To-do App: Create a Stitch Backend

Deployment Type:

Author: Stitch Documentation Team

When completed, you will have built a Stitch backend app that handles the basic requirements of a To-do app.

Time required: 15 minutes

What You’ll Need

There are no prerequisites for this guide.


A. Create a MongoDB Stitch App

Estimated Time to Complete: ~8 minutes


Log into Atlas.

To use MongoDB Stitch, you must be logged into MongoDB Atlas. If you do not have an Atlas account, follow the instructions in the Atlas documentation to create an account.


Create an Atlas cluster.

If you do not already have an Atlas cluster for use with MongoDB Stitch, create a cluster.

Atlas provides a Free Tier M0 replica set as well as paid M10+ clusters. Free Tier deployments have restrictions as compared to paid M10+ deployments but will work for the purposes of this tutorial. For complete documentation on these restrictions, see Atlas M0 (Free Tier), M2, and M5 Limitations.


Add a MongoDB Stitch application.

  1. In Atlas, click Stitch Apps in the left-hand navigation.
  2. Click the Create New Application button.
  3. Under Application Name, enter a name for your application. The name can only contain ASCII letters, numbers, underscores, and hyphens.
  4. Under Link To Cluster, select the MongoDB Atlas cluster that you’d like to use for your application.
  5. Click Create.

After you click Create, a new Stitch application will be created for you. The application will include a MongoDB service named mongodb-atlas that is linked to your cluster. This process may take several minutes.

Once your application has been created, you will be automatically redirected to the Stitch application console.

B. Define a Rule and Create a Filter

Estimated Time to Complete: ~6 minutes

MongoDB Stitch rules specify the read and write access for the fields in your collections. Filters reduce the number of documents returned in a query.


Create a namespace for the todo.items collection

  1. In the left navigation pane, under MongoDB Clusters, click Rules.

  2. Next to your Atlas service name (typically mongodb-atlas), click the ellipses button ( ellipsis h icon ) and choose Add Database/Collection:

    Add new collection rules.
  3. In the Add New Collection screen, provide the following values:

    Property Value
    Database Name todo
    Collection Name items
    Select a Template Users can only read and write their own data
    Field Name For User ID owner_id

    Stitch creates a new rule (a combination of a role and permissions) based on the template. This rule allows an authenticated user to only read and write their own documents and to insert new documents.

  4. Click Add Collection.

MongoDB Authorization

MongoDB Stitch rules do not override the read and write access (i.e. authorization) that may have been set up separately in MongoDB. That is, MongoDB Stitch rules determine whether the fields are readable or writable; not whether the client has authorization to read or write to a particular database or collection.

Similarly, MongoDB Stitch validation rules do not override document validation rules set up separately in MongoDB.

To view the rule associated with the template, expand todo, and then click on items. Click on the edit button ( pencil icon ) to open the role editor.

By default, the collection has the following Apply When rule:

  "owner_id": ""

With this rule, read and write operations can access all fields in a document if the document contains an owner_id field whose value equals the user ID ( of the client issuing the read. If the owner_id field in the document does not equal the client user id, the document is not readable.


Add a Filter for todo.items.

Filters improve performance by filtering the results returned from a MongoDB call. To add a filter, click on the Filters tab.

To create a query filter, click the Filters tab, and then click the New Filter button, and then provide the following values for the new filter:

Field Value
Apply When { "%%true": true }
Query Filter { "owner_id": "" }

This filter indicates that when %%true equals true (i.e. always), return only the documents where the owner_id field matches the

Click the Save button to save your changes.


Adding this filter is optional, because it duplicates the logic in the rules that were added with the template we chose. However, in a large-scale application, this filter improves performance significantly.

For more information on MongoDB rules, see the query filters section of the MongoDB service overview.

C. Set Up Authentication

Estimated Time to Complete: ~1 minute

To get started, we’ll use only anonymous authentication. This allows a user to load your app and try it out, but as soon as they are done using the app, they will no longer be able to access their to-do list. We will add additional authentication providers – and the ability to link accounts – later.

To enable Anonymous Authentication:

  1. In the left-hand navigation, under control, select Users.
  2. Select the Providers tab.
  3. In the authentication provider list, click the row that is labeled Allow users to log on anonymously.
  4. Click the Disabled slider so that it turns green and changes to Enabled.
  5. Click Save.

D. Deploy Your Application

Estimated Time to Complete: ~1 minute

Stitch saves changes that you make in a draft state that is not immediately available to client applications. To give client applications access, you must deploy your draft changes. To deploy changes, click Review & Deploy Changes in the banner at the top of the Stitch UI and then click Deploy.


Congratulations! You have set up and deployed the Stitch backend app and are now ready to build a client application.

What’s Next

Now it’s time to build one or more client To-do applications. Follow this tutorial to build the client of your choice.