bubbleio.wtf

Find leaked keys before your clients do.

Scan your Bubble app's public bundle for exposed API keys. No installs. No signups to start.

15,182 apps scanned

1,738 keys found

Your scan result

Enter your app URL above to start scanning

Used by agencies who'd rather not explain a breach to clients.

How it works

1.

You enter a Bubble URL or App ID.

2.

WTF scans the generated app bundle for exposed keys.

3.

See what's leaking.

Top found keys

view all
  1. 1. SlackWebhook 746
  2. 2. OpenAI 133
  3. 3. Slack 64
  4. 4. Stripe 57
  5. 5. Box 54
  6. 6. HubSpotApiKey 53
  7. 7. Shopify 49
  8. 8. Apify 44
  9. 9. Atera 27
  10. 10. SendGrid 26

Based on more than 14537 scans.

FAQ

Will this affect my app or performance?

No. Read-only, public bundle scan.

Is this allowed by Bubble?

We only access public assets your app serves.

False positives?

Rare, but possible. We show context and how to confirm.