Find leaked keys before your clients do.

Scan your Bubble app's public bundle for exposed API keys. No installs. No signups to start.

15,182 apps scanned

1,742 keys found

Your scan result

Enter your app URL above to start scanning

Used by agencies who'd rather not explain a breach to clients.

How it works

1.

You enter a Bubble URL or App ID.

2.

WTF scans the generated app bundle for exposed keys.

3.

See what's leaking.

Top found keys

view all
  1. 1. SlackWebhook (749)
  2. 2. OpenAI (133)
  3. 3. Slack (64)
  4. 4. Stripe (57)
  5. 5. Box (54)
  6. 6. HubSpotApiKey (53)
  7. 7. Shopify (49)
  8. 8. Apify (44)
  9. 9. Atera (27)
  10. 10. SendGrid (26)

Based on more than 41285 scans.

FAQ

Will this affect my app or performance?

No. Read-only, public bundle scan.

Is this allowed by Bubble?

We only access public assets your app serves.

False positives?

Rare, but possible. We show context and how to confirm.