Limited Time Offer: Watch All Our Bubble Tutorial Videos for Only $99 per Year!

Building a no-code CRM? How to save $15,000

Did you know that if you're planning to use the Gmail API in you may be subject to a security audit costing more than $15,000! Source: OAuth API Verification FAQs

Introduction: Building a CRM with Bubble and Gmail API

If you're building a CRM with Bubble then this video is for you because I just want to talk about something that I posted on the Bubble forum back in January 2021 and that is about the Gmail API restrictive content and Google security audit and the huge costs involved.

Gmail API: Security Requirements and Costs

In a nutshell, if you are wanting to access a Gmail user's inbox then you have to jump through a load of hoops to confirm that you're using that data in a secure and a proper way. And as a consumer, I mean that's quite a relief is that if I sign in through, you know, login with Google and someone accesses my Gmail inbox, Gmail, Google is being protective of that data.

But effectively what that means is that if you're planning on using the Gmail API and you basically want to build something that is an external application, not just for internal use in your business, then you could be faced with $15,000 or more fee in order to conduct security audit.

Challenges with Gmail API and Bubble

I've had a quick look through the Bubble forum this morning and it's a bit of a gray area because how much of a security audit could an external security company conduct on your Bubble app because you then have access to the AWS elements. You know, it's a bit of a mystery box. Well, it's not a mystery box. You know what I mean, going on with Bubble. How much can you actually comply with an auditor when auditing your app?

And so there's a bit of a discussion going on and you know, every few months I get a message about this saying, did I come up with a solution?

Alternative Solution: HelpScout and Postmark

And I think that the one that I'd recommend is that you go down the route of a service like HelpScout. So HelpScout is a help desk SaaS application. They're very good. I've used them in the past. And they let you send and receive email through an inbox in their application. Now they don't use a, at least last time I checked, they don't use the Gmail API because they use a service, I think again last time I checked, they used Postmark. And Postmark is a transactional and now marketing email API and allows you to send and receive emails.

So by using an API service like Postmark, you can build your own inbox in your Bubble app for your users and then the emails aren't actually going into a Gmail or Google Workspace inbox at all. They're all handled through your app and you can set up domain verification so that the outbound emails, they're legit, they come under the authority and the identity of your users. You can do all of that through the API inbound, outbound and, I mean where is it here, let me just, and you know, domains. You can do it all through the Postmark API.

And last time I did a little bit of digging into this, this is exactly how services like HelpScout work. And in fact, in my experience looking through different CRMs, if they don't offer a Gmail integration, then it probably is a solution like this with Postmark that they're using in order to send and receive emails.

Considerations when Building your Own Inbox

Now a few caveats on this. One is that if you are making your own inbox that's not going through Gmail, then your users are not actually getting the messages, they're not having the messages themselves. The messages are only going to be found on your Bubble application. So you might want to consider how easily or if at all you can export those messages so that if a user leaves your service, they're not having to leave and no longer have access to any of the email inbound or outbound that they created or received while they were using your app. So that's just something to consider.

If you've got any thoughts on this topic, please do leave a comment down below.

Google's OAuth API Verification

Now just point out what I was referring to. This is the page on Google about OAuth API verification and it's been updated more recently than when I last checked it. And I can't find the mention of this $15,000 fee, but what I could find is that it's conducted by an external auditor and that there are costs involved and maybe they're deliberately obscuring the costs even more now. So unless you've got deep pockets, I think you're going to struggle to use the Gmail API with a Bubble app.

Conclusion: Choosing Postmark over Gmail API

And so the alternative I'd recommend is to use Postmark and basically set up your own inbound, outbound inbox email service.

Latest videos