MongoDB Stitch - Saving developers from chores

Dj Walker-Morgan


MongoDB Stitch can save developers' time by letting you build on a solid cloud foundation of application-centric services. We'll explain, practically, how it can work for you in this article and relieve you of the chores of coding a world-class app.

As a developer, you know you don't want to burn up precious time doing what are basically chores. They may be complex chores when implemented properly, but they are chores nevertheless. Chores take up valuable development time. In this article, we'll show how MongoDB Stitch can save you from these chores and speed up your development.

Take something as apparently simple as user authentication. It can take minutes to throw together something that uses a bit of basic HTTP authentication to handle logins backed with a database. Then you may put together a registration page that helps the user create an id with a password and save that identity to the user database.

Then you have to remember people need to activate accounts and passwords to avoid spammers so you have to do the activation process and track that. And then you also need password recovery for when people forget their passwords. At the end of that, you have a very basic user management system that wasn't easy to set up.

Or you could just pull a package from whatever is the favored package repository of your language and then sit down and customize that.

Then marketing might ask for Facebook login support and another team wants JWT support and… well, apart from wishing the task had been better specced, you may wonder if there's a better way. And you haven't even started coding the application yet.

All about the users

All about the users

Let's introduce MongoDB Stitch at this point. Stitch is an application platform that can run alongside MongoDB Atlas. Now, one of the facilities Stitch offers is user management; it already has the chores done for you and all put together so that there is one implementation of a user that you have to work with at the application level. Just configure the authentication providers - email, Google, Facebook - that you want and the user management will be handled for you.

Even configuring the providers is simple. Take the email/password authentication provider. Rather than you working out which mail server you have available and crafting those activations and reset emails, MongoDB Stitch handles it all by performing the actual email sending for you. All you have to do is plug in some Stitch code into your application. Stitch will even generate that code in its UI for you ready to cut and paste.

Now, I know that you are likely wondering why this is better than some random mostly-ready-rolled package out there. Well, I could talk about how all of these users are managed in the MongoDB Stitch UI, complete with full logging of what they are doing, but that's only a part of what's important. The big picture is the users that are being created and authenticated with Stitch are Stitch users for that application. That, in turn, means that you can use Stitch's services with these Stitch-managed users.

All about the data

All about the data

At the top of the services list is database access through what MongoDB Stitch calls "QueryAnywhere." Here's where we get to another chore: restricting database access. Now, unless you are writing an admin tool, you should never be exposing your database on the wider internet, even if you have password protection. You should handle database access through your application, where you would write endpoints that represent queries. Then you can write code to handle those endpoints and who can do what, with what data. It's another chore before you get on with writing your app.

Or you do your database access with Stitch, where your applications use the MongoDB Query Language and they just make queries. Query Anywhere is a super-proxy service designed for applications. It lets you create rules for your database access based on a user's id and, if you want, a list of users granted access to some of that user's data or create some other role.

Query Anywhere is built around the user ids from the authentication service and handles all the requests. Also, added bonus, it logs operations against the user id so you can see exactly what they've been doing. And you get all that out of the box once you've selected a database and collection to make accessible.

All about the functions

Not all changes to your data come from a user's actions in the application's front end. For that, there's a whole MongoDB Stitch service called Functions. At its simplest, it allows a JavaScript function to be run on Stitch, on-demand. It's similar to a service like AWS Lambda but more integrated with your databases. When running, a function can connect, query and modify databases and call other functions and services. Because Functions are serverless they can scale to any demand so you don't need to worry about having server capacity for when your app hits the big time. Functions are powerful, but it's what they enable in Stitch that makes them really awesome...

All about functions and triggers

All about the triggers

Your data isn't static and discovering changes in it with your application can be a time-consuming business. MongoDB has change streams that can feed your code a steady flow of the changes going on in your collection, database or cluster. You do have the chore of writing the code to create and manage those streams, though. MongoDB Stitch, on the other hand, can take care of change streams for you by letting you create Triggers where all the configuration and management is handled.

Say you want to automatically call a function when someone inserts a new document. Just create the Trigger on the collection, mark it to fire on an insert and link it to a function, and you're done.

There are also authentication triggers that can be fired when a user is created, logs in or gets deleted. So if your application needs to, for example, refresh some documents at login, just create a login authentication trigger and associate it with a function that does the refreshing.

All about the services

There's one other source of triggering in MongoDB Stitch and that's the Services feature which contains integration points for Twilio, GitHub, and AWS. Twilio can trigger functions when SMS messages are received or send SMS messages on request. GitHub can respond to incoming changes and trigger functions so you can leverage the version control platform as an active source of data.

The AWS integration doesn't trigger functions but lets any function have controlled access to twenty-one AWS APIs and their methods including the Simple Email Service (SES) for email, the Simple Queueing Service (SQS) for messaging, S3 for storage, AI services such as Machine Learning and Rekognition and many more. It's quite literally a gateway to all the power you can extract from Amazon's cloud services. And if that's not enough, there's an HTTP service too that can turn incoming webhooks into triggers and manage your applications' outgoing HTTP requests, so you can integrate with pretty much any web-based service.

All about Stitch

The big thing here is that all of these services can save time in development by letting you breeze through the issue of deployment. In the process, your application gets full logging of user interactions, a complete role-based user management system, deep integration with services and, most importantly, MongoDB letting you model and access your data the way you want it.

Best of all, for a developer who appreciates creative freedom, you can use as much or as few of those facilities as you want. That means you can use MongoDB Stitch and MongoDB Atlas the way you want to minimize chores and make your development and delivery faster.

Please note: This article previously discussed MongoDB Mobile/Sync. Those products are currently being deprecated as we work towards a public beta of MongoDB Realm. To learn more about this, see the MongoDB Realm site.