is around 1,000. In this case, we would recommend you set the limit at 5,000 or higher.