Migrating Bubble API Connectors: Rebuilding Every External Integration from Specs

API Connectors are Bubble's interface to the outside world. Every Stripe charge, every SendGrid email, every Twilio SMS, and every custom API call flows through an API Connector entry that stores the endpoint URL, authentication method, request headers, query parameters, and JSON body structure. During migration, every one of these configurations must be translated into a typed service client in your new codebase — and getting even one wrong means a silent integration failure.

The challenge is documentation. API Connector configurations live in Bubble's editor with no export function. A developer cannot inspect them without editor access, and even with access, clicking through, for example, 8 connectors with 23 endpoints to document every parameter is tedious and error-prone. Relis extracts these specifications automatically — endpoint URLs, auth methods, headers, parameters, and response structures for every connector — giving your development team the exact specifications they need to rebuild each integration.

Why API Connectors Are the Second-Hardest Migration Layer

After backend workflows, API Connectors are the most commonly underestimated migration component. The underestimation follows a pattern: agencies scope "3 API integrations" as a line item, when for a representative app the realistic decomposition might look more like 3 connectors × 8 endpoints × 4 auth configurations × 12 error cases — easily 100+ individual components.

The Iceberg Effect

A "Stripe integration" in Bubble is one API Connector entry. That entry contains: a customer creation endpoint, a subscription creation endpoint with proration parameters, a payment method attachment endpoint, a webhook configuration for 10+ event types, an invoice retrieval endpoint, and a refund processing endpoint. Each has specific headers, authentication, and request body structures. The plugin replacement guide covers the full scope of what each integration entails — API Connectors reveal the specific technical configurations.

The Authentication Complexity

Each API Connector uses one of several authentication methods: API key in header, Bearer token, OAuth2 with token refresh, Basic auth, or custom header authentication. During migration, each auth method must be replicated exactly — a wrong header name or missing token refresh logic causes silent authentication failures that surface as "403 Forbidden" errors in production.

Anatomy of a Bubble API Connector

Every API Connector entry contains six categories of information that must be captured for migration.

API Connector Configuration Components

Component	What It Contains	Code Equivalent
Base URL	Root URL for all endpoints in this connector	Service client base URL configuration
Authentication	API key, Bearer token, OAuth2 credentials	Auth middleware / interceptor
Shared headers	Headers applied to all calls (Content-Type, custom headers)	Default request headers
Endpoints (calls)	Individual API calls with method, path, parameters	Service client methods
Parameters	Query params, URL params, JSON body fields	Typed request interfaces
Response structure	Expected response fields and types	Typed response interfaces

Extracting Your API Specifications

Two approaches: manual extraction (clicking through the Bubble editor) or automated extraction (tools that capture connector configurations programmatically).

Manual Extraction Process

Open the API Connector panel in Bubble's editor. For each connector: document the base URL and authentication method, list every endpoint (call) with its HTTP method and path, record every parameter (name, type, whether it is dynamic or static), and note any conditional headers or environment-specific values. A medium-complexity app with 5 to 8 connectors takes 4 to 8 hours to document manually. The risk is human error — missing a parameter, recording the wrong header name, or overlooking a conditional configuration.

Automated Extraction

Relis captures every API Connector configuration automatically — base URLs, auth methods, endpoints, parameters, headers, and response structures — in a structured format ready for developer consumption. This eliminates the human error risk and reduces documentation time from hours to minutes.

The Environment Variable Map

API Connectors contain secrets: API keys, Bearer tokens, OAuth client secrets. During migration, these must become environment variables — never hardcoded. Create a mapping document: for each connector, list every secret and its corresponding environment variable name. Create separate values for development, staging, and production environments.

Translating to Typed Service Clients

Each API Connector becomes a typed service client — a module that encapsulates all calls to one external service with proper types, error handling, and authentication.

The Service Client Pattern

A well-structured service client has: a constructor that accepts base URL and authentication credentials, typed methods for each endpoint (matching the API Connector calls), request and response type definitions (TypeScript interfaces), error handling that catches and categorizes HTTP errors, and retry logic for transient failures (network timeouts, rate limits).

Type Generation from Specifications

Your API Connector documentation provides the field names and types for each request and response. Translate these to TypeScript interfaces. Bubble's dynamic parameters (values from workflows) become function parameters. Static parameters (hardcoded values in the connector) become defaults in the service client. This type-first approach catches integration errors at compile time rather than in production.

Error Classification

Bubble's API Connector silently handles many error cases — retrying on timeout, ignoring non-critical errors, and providing default responses for failures. In custom code, make error handling explicit. Classify each error type: retriable (timeout, 429 rate limit — retry with backoff), client error (400, 401, 403 — log and alert, do not retry), server error (500, 502, 503 — retry with backoff, alert if persistent), and network error (DNS failure, connection refused — retry with backoff, escalate quickly).

Authentication Patterns: From Bubble to Code

Bubble Auth Methods to Code Implementation

Bubble Auth Method	Code Implementation	Watch Out For
API Key in header	Static header on every request	Correct header name (X-API-Key vs Authorization vs custom)
Bearer token	Authorization: Bearer {token} header	Token refresh logic if tokens expire
OAuth2	OAuth2 client with token management	Token storage, refresh before expiry, redirect URIs
Basic auth	Authorization: Basic {base64(user:pass)}	Encoding format, special characters in credentials
No auth (public APIs)	No auth header needed	Rate limiting may still apply

OAuth2 Token Management

Bubble handles OAuth2 token refresh invisibly. In custom code, you must: store the access token and refresh token securely, check token expiry before each API call, refresh the token proactively (before it expires, not after), and handle refresh failures (re-authenticate the user if the refresh token is expired). In practice this often takes a couple of days per OAuth2 integration, depending on token-storage and refresh complexity — time that is routinely missed in migration estimates.

Webhook Migration: The URL Update Checklist

Every external service that sends webhooks to your Bubble app is still pointing to your Bubble URL after migration. If you do not update every webhook URL, events are lost — and the failures are silent because the service thinks it delivered successfully (Bubble returns 200 OK even though your new app never received the event).

The Webhook Audit

For every external service your app integrates with, check: does this service send webhooks? If yes, what is the current webhook URL (your Bubble endpoint)? What is the new webhook URL (your custom code endpoint)? Does the service require webhook signature verification (Stripe, GitHub, Twilio all do)? What events does your app process?

Common Webhook Sources

• Stripe: Payment success, failure, subscription changes, invoice events
• SendGrid/Resend: Email delivery, bounce, open, click events
• Twilio: SMS delivery status, call status callbacks
• GitHub: Push events, PR events (if your app integrates with repos)
• Zapier/Make: Custom automation triggers pointed at your Bubble API

The Signature Verification Requirement

Most production webhook providers sign their payloads with a secret. Your new webhook endpoint must verify this signature before processing the event — otherwise anyone can send fake events to your endpoint. Stripe uses a stripe-signature header with HMAC (Stripe webhook signature docs). Twilio uses request signing with the account auth token (Twilio webhook security docs). Each provider has its own verification method — implement it for every webhook endpoint.

Frequently Asked Questions

Extract the Specs, Then Rebuild with Confidence

1. API Connectors hold more complexity than their name suggests: A "Stripe integration" is not one thing — it is 6+ endpoints, authentication, webhook processing, and error handling. Each connector must be decomposed into its component parts for accurate scoping.
2. Extract specifications before development: Every endpoint URL, auth method, header, parameter, and response structure must be documented. Manual extraction takes hours and risks human error. Automated extraction with Relis captures everything in minutes.
3. Build typed service clients: Each connector becomes a typed module with request/response interfaces, explicit error handling, and retry logic. Types catch integration errors at compile time. Error classification prevents silent failures in production.
4. Update every webhook URL before cutover: External services sending webhooks to your Bubble URL will silently fail after migration unless you update every webhook configuration. The webhook audit is as critical as the data migration.
5. Prioritize by criticality: Payment and auth integrations first, communication second, analytics last. Each integration gets end-to-end testing before the next one starts. This ordering minimizes the blast radius of integration bugs.

API integrations are the connective tissue between your app and the services it depends on. Document every connection, rebuild each one with proper error handling, and test every endpoint before your users encounter it in production.