Navigation

Introduction to MongoDB Realm for Web Developers

Modern web applications are more powerful than ever before, and the data-driven approach popularized by frontend libraries like React and Angular has empowered developers to create web apps that approach the look and feel of native applications. However, as the prevalence and usage of web applications grow, so do the demands of maintaining and delivering the data that drives them.

In addition to frontend applications, developers typically must build secure application servers that implement features like user authentication, data validation, and business logic. These servers always need an API so that they can communicate with browsers, so developers need to create HTTP routes that respond to incoming requests. You can solve each of these problems in isolation with a wide variety of libraries and frameworks, but deciding which solution solves each problem with the right tradeoffs for your use case can be a daunting challenge.

MongoDB Realm is a serverless application backend that streamlines these common challenges with configurable functions and services that integrate Realm’s data access and security rules. This allows you to shift your focus from implementing boilerplate backend components to writing the code that makes your app unique.

User Authentication and Management

Secure user authentication is essential for most apps. User-driven applications need to know the identity of each user in order to securely store their data and make it available across sessions and devices. Some apps authenticate users with traditional email/password combinations, and others may use API keys or external services like Facebook, Google, and Sign in with Apple. These methods can be complex to implement and generally require developers to implement boilerplate server-side logic and cryptographic code for every application.

MongoDB Realm provides built-in user management and authentication methods that encapsulate this complexity and make it easy to integrate third-party authentication providers like social media platforms and enterprise identity management systems. You can enable authentication providers with a simple server-side configuration and immediately log in from any client application using the Realm SDK.

To learn more about authentication in MongoDB Realm, see Users & Authentication.

Schema Validation and Data Access Rules

Modern applications require data to be available using consistent types and formats to guarantee that all of the application’s components can read and manipulate it. It’s also important to ensure that any given piece of data is only accessible or modifiable by an authorized user, such as an administrator or the user that the data describes.

MongoDB Realm automatically validates data against a Realm schema that you define using the JSON schema standard. A Realm schema serves as the source of truth definition of a data type in your application and Realm uses it to map data in a MongoDB Atlas collection to data in your web app.

Realm secures data with role-based data access and manipulation rules that you configure for all data that your application uses. These dynamically determine each user’s access to every document for every request, which means that a user can only ever insert, read, or modify data if both they and the document meet pre-defined conditions.

To learn more about defining a schema and access rules for your data, see collection rules.

Event-Driven Serverless Functions

Many applications require that some business logic runs on the app server instead of in the browser. Usually this logic deals with sensitive user data or coordinates data from multiple external services. Apps might also need to respond automatically in real time when something happens in the app or in an external service.

MongoDB Realm allows you to define serverless JavaScript functions that you can call from client applications or automatically execute in response to trigger events, such as an update to a document in MongoDB or at a scheduled time. You can also write webhooks that execute a function in response to external applications and services.

To learn more about defining and using serverless functions, see Functions and Triggers.

Secure Client-Side Queries

Modern web applications rely on data. Developers must be able to access the data that they need quickly and efficiently in the proper shape. However, web browsers are insecure clients, so web applications typically store data on a remote server and use a client-side API to access the data in order to prevent unauthorized access. To do this, developers must implement an entire API that provides access to objects in the database and includes a secure authentication layer.

MongoDB Realm automatically generates a GraphQL API and the Realm Web SDK includes a secure MongoDB client that uses standard MongoDB query language to access and modify documents in Atlas. You can use either or both of these APIs to declaratively work with your application’s data.

Realm secures data with server-side rules that dynamically return and withhold data depending on the user that issued a query. Rules consist of one or more user roles for each collection. A role determines whether a given user has permission to insert or modify a document as well as if they can read or write specific fields in the document. Realm dynamically determines a role for each document in every request and enforces the role’s permissions for its corresponding document. This ensures that users only read and modify documents for which they have permission.

GraphQL for MongoDB

GraphQL is a standard, open-source API architecture that is an alternative to REST or other HTTP APIs. It features a declarative query language that empowers developers to access exactly the data they need and to make network requests for data more efficient.

GraphQL has a couple of primary benefits for web developers:

  • Minimize Bandwidth: GraphQL queries specify the exact fields to return, which allows you to avoid over-fetching as you might from a static resource endpoint. You can specify the exact shape of the data your app needs and the GraphQL API returns exactly that data, no more and no less.
  • Minimize Roundtrips: A single GraphQL endpoint handles all requests, which differs from other HTTP API architectures like REST, which assigns every resource to a separate URL. This means you can group all of your GraphQL queries into a single request instead of sending a separate request to every resource endpoint.

MongoDB Realm automatically generates a GraphQL API for your application based on the data model that you define. The API includes a set of CRUD queries and mutations that you can access through any standard GraphQL client or directly over HTTP. If you need more than just the generated queries, you can define custom resolvers backed by functions and call them alongside your CRUD resolvers.

To learn more about the Realm GraphQL API, see GraphQL.

Client-Side MongoDB Queries

Traditionally developers need to execute database queries on the server and wrap them behind another API layer, such as REST. This adds an additional layer of indirection and lacks the flexibility of directly querying a database.

MongoDB Realm includes a built-in MongoDB service that allows you to use the MongoDB query language, a powerful, idiomatic API that naturally fits the MongoDB document model, anywhere in your application. You can query MongoDB Atlas as if you were using a database driver and Realm will enforce data access rules for all requests.

To learn more about the built-in MongoDB service, see MongoDB Atlas.

Get Started with MongoDB Realm

You can ship your first web app built with MongoDB Realm in just minutes.

To get started, follow along with the Task Tracker application tutorial or jump right in and create a MongoDB Realm application.

You can also refer to the Web SDK documentation for TypeScript and JavaScript.

Summary

  • MongoDB Realm is a serverless application platform that takes care of the details of deployment and scaling for you. You can customize your Realm app with custom logic via functions and triggers, custom permissions via rules, and authentication via third-party SSO.