Skip to main content
RapidDev - Software Development Agency
bubble-integrationsBubble API Connector

AliExpress API

Connecting Bubble to AliExpress is Advanced difficulty because Bubble cannot compute HMAC-MD5 signatures natively — and AliExpress requires a signature on every API call. The practical solution is a Cloudflare Worker signing proxy: Bubble calls the Worker, the Worker holds the App Secret and computes the signature, then forwards to AliExpress. This guide covers both the simpler Affiliate product search path and the full dropshipping order management path with OAuth.

What you'll learn

  • Why AliExpress requires HMAC-MD5 request signatures and why Bubble cannot compute them natively
  • How to build a Cloudflare Worker signing proxy that holds the App Secret and forwards signed requests to AliExpress
  • How to configure Bubble's API Connector to call the Cloudflare Worker proxy instead of AliExpress directly
  • How to use the AliExpress Affiliate product search method to find and import products into a Bubble Data Thing
  • How the AliExpress Order API OAuth flow works and what additional steps it requires beyond app-level signing
  • How to handle AliExpress's deeply nested response structure and uppercase order status codes in Bubble
Book a free consultation
4.9Clutch rating
600+Happy partners
17+Countries served
190+Team members
Advanced23 min read4–8 hoursE-commerceLast updated July 2026RapidDev Engineering Team
TL;DR

Connecting Bubble to AliExpress is Advanced difficulty because Bubble cannot compute HMAC-MD5 signatures natively — and AliExpress requires a signature on every API call. The practical solution is a Cloudflare Worker signing proxy: Bubble calls the Worker, the Worker holds the App Secret and computes the signature, then forwards to AliExpress. This guide covers both the simpler Affiliate product search path and the full dropshipping order management path with OAuth.

Quick facts about this guide
FactValue
ToolAliExpress API
CategoryE-commerce
MethodBubble API Connector
DifficultyAdvanced
Time required4–8 hours
Last updatedJuly 2026

AliExpress in Bubble — the HMAC-MD5 signing problem and the Cloudflare Worker solution

AliExpress Open Platform is the highest-impression integration in this e-commerce series (5,542 impressions at position 13.5) for one reason: every guide that tries to describe AliExpress + Bubble either glosses over the signing requirement or gives up. This guide addresses it directly.

The fundamental problem: AliExpress requires every API request to include a `sign` parameter computed by sorting all request parameters alphabetically, concatenating them with the App Secret as a prefix and suffix, then applying HMAC-MD5 to the resulting string. This is a cryptographic operation that Bubble's API Connector cannot perform — there is no native HMAC or hash function available in Bubble workflows.

The practical solution is a **Cloudflare Worker proxy**. The Worker is a small JavaScript function running on Cloudflare's global edge network — free tier covers 100,000 requests per day. Bubble's API Connector calls your Worker URL with the unsigned request parameters. The Worker looks up the App Secret from its own environment variables (never passed to Bubble), computes the HMAC-MD5 signature, appends it to the AliExpress request, and forwards to `https://api-sg.aliexpress.com/rest`. The Worker returns AliExpress's response to Bubble.

There are two API tiers in AliExpress Open Platform:

**Affiliate API** (lower barrier): product search, commission link generation, sales tracking. Requires an AliExpress affiliate account. The signing uses a standard HMAC-SHA256 or MD5 algorithm — same proxy approach applies. The `tracking_id` (your affiliate ID) is required for product search; missing it returns empty results with no error message.

**Order Management API** (higher barrier): supplier order placement, order tracking, DSR scores. Requires explicit AliExpress approval (1-3 business days) and a user OAuth token (the `session` parameter) obtained from an AliExpress seller consent flow — adding a layer of complexity beyond the signing proxy. This path also requires a Bubble Backend Workflow for the OAuth callback, which needs a paid Bubble plan.

For most Bubble dropshipping founders, the practical starting point is the Affiliate product search + a manual or semi-automated order placement flow, with the full Order API as a later phase.

Integration method

Bubble API Connector

Bubble API Connector pointing to a Cloudflare Worker signing proxy, which holds the App Secret and computes the HMAC-MD5 request signature before forwarding calls to the AliExpress Open Platform gateway at api-sg.aliexpress.com.

Prerequisites

  • An AliExpress affiliate account or Open Platform developer account at developers.aliexpress.com (separate from a regular AliExpress shopping account)
  • An approved AliExpress Open Platform application with App Key and App Secret
  • A Cloudflare account (free tier at cloudflare.com) for the Worker signing proxy
  • The API Connector plugin installed in your Bubble app (Plugins tab → Add plugins → search 'API Connector' → Install)
  • For the Order Management API: explicit API category approval from AliExpress (apply 1-3 business days before building), a Bubble paid plan for Backend Workflows, and an active AliExpress seller or affiliate account

Step-by-step guide

1

Register an AliExpress Open Platform application and collect App Key and App Secret

Go to developers.aliexpress.com and sign in with an AliExpress account (or create one — AliExpress accounts are free). Navigate to 'My Apps' → 'Create App.' Fill in the app details: - **App Name**: your Bubble app's name - **App Category**: select 'AliExpress Affiliate' for the product search path, or 'AliExpress DS' (dropshipping) for order management - **App Description**: describe your use case After creating the app, you receive an **App Key** (also called App ID) and **App Secret**. Copy both. The App Key is public — it is included as a parameter in every API call. The App Secret is private — it is used only for signing and must NEVER appear in Bubble's API Connector or any frontend code. For the Affiliate product search, go to the AliExpress Affiliate program at portals.aliexpress.com and find your **Tracking ID** (also called Publisher ID or Affiliate ID). This is a required parameter in the affiliate product query method — missing it returns empty results without any error message. For Order Management API access: in your app's dashboard, navigate to 'API Categories' and apply for 'Trade Order' access. AliExpress reviews the application and approves within 1-3 business days. Do not start building the order integration until approval is confirmed — testing against a non-approved category returns a permission error that is unrelated to your code.

aliexpress_credentials.txt
1// AliExpress Open Platform credentials:
2// App Key (public): 12345678
3// App Secret (PRIVATE): abc123xyz456secret789 ← NEVER put in Bubble
4// Tracking ID (affiliate): affiliate_ID_here
5
6// AliExpress API gateway URLs:
7// Southeast Asia (default): https://api-sg.aliexpress.com/rest
8// EU alternative: https://api-eu.aliexpress.com/rest (if applicable)
9
10// How the signing works (conceptual — will be implemented in Cloudflare Worker):
11// 1. Collect all request parameters including app_key, timestamp, method, etc.
12// 2. Sort parameter names alphabetically
13// 3. Concatenate: APP_SECRET + key1value1key2value2... + APP_SECRET
14// 4. HMAC-MD5 the concatenated string using APP_SECRET as key
15// 5. Uppercase the hex result → this is the 'sign' parameter
16
17// Example unsigned call parameters:
18// method=aliexpress.affiliate.product.query
19// app_key=12345678
20// timestamp=2026-01-27 14:32:00
21// sign_method=hmac
22// keywords=wireless+headphones
23// page_no=1
24// page_size=20
25// tracking_id=your_affiliate_id

Pro tip: AliExpress Open Platform has different base URLs for different regions. The Singapore gateway (api-sg.aliexpress.com) is the primary endpoint for most accounts. If your account was created via an EU affiliate portal, you may need to use api-eu.aliexpress.com. Test both endpoints if one returns unexpected errors.

Expected result: You have an AliExpress Open Platform app with App Key and App Secret. You have your affiliate Tracking ID. App Key and Tracking ID are noted for use in Bubble. App Secret is noted for use in the Cloudflare Worker — it will not be entered into Bubble.

2

Build the Cloudflare Worker signing proxy

The Cloudflare Worker is the technical core of this integration. It receives unsigned requests from Bubble, adds the HMAC-MD5 signature, and forwards to AliExpress. Set up is free on Cloudflare's free tier. **Step 1 — Create the Worker.** Go to dash.cloudflare.com → Workers & Pages → Create application → Create Worker. Name it `aliexpress-proxy` and click 'Deploy.' **Step 2 — Add your App Secret as an environment variable.** In the Worker settings, go to Settings → Variables → Add variable. Name: `ALIEXPRESS_APP_SECRET`, Value: your App Secret. Click 'Save and Deploy.' This stores the secret in Cloudflare's secure environment — it never appears in the Worker code and is never accessible to Bubble. **Step 3 — Write the Worker code.** In the Worker editor, replace the default code with the signing proxy implementation below. The Worker: - Receives a GET request from Bubble with parameters (method, keywords, etc.) - Adds required AliExpress parameters: app_key, timestamp, sign_method - Reads App Secret from environment variables - Sorts all parameters alphabetically, concatenates as key+value pairs with App Secret as prefix and suffix - Computes HMAC-SHA256 (or MD5) — AliExpress accepts both for Affiliate API - Appends the `sign` parameter to the AliExpress request - Forwards to `https://api-sg.aliexpress.com/rest` - Returns the response to Bubble **Step 4 — Add CORS headers.** Bubble calls your Worker from its server-side environment, so CORS is not strictly required. But add `Access-Control-Allow-Origin: *` headers to the Worker response for compatibility with any client-side Bubble testing. After deploying, your Worker URL will be `https://aliexpress-proxy.YOUR_SUBDOMAIN.workers.dev`. This is the URL you enter in Bubble's API Connector — not the AliExpress URL directly.

cloudflare_worker_aliexpress_proxy.js
1// Cloudflare Worker: aliexpress-proxy
2// Paste this as the Worker script in the Cloudflare editor
3
4export default {
5 async fetch(request, env) {
6 const url = new URL(request.url);
7 const params = Object.fromEntries(url.searchParams);
8
9 // Add required AliExpress parameters
10 params.app_key = env.ALIEXPRESS_APP_KEY || '12345678'; // your App Key (public)
11 params.timestamp = new Date().toISOString()
12 .replace('T', ' ')
13 .substring(0, 19); // 'YYYY-MM-DD HH:mm:ss'
14 params.sign_method = 'sha256';
15 params.format = 'json';
16
17 // Sort params alphabetically and concatenate
18 const sortedKeys = Object.keys(params).sort();
19 const toSign = sortedKeys.map(k => `${k}${params[k]}`).join('');
20
21 // Compute HMAC-SHA256 signature
22 const appSecret = env.ALIEXPRESS_APP_SECRET;
23 const encoder = new TextEncoder();
24 const keyData = encoder.encode(appSecret);
25 const messageData = encoder.encode(appSecret + toSign + appSecret);
26
27 const cryptoKey = await crypto.subtle.importKey(
28 'raw', keyData,
29 { name: 'HMAC', hash: 'SHA-256' },
30 false, ['sign']
31 );
32 const signature = await crypto.subtle.sign('HMAC', cryptoKey, messageData);
33 const signHex = [...new Uint8Array(signature)]
34 .map(b => b.toString(16).padStart(2, '0'))
35 .join('')
36 .toUpperCase();
37
38 params.sign = signHex;
39
40 // Build AliExpress request URL
41 const aliexpressUrl = new URL('https://api-sg.aliexpress.com/rest');
42 Object.entries(params).forEach(([k, v]) => aliexpressUrl.searchParams.set(k, v));
43
44 // Forward to AliExpress
45 const response = await fetch(aliexpressUrl.toString(), {
46 method: 'POST', // AliExpress REST API uses POST for most methods
47 headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
48 body: new URLSearchParams(params).toString()
49 });
50
51 const data = await response.json();
52
53 return new Response(JSON.stringify(data), {
54 headers: {
55 'Content-Type': 'application/json',
56 'Access-Control-Allow-Origin': '*'
57 }
58 });
59 }
60};

Pro tip: Add ALIEXPRESS_APP_KEY as a second environment variable in the Worker settings so the App Key is also stored in Cloudflare rather than hardcoded in the Worker script. This makes rotating credentials easier — update only the environment variable, not the code. Go to Worker Settings → Variables → add both ALIEXPRESS_APP_SECRET and ALIEXPRESS_APP_KEY.

Expected result: Your Cloudflare Worker is deployed and accessible at https://aliexpress-proxy.YOUR_SUBDOMAIN.workers.dev. When you visit the URL in a browser with test parameters (method=aliexpress.affiliate.product.query&keywords=headphones&tracking_id=YOUR_ID), you see a JSON response from AliExpress (either product results or an error indicating a missing required parameter — both confirm the signing is working).

3

Configure Bubble API Connector to call the Cloudflare Worker proxy

With the Worker deployed, configure Bubble to use it. In your Bubble editor, go to Plugins → API Connector. Click 'Add another API' and name it 'AliExpress Proxy.' Set the base URL to your Cloudflare Worker URL: `https://aliexpress-proxy.YOUR_SUBDOMAIN.workers.dev`. No trailing slash. No authentication headers are needed for the Worker connection — the Worker itself handles authentication with AliExpress. However, if you want to add a basic API key to your Worker (to prevent unauthorized use of your proxy), add a header `X-Proxy-Key: YOUR_PROXY_SECRET` in Bubble and check the Private checkbox, then verify this header in the Worker code before forwarding. Add the Initialize Call for product search. Click 'Add another call' and name it 'Search Products.' Set method POST (AliExpress REST API uses POST for method-based calls). Set URL to `/` (empty path — all parameters are in the body or query). Set body type to 'Form urlencoded' or use URL parameters — the Worker accepts both since it reads `url.searchParams`. Add parameters: - `method`: `aliexpress.affiliate.product.query` (text, can be static) - `keywords`: `wireless headphones` (text, dynamic) - `page_no`: `1` (text, dynamic) - `page_size`: `20` (text, static) - `tracking_id`: `YOUR_AFFILIATE_TRACKING_ID` (text, static) - `fields`: `productId,productTitle,salePrice,productMainImageUrl,evaluateRate,lastestVolume,affiliateLink` (text, static — limits response fields) Click Initialize call. The Worker signs the request and returns AliExpress's product search response. Bubble detects the deeply nested response fields.

bubble_aliexpress_proxy_connector.json
1// Bubble API Connector: AliExpress Proxy
2// Base URL: https://aliexpress-proxy.YOUR_SUBDOMAIN.workers.dev
3//
4// No authentication headers required
5// (optional: X-Proxy-Key for proxy security, mark Private)
6//
7// Initialize Call: POST /
8// Parameters (passed to Worker as query params or form body):
9// method: aliexpress.affiliate.product.query
10// keywords: <dynamic: search keyword input>
11// page_no: 1 (dynamic for pagination)
12// page_size: 20
13// tracking_id: YOUR_AFFILIATE_TRACKING_ID
14// fields: productId,productTitle,salePrice,productMainImageUrl,evaluateRate,lastestVolume,affiliateLink
15//
16// AliExpress response structure (DEEPLY nested):
17// {
18// "aliexpress_affiliate_product_query_response": {
19// "resp_result": {
20// "resp_code": 200,
21// "resp_msg": "查询成功",
22// "result": {
23// "current_page_no": 1,
24// "current_record_count": 20,
25// "total_record_count": 4823,
26// "products": {
27// "product": [
28// {
29// "product_id": 1005004590816226,
30// "product_title": "Wireless Bluetooth Headphones...",
31// "sale_price": "USD 12.99",
32// "product_main_image_url": "https://ae01.alicdn.com/...",
33// "evaluate_rate": "96.5%",
34// "lastest_volume": 3842,
35// "promotion_link": "https://s.click.aliexpress.com/..."
36// }
37// ]
38// }
39// }
40// }
41// }
42// }

Pro tip: After Initialize call succeeds, expand the full nested path in Bubble's response field detector to find the actual product data. The path is: aliexpress_affiliate_product_query_response → resp_result → result → products → product → [array items]. In your Repeating Group, set the data source list to this nested `product` array path. This is the deepest nesting in any e-commerce API covered in this guide.

Expected result: The API Connector Initialize call returns a JSON response from AliExpress (via the Cloudflare Worker). Bubble detects the deeply nested response fields including product_title, sale_price, and product_main_image_url. The nested path to the products array is visible in the Initialize call response tree.

4

Build product search and catalog import workflows in Bubble

With the proxy call initialized, build the product search interface and catalog import workflow in Bubble. **Product search display:** Add an Input element for the search keyword. Add a Repeating Group. Set the Repeating Group's data source to the API Connector call 'AliExpress Proxy → Search Products,' with `keywords` bound to the Input element's value. In each Repeating Group cell, add: - An Image element with Source URL bound to `current cell's product_main_image_url` - A Text element bound to `current cell's product_title` - A Text element bound to `current cell's sale_price` - A Text element bound to `current cell's evaluate_rate` (seller rating, e.g. '96.5%') - A Text element bound to `current cell's lastest_volume` (recent sales count — an indicator of product demand) For **pagination**: bind `page_no` to a number state variable `ali_page` (default 1). Add Next/Previous buttons that increment/decrement the state. **Catalog import:** Add an 'Import Product' button in each Repeating Group cell. When clicked, trigger a workflow: 1. Create a new 'AliProduct' Data Thing (create this data type first in the Data tab) with fields: ali_product_id (text), title (text), price (text), image_url (text), affiliate_link (text), rating (text), sales_volume (number), imported_at (date) 2. Set field values from the current cell's API response data 3. Show a confirmation message This imports AliExpress products into your Bubble database for display in your customer-facing storefront — customers browse the imported catalog, not the live AliExpress API, keeping your storefront fast and reducing proxy calls.

aliexpress_catalog_import.txt
1// AliProduct Data Thing fields (create in Bubble Data tab):
2// ali_product_id (text)
3// title (text)
4// price (text)
5// image_url (text)
6// affiliate_link (text)
7// rating (text)
8// sales_volume (number)
9// category (text)
10// supplier_url (text)
11// imported_at (date)
12// is_active (yes/no, default yes)
13
14// Workflow: Import AliExpress product to Bubble
15// Trigger: Button 'Import' clicked in Repeating Group cell
16// Action: Create a new AliProduct
17// ali_product_id = current cell's product_id (convert to text)
18// title = current cell's product_title
19// price = current cell's sale_price
20// image_url = current cell's product_main_image_url
21// affiliate_link = current cell's promotion_link (or affiliate_link)
22// rating = current cell's evaluate_rate
23// sales_volume = current cell's lastest_volume (convert to number)
24// imported_at = Current date/time
25
26// AliExpress order status codes (for order management API):
27// FINISH = Completed
28// WAIT_BUYER_ACCEPT_GOODS = Awaiting delivery confirmation
29// IN_ISSUE = Dispute open
30// RISK_CONTROL = Under risk review
31// WAIT_SELLER_SEND_GOODS = Awaiting shipment
32// FUND_PROCESSING = Payment processing

Pro tip: AliExpress order status codes are uppercase enum strings — store a mapping in a Bubble Data Thing (or use an Option Set) to convert them to human-readable labels. For example, map 'WAIT_BUYER_ACCEPT_GOODS' to 'Awaiting Delivery Confirmation.' Display the mapped label, not the raw status code, in your customer-facing interfaces.

Expected result: The search input and Repeating Group load AliExpress products via the Cloudflare Worker proxy. Products show title, price, rating, and image. The Import button creates an AliProduct record in the Bubble database. The AliProduct data type is visible in the Data tab with imported products.

5

Handle the OAuth seller consent flow for Order Management API (Advanced)

The AliExpress Order Management API requires a **user access token** — the `session` parameter — in addition to the app-level signature. This is because order data belongs to a specific AliExpress seller account that must authorize your app. This path requires AliExpress Order API category approval and a Bubble paid plan. **OAuth flow overview:** 1. Your Bubble app redirects the seller to AliExpress's OAuth consent URL 2. The seller authorizes your app and AliExpress redirects to your callback page with a `code` parameter 3. Your Bubble Backend Workflow exchanges the code for an `access_token` and `refresh_token` 4. The access token becomes the `session` parameter in subsequent Order API calls (alongside the HMAC signature) This session token is valid for a period set by AliExpress — check current TTL in the AliExpress developer documentation. The refresh flow uses the `aliexpress.account.token.refresh` API method. Build the consent flow: 1. Create a 'Connect AliExpress' button that triggers a 'Go to external website' action pointing to the AliExpress OAuth URL: `https://oauth.aliexpress.com/authorize?response_type=code&client_id={AppKey}&redirect_uri={YourCallbackURL}&state=random_string` 2. Create a Bubble page at your callback path (e.g., `/aliexpress-callback`). On page load, read the `code` URL parameter. 3. In a Backend Workflow, exchange the code for tokens: call the Cloudflare Worker with `method=aliexpress.system.oauth.token` and `code={code}&redirect_uri={callbackURL}`. The Worker signs and forwards; AliExpress returns `access_token`, `refresh_token`, and `expire_time`. 4. Store the access token in a Bubble Data Thing (AliexpressSession) with the seller's ID and expiry. Use Privacy rules to restrict access. 5. For subsequent Order API calls, pass `session` as an additional parameter to the Cloudflare Worker — the Worker adds it to the AliExpress request alongside the signature. RapidDev's team has experience building OAuth flows for international marketplace APIs. For the full AliExpress seller integration with order automation, reach out at rapidevelopers.com/contact for a scoping call.

aliexpress_oauth_flow.txt
1// AliExpress OAuth consent URL:
2https://oauth.aliexpress.com/authorize
3 ?response_type=code
4 &client_id={YOUR_APP_KEY}
5 &redirect_uri=https://yourapp.bubbleapps.io/aliexpress-callback
6 &state=random_state_string
7
8// Token exchange (via Cloudflare Worker → AliExpress):
9// Bubble calls Worker with:
10// method=aliexpress.system.oauth.token
11// code={authorization_code_from_URL}
12// redirect_uri=https://yourapp.bubbleapps.io/aliexpress-callback
13//
14// AliExpress returns:
15// { "access_token": "5000...abc", "refresh_token": "6000...xyz", "expire_time": "2026-04-10 14:32:00" }
16
17// Order management API call (with session):
18// Bubble calls Worker with:
19// method=aliexpress.trade.order.get
20// session={stored access_token}
21// page_no=1
22// page_size=20
23//
24// Order status filtering:
25// order_status=WAIT_SELLER_SEND_GOODS (awaiting shipment)
26// or: order_status=FINISH (completed)
27
28// AliExpressSession Data Thing:
29// access_token (text)
30// refresh_token (text)
31// expire_time (date)
32// seller_id (text)
33// store_name (text)

Pro tip: The AliExpress Order Management API requires explicit category approval — apply before starting development. The approval process can take 1-3 business days and requires describing your use case. Without approval, Order API method calls return a 'no permission' error that looks identical to a signing error, causing confusion. Verify your approval status in the AliExpress developer console before debugging.

Expected result: After a seller completes the AliExpress OAuth consent screen and is redirected to your Bubble callback page, a Backend Workflow exchanges the authorization code for access and refresh tokens. The tokens are stored in the AliExpressSession Data Thing. Subsequent Order API calls via the Worker include the session token and return the seller's order history.

6

Test the signing proxy, handle error responses, and monitor WU usage

Before going live, validate the full integration and set up error handling. **Verify the Cloudflare Worker:** Open the Worker's real-time log viewer in Cloudflare Dashboard → Workers → aliexpress-proxy → Logs. Click 'Begin log stream.' Then trigger a product search from Bubble. You should see the Worker log an incoming request, the signing computation, and the forwarded AliExpress request. Any signing errors appear here before they reach Bubble. **Handle 'sign check failure' errors:** AliExpress returns `"error_response": { "code": 27, "msg": "Invalid Session" }` or `"code": 15, "msg": "sign check failure"` when signing is wrong. Common causes: - Parameters modified after signing (the Worker signs, then Bubble adds extra params) - Timestamp format mismatch (must be `YYYY-MM-DD HH:mm:ss` in AliExpress's timezone) - App Secret with a leading/trailing space in the Cloudflare environment variable **Handle missing tracking_id:** AliExpress Affiliate product search returns an empty `product` array (not an error) when the `tracking_id` is missing or invalid. Bubble displays an empty Repeating Group. Add an 'Only when' condition to the search workflow that checks the search results count before running import actions. **Monitor Workload Units:** Each API call to your Cloudflare Worker proxy consumes WU in Bubble. Product search calls with large result sets and deep nesting are WU-intensive. Cache imported products in the AliProduct Data Thing rather than calling AliExpress on every customer page load — your customer storefront should browse the Bubble database, not make live AliExpress API calls for each visitor. **Cloudflare Worker request limits:** The free tier allows 100,000 Worker invocations per day. For a busy dropshipping research tool, track usage in Cloudflare Dashboard → Workers → Analytics. If you approach the limit, consider caching AliExpress responses in the Worker using Cloudflare Cache API or KV storage.

aliexpress_error_handling_and_monitoring.txt
1// AliExpress error response structure:
2// { "error_response": { "code": 27, "msg": "Invalid Session" } }
3// { "error_response": { "code": 15, "msg": "sign check failure" } }
4// { "error_response": { "code": 50, "msg": "Remote service error" } }
5
6// In Bubble API Connector:
7// Check the Initialize call response for error_response field
8// Add an error handling state in your Bubble page:
9// If API result's error_response is not empty → display error message
10
11// Cloudflare Worker: add response caching for popular searches
12// Add to Worker code before forwarding to AliExpress:
13const cacheKey = new Request(aliexpressUrl.toString());
14const cache = caches.default;
15let cachedResponse = await cache.match(cacheKey);
16if (cachedResponse) { return cachedResponse; }
17// ... forward to AliExpress ...
18// After response:
19const freshResponse = new Response(JSON.stringify(data), { headers: {...} });
20freshResponse.headers.set('Cache-Control', 'max-age=3600'); // cache 1 hour
21await cache.put(cacheKey, freshResponse.clone());
22return freshResponse;
23
24// Bubble WU-saving pattern:
25// Product searches from your TEAM → hit live AliExpress API via Worker
26// Customer storefront browsing → read from AliProduct Data Thing (no API call)
27// Scheduled resync → update AliProduct records nightly via Backend Workflow

Pro tip: Add a `X-Request-ID` header to your Cloudflare Worker responses that echoes a timestamp or UUID. Log this in Bubble's Logs tab alongside each API call. When debugging failed requests, provide this ID to Cloudflare's log viewer to match the Bubble call with the Worker execution — especially helpful when diagnosing signing failures vs. AliExpress service errors.

Expected result: The Cloudflare Worker log stream shows incoming requests from Bubble, the signed AliExpress URLs, and successful responses. Product searches return results in Bubble's Repeating Group. Error responses show in the response object's error_response field rather than causing Bubble Initialize failures. Imported products appear in the AliProduct Data Thing.

Common use cases

AliExpress product catalog import for a Bubble dropshipping store

Build a Bubble app that searches AliExpress products by keyword or category, displays results with product titles, images, prices, and seller ratings, and lets your team import selected products into a Bubble Data Thing to create a curated dropshipping storefront. The Cloudflare Worker handles all request signing, so Bubble only needs to pass search keywords.

Bubble Prompt

On the product search page, when a user enters a keyword and clicks Search, send a GET request to your Cloudflare Worker proxy URL with parameters: method=aliexpress.affiliate.product.query, keywords=user input, page_no=1, page_size=20, tracking_id=your affiliate ID. Display the response products in a Repeating Group with product_title, product_main_image_url, sale_price, and evaluate_rate. Add an 'Import' button that creates a Product Data Thing with these fields.

Copy this prompt to try it in Bubble

Dropshipping supplier research tool

Build a Bubble research dashboard for finding reliable AliExpress suppliers for specific product categories. Query product search with DSR (Detail Seller Rating) filters, compare prices across suppliers, and track volume numbers to identify top-performing products. Save promising suppliers to a Suppliers Data Thing for later outreach.

Bubble Prompt

Search AliExpress products with the Affiliate API for a target keyword. For each result, display product_title, sale_price, evaluate_rate (seller rating), lastest_volume (recent sales count), and shop_url. Filter the Repeating Group in Bubble to show only items with evaluate_rate above 4.5. Add a Save Supplier button that creates a Supplier Data Thing with shop_url, min_price, and keyword.

Copy this prompt to try it in Bubble

Affiliate link generator for content creators

Build a Bubble tool for affiliate marketers that searches AliExpress products and generates custom tracking affiliate links with the affiliate_link field from the API response. The content creator enters a product keyword, browses results with commissions and prices shown, and generates shareable affiliate URLs — all from a Bubble interface without visiting AliExpress directly.

Bubble Prompt

When a user searches by keyword via your Cloudflare Worker proxy (method=aliexpress.affiliate.product.query), display each result's product_title, sale_price, commission_rate, and affiliate_link from the API response. Add a 'Copy Link' button that copies the affiliate_link value to clipboard using Bubble's clipboard action.

Copy this prompt to try it in Bubble

Troubleshooting

AliExpress returns 'sign check failure' (code 15) — all API calls fail with this error

Cause: The HMAC signature computation in the Cloudflare Worker has an error — either the parameter concatenation order is wrong, the App Secret has leading/trailing whitespace in the Cloudflare environment variable, or the timestamp format does not match AliExpress's expected format ('YYYY-MM-DD HH:mm:ss').

Solution: First, check the App Secret in Cloudflare Dashboard → Workers → aliexpress-proxy → Settings → Variables. Click Edit to view the value and verify there are no leading or trailing spaces. Second, in the Worker code, add a `console.log` before the signing step to print the string being signed — view it in the Worker log stream. Compare it to AliExpress's signing documentation. Third, verify the timestamp format — AliExpress requires 'YYYY-MM-DD HH:mm:ss' in UTC, not ISO 8601 format ('2026-01-27T14:32:00Z').

typescript
1// Add to Cloudflare Worker for debugging:
2console.log('Signing string:', appSecret + toSign + appSecret);
3console.log('Timestamp used:', params.timestamp);
4console.log('App Secret length:', appSecret.length); // verify no extra chars

AliExpress Affiliate product search returns an empty 'product' array even for valid keywords

Cause: The `tracking_id` parameter (affiliate ID) is missing, invalid, or set to a placeholder value. AliExpress's affiliate product query silently returns no results rather than an error when the tracking ID is missing — this is AliExpress's documented behavior, not a Bubble or Worker issue.

Solution: Verify your tracking_id (affiliate ID / publisher ID) in the AliExpress Affiliate portal at portals.aliexpress.com → your account → Tracking ID. It is a numeric or alphanumeric identifier, not your AliExpress login. Add it as a static parameter in the Bubble API Connector call or in the Cloudflare Worker's default parameters. After adding the correct tracking_id, the same search keywords should return product results.

Bubble's Repeating Group shows empty even though the Cloudflare Worker returns a 200 response

Cause: AliExpress's response is deeply nested under multiple wrapper keys. The actual product array is at: `aliexpress_affiliate_product_query_response.resp_result.result.products.product`. Bubble's Repeating Group data source must point exactly to this nested path — if bound to the top-level response, all cells show empty.

Solution: In Bubble's API Connector, click the Initialize call response to expand the nested structure. Navigate through each key: aliexpress_affiliate_product_query_response → resp_result → result → products → product. This innermost 'product' is the array. Set the Repeating Group's data source to this exact nested path (Bubble uses dot notation to traverse the response tree). Each cell's field references (product_title, sale_price, etc.) are then relative to each array item.

Order Management API calls return 'no permission' or 'api category not open' even with correct signing

Cause: Your AliExpress Open Platform application has not been approved for the Order Management API category. AliExpress requires explicit approval per API category — building against a non-approved category always returns permission errors regardless of credentials or signing correctness.

Solution: In your AliExpress developer console (developers.aliexpress.com → My Apps → your app → API Categories), check the status of 'Trade Order' or 'AliExpress DS' category access. If status shows 'Not Applied' or 'Under Review,' wait for approval before testing Order API methods. If the application was rejected, review AliExpress's rejection reason and reapply with more specific use case documentation. Apply 1-3 business days before your expected start of development.

Best practices

  • Never put your AliExpress App Secret in Bubble — not in the API Connector, not in a database field, not in a workflow parameter. The App Secret belongs only in Cloudflare Worker environment variables, stored in Cloudflare's encrypted secrets store. Bubble only receives signed responses, never the signing material.
  • Secure your Cloudflare Worker proxy with a custom API key header (`X-Proxy-Key`) that Bubble passes as a Private header. Add a check in the Worker that rejects requests without this header — prevents unauthorized parties from using your proxy and burning through your AliExpress API quota.
  • Import AliExpress products into Bubble Data Things rather than calling AliExpress live on customer-facing page loads. Your storefront should read from the Bubble database (fast, no API latency, no WU cost per view). Only call the AliExpress API for catalog refreshes (scheduled nightly) and new product searches by your team.
  • Apply for AliExpress Order API category access before starting development — the 1-3 day approval window is the biggest scheduling risk in this integration. Submit the application on day 1 of your project timeline, not when you're ready to build the order workflow.
  • Handle AliExpress's 'sign check failure' errors with a clear user-facing message and an internal alert to your team — these errors indicate a system-level problem (expired credentials, Worker code change) rather than a user action error. Log the Worker request ID alongside Bubble workflow logs for correlation.
  • Use Cloudflare Worker caching (Cache API or KV storage) for popular product searches — cache results for 1-6 hours depending on how frequently AliExpress product data changes. This reduces both AliExpress API quota consumption and Cloudflare Worker invocation count.
  • Store AliExpress order status codes as-is in Bubble text fields and use an Option Set or Data Thing mapping to convert them to human-readable labels in your UI. Status codes like 'WAIT_BUYER_ACCEPT_GOODS' should display as 'Awaiting Delivery Confirmation' — never show raw AliExpress status strings to customers.

Alternatives

Frequently asked questions

Is the Cloudflare Worker proxy free?

Yes for most dropshipping use cases. Cloudflare Workers free tier includes 100,000 requests per day and 10ms CPU time per request — more than sufficient for product research tools and small dropshipping stores. If your product search volume exceeds 100,000 requests per day, Cloudflare Workers paid tier starts at $5/month for 10 million requests. The Worker only runs when Bubble makes a request — no idle costs.

Can I connect to AliExpress without building a Cloudflare Worker?

For the Affiliate product search, there is an alternative: some affiliate API versions accept a simpler signing method that can be pre-computed with a static signature for a specific parameter set. However, this only works for fixed, non-dynamic searches and breaks as soon as any parameter changes. For a real Bubble integration with dynamic product search, the signing proxy is necessary. A Supabase Edge Function (Deno) is an alternative to Cloudflare Worker if you already have a Supabase project.

Do I need a paid Bubble plan for this integration?

Not for the Affiliate product search and catalog import path. The API Connector calls to your Cloudflare Worker work on any Bubble plan. The paid plan requirement applies to the Order Management OAuth flow — receiving the seller consent redirect and exchanging the authorization code requires a Bubble Backend Workflow, which needs a paid Bubble plan (Starter or above).

How do I handle multiple AliExpress supplier accounts or multiple stores in Bubble?

For the Affiliate API, a single App Key and tracking ID covers all your product searches — there is no per-store separation at the affiliate tier. For the Order Management API with multiple seller accounts, each seller has a separate OAuth access token (session parameter). Store each seller's token in a Bubble Data Thing with their seller ID, and pass the relevant session to the Cloudflare Worker per request. The Worker adds the correct session to each AliExpress call based on which seller's orders you're requesting.

My AliExpress app shows 'Under Review' for the Order API — how long does approval take?

AliExpress typically reviews API category applications within 1-3 business days for standard use cases (dropshipping, affiliate). Approval requires a clear description of how you will use the API and what type of application you are building. Enterprise or high-volume use cases may require additional documentation. Apply before starting development — the approval window is the most common scheduling bottleneck in AliExpress integrations.

Can I display AliExpress product images directly in Bubble?

Yes — the product_main_image_url from AliExpress product search is a direct CDN URL (cdn.ae01.alicdn.com or similar) that can be displayed in Bubble's Image element without any proxy. Bubble loads the image URL client-side for display purposes — this is not an API call. For gallery images, the product detail API returns additional image URLs in the product_image_urls field as a list.

RapidDev

Talk to an Expert

Our team has built 600+ apps. Get personalized help with your project.

Book a free consultation

Integrations are where projects stall

We wire Bubble integrations like this one every week — auth, webhooks, edge cases included. Fixed-price builds from $13K, delivered in 6–10 weeks.

Talk to an integration engineer

We put the rapid in RapidDev

Need a dedicated strategic tech and growth partner? Discover what RapidDev can do for your business! Book a call with our team to schedule a free, no-obligation consultation. We'll discuss your project and provide a custom quote at no cost.