Summary
Bring your own MongoDB. Get a production-ready backend in 60 seconds. your backend β your database β your rules.
Dashboard Β· Docs Β· Quick Start Β· Discord
urBackend is an Open-Source BaaS built to eliminate the complexity of backend management. It provides everything you need to power your next big ideaβaccessible via a unified REST API.
π’ Powerful Features
Instant NoSQL
Create collections and push JSON data instantly with zero boilerplate.
Managed Auth
Sign Up, Login, and Profile management with JWT built-in.
Cloud Storage
Managed file/image uploads with public CDN links.
BYO Database
Connect your own MongoDB Atlas or self-hosted instance.
Real-time Analytics
Monitor traffic and resource usage from a premium dashboard.
Secure Architecture
Dual-key separation (pk_live & sk_live) for total safety.
π Quick Start
Go from zero to a live backend in under 60 seconds.
Initialize: Create a project on the Dashboard.
Model: Visually define your collections and schemas.
Execute: Push and pull data immediately using your API key.
π Key Behavior: pk_live vs sk_live
pk_live vs sk_liveUnderstanding which key to useβand whenβprevents the most common integration mistakes.
Read any collection
pk_live
Not required
β Allowed
Write to a collection (RLS disabled)
pk_live
Any
β 403 Blocked
Write to a collection (RLS disabled)
sk_live
Not required
β Allowed
Write to a collection (RLS enabled, no token)
pk_live
Missing
β 401 Unauthorized
Write to a collection (RLS enabled, wrong owner)
pk_live
Token with different userId
β 403 Owner mismatch
Write to a collection (RLS enabled, correct owner)
pk_live
Token with matching userId
β Allowed
Write to a collection (RLS enabled, no ownerField)
pk_live
Valid token
β Allowed (userId auto-injected)
Access /api/data/users*
Any
Any
β 403 Blocked β use /api/userAuth/*
Rule of thumb:
pk_liveis for frontend reads. Usesk_livefor server-side writes, or enable collection RLS to allow authenticated users to write their own data withpk_live.
π‘οΈ Row-Level Security (RLS)
RLS lets you safely allow frontend clients to write data without exposing your secret key. When enabled on a collection, pk_live writes are gated by user ownership.
How it works:
Enable RLS for a collection in the Dashboard (mode:
owner-write-only).Choose the owner field β the document field that stores the authenticated user's ID (e.g.,
userId).The client must send a valid user JWT in the
Authorization: Bearer <token>header.urBackend enforces that the JWT's
userIdmatches the document's owner field.
Example β user creates a post:
Common failure cases:
403 Write blocked for publishable key
RLS is not enabled on the collection
Enable RLS in Dashboard, or use sk_live
401 Authentication required
No Authorization header provided
Add Authorization: Bearer <user_jwt>
403 RLS owner mismatch
Token's userId β document's owner field
Make sure the user is writing their own data
403 Insert denied (ownerField _id)
_id is not a valid owner field for inserts
Change ownerField to userId or similar
403 Owner field immutable
Trying to change the owner field on update
Remove the owner field from the PATCH/PUT body
π€ User Authentication
User accounts are managed through /api/userAuth/* endpoints β not through the data API. Direct access to /api/data/users* is blocked for security.
Both endpoints require your pk_live key in x-api-key. See the full auth docs for more.
ποΈ How it Works
ποΈ Architecture
Explore our Architecture Diagram to understand the system design, core components, and data flow in detail.
π Self-Hosting
Want to run your own instance? Follow the step-by-step guide to deploy urBackend to Render (backend) and Vercel (frontend) using free-tier services β no Docker required.
π DEPLOYMENT.md
π€ Community
Join hundreds of developers building faster without the backend headaches.
GitHub Issues: Report bugs & request features.
Discord Channel: Join the conversation.
Contributing: Help us grow the ecosystem.
Contributors
Built with β€οΈ by the urBackend community.
Last updated