Best way to secure MongoDB and Realm


I have a couple of questions regarding best practice in security for our new application - which we are looking to build using .net (Xamarin/MAUI) and using MongoDB / Realm as our backend.

We are planning on having an Atlas cluster alongside a Realm. We would ideally like to have the Atlas cluster blocked to all but a select handful of IP addresses.

In terms of the Realm we would like potentially upto 3 collections to be used with this, one of which would be partitioned with a user ID so we can only sync down applicable records to our local device. If the partition key changes I assume this clears out that data out of the Realm? The other 2 collections would not require any kind of partition key and would be syncing all data from the MongoDB collections to speed the app up / allow us to not worry about going offline.

When a user signs into our Xamarin app we would like this to trigger the signing in to Realm and pulling down data. I have looked into the custom JWT process for authentication as I believe this is more suited to our needs - our initial POC was done using the Anonymous User process.

I’m really looking to confirm that this process is something that doesn’t leave anything open and there aren’t any gotchas that I’m missing.