Bubble's Data API lets external applications perform CRUD operations on your database via REST endpoints. Enable it in Settings → API, then use GET for searching, POST for creating, PATCH for updating, and DELETE for removing records. Authenticate with API tokens and respect Privacy Rules. This is how mobile apps, scripts, and other services interact with your Bubble database programmatically.
Use API Calls to Interact with Bubble's Database
This tutorial covers using Bubble's built-in Data API for external database access — reading, creating, updating, and deleting records from outside Bubble.
Prerequisites
- A Bubble account with an existing app and data
- API enabled in Settings
- Postman or similar API testing tool
- Basic understanding of REST APIs and JSON
Step-by-step guide
Enable the Data API
Enable the Data API
Go to Settings → API → check 'Enable Data API'. For each Data Type, select which fields to expose. Generate an API token for authentication.
Expected result: Data API is enabled with exposed fields and authentication token.
Read Data with GET Requests
Read Data with GET Requests
GET https://yourapp.bubbleapps.io/api/1.1/obj/[type] returns a list of records. Add constraints as URL parameters: ?constraints=[{"key":"status","constraint_type":"equals","value":"active"}]. Pagination: use cursor parameter for pages of 100 records.
Expected result: You can query records with filters and pagination.
Create Records with POST
Create Records with POST
POST to the same URL with a JSON body containing field values. The response returns the new record's unique ID.
1{"name": "New Product", "price": 29.99, "category": "Electronics"}Expected result: New records are created via API.
Update and Delete Records
Update and Delete Records
PATCH https://yourapp.bubbleapps.io/api/1.1/obj/[type]/[id] with JSON body of updated fields. DELETE to the same URL removes the record.
Expected result: Records can be modified and deleted via API.
Test with Postman
Test with Postman
Set up a Postman collection: add the Authorization header (Bearer token), create requests for each operation, and test with sample data. Verify results in Bubble's Data tab.
Expected result: All CRUD operations work correctly via Postman.
Complete working example
1{2 "base_url": "https://yourapp.bubbleapps.io/api/1.1",3 "authentication": {4 "header": "Authorization: Bearer YOUR_API_TOKEN"5 },6 "endpoints": {7 "list_products": {8 "method": "GET",9 "url": "/obj/product",10 "params": "?constraints=[{\"key\":\"status\",\"constraint_type\":\"equals\",\"value\":\"active\"}]&sort_field=created_date&descending=true&limit=50"11 },12 "get_product": {13 "method": "GET",14 "url": "/obj/product/UNIQUE_ID"15 },16 "create_product": {17 "method": "POST",18 "url": "/obj/product",19 "body": {"name": "value", "price": 0, "category": "value"}20 },21 "update_product": {22 "method": "PATCH",23 "url": "/obj/product/UNIQUE_ID",24 "body": {"price": 39.99}25 },26 "delete_product": {27 "method": "DELETE",28 "url": "/obj/product/UNIQUE_ID"29 }30 }31}Common mistakes when using API calls to interact with the database in Bubble.io: Step-by-Step
Why it's a problem: Exposing the API token in client-side code
How to avoid: Only use the token in server-side contexts. Never embed in JavaScript or mobile app code.
Why it's a problem: Not handling pagination for large datasets
How to avoid: Use the cursor parameter: first request returns a cursor, pass it in the next request to get the next page.
Why it's a problem: Ignoring Privacy Rules in API calls
How to avoid: For admin-level API access, create a separate API token linked to an admin user, or use backend workflows with 'Ignore privacy rules'.
Best practices
- Never expose API tokens in client-side code.
- Handle pagination for datasets larger than 100 records.
- Use constraints to filter data server-side rather than fetching everything.
- Test all endpoints in Postman before integrating with external apps.
- Monitor API usage to stay within rate limits.
- Only expose the fields external apps actually need.
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
I need to access my Bubble.io database from an external Python script. How do I enable the Data API, authenticate, and perform GET, POST, PATCH, and DELETE operations on my Product data type?
Enable the Data API for the Product data type. Expose name, price, category, and status fields. Generate an API token. Show me the endpoint URLs for CRUD operations.
Frequently asked questions
Is the Data API available on the free plan?
Yes. The Data API works on all plans, but rate limits and data storage vary.
What is the rate limit for the Data API?
Limits vary by plan. Monitor your usage in Settings → Metrics. High-frequency access should implement caching.
Can I use the API with a mobile app?
Yes, but never embed the API token in the mobile app code. Use a server-side proxy to handle authentication.
How do I bulk import data via API?
Send POST requests in a loop with appropriate delays to respect rate limits. For large imports, Bubble's CSV import in the Data tab is faster.
Does the API support real-time updates?
No. The Data API is request-response only. For real-time updates, use Bubble's webhook system to push changes to external apps. For complex API architectures, RapidDev can design and implement robust integration patterns.
Can I create custom API endpoints beyond CRUD?
Yes. Use backend workflows exposed as public API endpoints for custom logic beyond simple CRUD operations.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation