Find leaked keys before your clients do.
Scan your Bubble app's public bundle for exposed API keys. No installs. No signups to start.
15,182 apps scanned
1,742 keys found
Your scan result
Enter your app URL above to start scanning
Used by agencies who'd rather not explain a breach to clients.
How it works
You enter a Bubble URL or App ID.
WTF scans the generated app bundle for exposed keys.
See what's leaking.
Top found keys
view all- 1. SlackWebhook (749)
- 2. OpenAI (133)
- 3. Slack (64)
- 4. Stripe (57)
- 5. Box (54)
- 6. HubSpotApiKey (53)
- 7. Shopify (49)
- 8. Apify (44)
- 9. Atera (27)
- 10. SendGrid (26)
Based on more than 41285 scans.
FAQ
Will this affect my app or performance?
No. Read-only, public bundle scan.
Is this allowed by Bubble?
We only access public assets your app serves.
False positives?
Rare, but possible. We show context and how to confirm.