Security on Bubble.io, it is a fundamental pillar of development. An insecure App is vulnerable to unauthorised access, which may lead to sensitive data leaks or malicious manipulations.
In this episode of Tips & Tutos, we will get throught how to secure your Apps in less than 5 minutes.
Step 1: Database
For each new entry (or Data Type) that you are going to create, simply check the box ”Make this data type private by default“.
In this way, only the owner of the data can have access to it.
Checking this parameter at the beginning of the creation of your application allows you to start developing while waiting to have established your Privacy Rules.
To understand how do Privacy Rules work in Bubble, check our article on the subject:
→ Privacy Rules in Bubble.io: Application Security
Step 2: API settings
In Bubble, APIs allow us to expand the range of possibilities in terms of development in connecting our application to other applications that already exist.
However, it is an advanced functionality and you have to understand what you are doing as opening your application up to other Apps can also create security breaches.
→ First go to: Settings > API
→ Uncheck all fields under ”Enable Data API“ (you will activate them manually if needed)
→ Tick ”Hide Swagger API documentation access“
Step 3: Workflow APIs
When you create Workflow API, it is important to check several points:
→ Uncheck ”Expose as a public API workflow“
→ Uncheck ”This workflow can be run without authentication“
→ Uncheck ”Ignore Privacy Rules when running the workflow“
Except if you know what you are doing, of course...
Step 4: Protect your Test version
Last step, always secure your Test version !
→ Go to Settings > General
→ Tick ”Limit access to this App with a Username and Password“
→ Set a password
→ Tick ”Do not apply password for live“
