Create a REST API with Cloudflare Worker, MongoDB Atlas, and Realm

#Introduction

Cloudflare Workers provides a serverless execution environment that allows you to create entirely new applications or augment existing ones without configuring or maintaining infrastructure.

MongoDB Atlas allows you to create, manage, and monitor MongoDB clusters in the cloud provider of your choice (AWS, GCP, or Azure) while MongoDB Realm Application can provide a layer of authentication and define access rules to the collections.

In this blog post, we will combine all these technologies together and create a REST API with a Cloudflare worker using the MongoDB Realm Web SDK and a MongoDB Atlas cluster to store the data.

#TL;DR!

The worker is in this GitHub repository. The README will get you up and running in no time, if you know what you are doing. Otherwise, I suggest you follow this step-by-step blog post. ;-)

1 $ git clone git@github.com:mongodb-developer/cloudflare-worker-rest-api-realm-atlas.git

#Prerequisistes

NO credit card! You can run this entire tutorial for free!
Git and cURL.
MongoDB Cloud account.
MongoDB Atlas Cluster (a free M0 cluster is fine).
Cloudflare account (free plan is fine) with a *.workers.dev subdomain for the workers. Follow steps 1 to 3 from this documentation to get everything you need.

We will create the Realm application together in the next section. This will provide you the Realm AppID and API key that we need.

To deploy our Cloudflare worker, we will need:

The Realm application ID (top left corner in your Realm app—see next section).
The Cloudflare account login/password.
The Cloudflare account ID (in Workers tab > Overview).

To test (or interact with) the REST API, we need:

The Realm authentication API key (more about that below, but it's in Authentication tab > API Keys).
The Cloudflare *.workers.dev subdomain (in Workers tab > Overview).

It was created during this step of your set-up:

#Create and Configure the Realm Application

To begin with, head to your MongoDB Atlas main page where you can see your cluster and access the Realm tab at the top.

Create an empty Realm application (no template) as close as possible to your MongoDB Atlas cluster to avoid latency between your cluster and Realm app. My Realm app is "local" in Ireland (eu-west-1) in my case.

Now that our Realm app is created, we need to set up two things: authentication via API keys and collection rules. Before that, note that you can retrieve your Realm app ID in the top left corner of your new application.

#Authentication Via API Keys

Head to Authentication > API Keys.

Activate the provider and save the draft.

We need to create an API key, but we can only do so if the provider is already deployed. Click on review and deploy.

Now you can create an API key and save it somewhere! It will only be displayed once. If you lose it, discard this one and create a new one.

We only have a single user in our application as we only created a single API key. Note that this tutorial would work with any other authentication method if you update the authentication code accordingly in the worker.

#Collection Rules

By default, your Realm application cannot access any collection from your MongoDB Cluster. To define how users can interact with the data, you must define roles and permissions.

In our case, we want to create a basic REST API where each user can read and write their own data in a single collection todos in the cloudflare database.

Head to the Rules tab and let's create this new cloudflare.todos collection.

Each document will belong to a unique user defined by the owner field. This field will contain the user ID that you can see in the App Users tab.

You can now click one more time on Review Draft and Deploy. Our Realm application is now ready to use.

#Set Up and Deploy the Cloudflare Worker

The Cloudflare worker is available in GitHub repository. Let's clone the repository.

1 $ git clone git@github.com:mongodb-developer/cloudflare-worker-rest-api-realm-atlas.git
2 $ cd cloudflare-worker-rest-api-realm-atlas
3 $ npm install

Now that we have the worker template, we just need to change the configuration to deploy it on your Cloudflare account.

Edit the file wrangler.toml:

Replace CLOUDFLARE_ACCOUNT_ID with your real Cloudflare account ID.
Replace MONGODB_REALM_APPID with your real MongoDB Realm app ID.

You can now deploy your worker to your Cloudflare account using Wrangler:

1 $ npm i @cloudflare/wrangler -g
2 $ wrangler login
3 $ wrangler publish

Head to your Cloudflare account. You should now see your new worker in the Workers tab > Overview.

#Check Out the REST API Code

Before we test the API, please take a moment to read the code of the REST API we just deployed, which is in the src/index.ts file:

1 import * as Realm from 'realm-web';
2 import * as utils from './utils';
3 
4 // The Worker's environment bindings. See `wrangler.toml` file.
5 interface Bindings {
6     // MongoDB Realm Application ID
7     REALM_APPID: string;
8 }
9 
10 // Define type alias; available via `realm-web`
11 type Document = globalThis.Realm.Services.MongoDB.Document;
12 
13 // Declare the interface for a "todos" document
14 interface Todo extends Document {
15     owner: string;
16     done: boolean;
17     todo: string;
18 }
19 
20 let App: Realm.App;
21 const ObjectId = Realm.BSON.ObjectID;
22 
23 // Define the Worker logic
24 const worker: ExportedHandler<Bindings> = {
25     async fetch(req, env) {
26         const url = new URL(req.url);
27         App = App || new Realm.App(env.REALM_APPID);
28 
29         const method = req.method;
30         const path = url.pathname.replace(/[/]$/, '');
31         const todoID = url.searchParams.get('id') || '';
32 
33         if (path !== '/api/todos') {
34             return utils.toError(`Unknown "${path}" URL; try "/api/todos" instead.`, 404);
35         }
36 
37         const token = req.headers.get('authorization');
38         if (!token) return utils.toError('Missing "authorization" header; try to add the header "authorization: REALM_API_KEY".', 401);
39 
40         try {
41             const credentials = Realm.Credentials.apiKey(token);
42             // Attempt to authenticate
43             var user = await App.logIn(credentials);
44             var client = user.mongoClient('mongodb-atlas');
45         } catch (err) {
46             return utils.toError('Error with authentication.', 500);
47         }
48 
49         // Grab a reference to the "cloudflare.todos" collection
50         const collection = client.db('cloudflare').collection<Todo>('todos');
51 
52         try {
53             if (method === 'GET') {
54                 if (todoID) {
55                     // GET /api/todos?id=XXX
56                     return utils.reply(
57                         await collection.findOne({
58                             _id: new ObjectId(todoID)
59                         })
60                     );
61                 }
62 
63                 // GET /api/todos
64                 return utils.reply(
65                     await collection.find()
66                 );
67             }
68 
69             // POST /api/todos
70             if (method === 'POST') {
71                 const {todo} = await req.json();
72                 return utils.reply(
73                     await collection.insertOne({
74                         owner: user.id,
75                         done: false,
76                         todo: todo,
77                     })
78                 );
79             }
80 
81             // PATCH /api/todos?id=XXX&done=true
82             if (method === 'PATCH') {
83                 return utils.reply(
84                     await collection.updateOne({
85                         _id: new ObjectId(todoID)
86                     }, {
87                         $set: {
88                             done: url.searchParams.get('done') === 'true'
89                         }
90                     })
91                 );
92             }
93 
94             // DELETE /api/todos?id=XXX
95             if (method === 'DELETE') {
96                 return utils.reply(
97                     await collection.deleteOne({
98                         _id: new ObjectId(todoID)
99                     })
100                 );
101             }
102 
103             // unknown method
104             return utils.toError('Method not allowed.', 405);
105         } catch (err) {
106             const msg = (err as Error).message || 'Error with query.';
107             return utils.toError(msg, 500);
108         }
109     }
110 }
111 
112 // Export for discoverability
113 export default worker;

#Test the REST API

Now that you are a bit more familiar with this REST API, let's test it!

Note that we decided to pass the values as parameters and the authorization API key as a header like this:

1 authorization: API_KEY_GOES_HERE

You can use Postman or anything you want to test your REST API, but to make it easy, I made some bash script in the api_tests folder.

In order to make them work, we need to edit the file api_tests/variables.sh and provide them with:

The Cloudflare worker URL: Replace YOUR_SUBDOMAIN, so the final worker URL matches yours.
The MongoDB Realm app API key: Replace YOUR_REALM_AUTH_API_KEY with your Realm auth API key.

Finally, we can execute all the scripts like this, for example:

1 $ cd api_tests
2 
$ ./post.sh "Write a good README.md for Github"
3 {
4   "insertedId": "618615d879c8ad6d1129977d"
5 }
6 
$ ./post.sh "Commit and push"
7 {
8   "insertedId": "618615e479c8ad6d11299e12"
9 }
10 
$ ./findAll.sh 
11 [
12   {
13     "_id": "618615d879c8ad6d1129977d",
14     "owner": "6186154c79c8ad6d11294f60",
15     "done": false,
16     "todo": "Write a good README.md for Github"
17   },
18   {
19     "_id": "618615e479c8ad6d11299e12",
20     "owner": "6186154c79c8ad6d11294f60",
21     "done": false,
22     "todo": "Commit and push"
23   }
24 ]
25 
$ ./findOne.sh 618615d879c8ad6d1129977d
26 {
27   "_id": "618615d879c8ad6d1129977d",
28   "owner": "6186154c79c8ad6d11294f60",
29   "done": false,
30   "todo": "Write a good README.md for Github"
31 }
32 
$ ./patch.sh 618615d879c8ad6d1129977d true
33 {
34   "matchedCount": 1,
35   "modifiedCount": 1
36 }
37 
$ ./findAll.sh 
38 [
39   {
40     "_id": "618615d879c8ad6d1129977d",
41     "owner": "6186154c79c8ad6d11294f60",
42     "done": true,
43     "todo": "Write a good README.md for Github"
44   },
45   {
46     "_id": "618615e479c8ad6d11299e12",
47     "owner": "6186154c79c8ad6d11294f60",
48     "done": false,
49     "todo": "Commit and push"
50   }
51 ]
52 
$ ./deleteOne.sh 618615d879c8ad6d1129977d
53 {
54   "deletedCount": 1
55 }
56 
$ ./findAll.sh 
57 [
58   {
59     "_id": "618615e479c8ad6d11299e12",
60     "owner": "6186154c79c8ad6d11294f60",
61     "done": false,
62     "todo": "Commit and push"
63   }
64 ]

As you can see, the REST API works like a charm!

#Wrap Up

Cloudflare offers a Workers KV product that can make for a quick combination with Workers, but it's still a simple key-value datastore and most applications will outgrow it. By contrast, MongoDB is a powerful, full-featured database that unlocks the ability to store, query, and index your data without compromising the security or scalability of your application.

As demonstrated in this blog post, it is possible to take full advantage of both technologies. As a result, we built a powerful and secure serverless REST API that will scale very well.

If you have questions, please head to our developer community website where the MongoDB engineers and the MongoDB community will help you build your next big idea with MongoDB. If your question is related to Cloudflare, I encourage you to join their active Discord community.

Rate this article

1	$ git clone git@github.com:mongodb-developer/cloudflare-worker-rest-api-realm-atlas.git
2	$ cd cloudflare-worker-rest-api-realm-atlas
3	$ npm install

1	$ npm i @cloudflare/wrangler -g
2	$ wrangler login
3	$ wrangler publish

1	import * as Realm from 'realm-web';
2	import * as utils from './utils';
3
4	// The Worker's environment bindings. See `wrangler.toml` file.
5	interface Bindings {
6	// MongoDB Realm Application ID
7	REALM_APPID: string;
8	}
9
10	// Define type alias; available via `realm-web`
11	type Document = globalThis.Realm.Services.MongoDB.Document;
12
13	// Declare the interface for a "todos" document
14	interface Todo extends Document {
15	owner: string;
16	done: boolean;
17	todo: string;
18	}
19
20	let App: Realm.App;
21	const ObjectId = Realm.BSON.ObjectID;
22
23	// Define the Worker logic
24	const worker: ExportedHandler<Bindings> = {
25	async fetch(req, env) {
26	const url = new URL(req.url);
27	App = App \|\| new Realm.App(env.REALM_APPID);
28
29	const method = req.method;
30	const path = url.pathname.replace(/[/]$/, '');
31	const todoID = url.searchParams.get('id') \|\| '';
32
33	if (path !== '/api/todos') {
34	return utils.toError(`Unknown "${path}" URL; try "/api/todos" instead.`, 404);
35	}
36
37	const token = req.headers.get('authorization');
38	if (!token) return utils.toError('Missing "authorization" header; try to add the header "authorization: REALM_API_KEY".', 401);
39
40	try {
41	const credentials = Realm.Credentials.apiKey(token);
42	// Attempt to authenticate
43	var user = await App.logIn(credentials);
44	var client = user.mongoClient('mongodb-atlas');
45	} catch (err) {
46	return utils.toError('Error with authentication.', 500);
47	}
48
49	// Grab a reference to the "cloudflare.todos" collection
50	const collection = client.db('cloudflare').collection<Todo>('todos');
51
52	try {
53	if (method === 'GET') {
54	if (todoID) {
55	// GET /api/todos?id=XXX
56	return utils.reply(
57	await collection.findOne({
58	_id: new ObjectId(todoID)
59	})
60	);
61	}
62
63	// GET /api/todos
64	return utils.reply(
65	await collection.find()
66	);
67	}
68
69	// POST /api/todos
70	if (method === 'POST') {
71	const {todo} = await req.json();
72	return utils.reply(
73	await collection.insertOne({
74	owner: user.id,
75	done: false,
76	todo: todo,
77	})
78	);
79	}
80
81	// PATCH /api/todos?id=XXX&done=true
82	if (method === 'PATCH') {
83	return utils.reply(
84	await collection.updateOne({
85	_id: new ObjectId(todoID)
86	}, {
87	$set: {
88	done: url.searchParams.get('done') === 'true'
89	}
90	})
91	);
92	}
93
94	// DELETE /api/todos?id=XXX
95	if (method === 'DELETE') {
96	return utils.reply(
97	await collection.deleteOne({
98	_id: new ObjectId(todoID)
99	})
100	);
101	}
102
103	// unknown method
104	return utils.toError('Method not allowed.', 405);
105	} catch (err) {
106	const msg = (err as Error).message \|\| 'Error with query.';
107	return utils.toError(msg, 500);
108	}
109	}
110	}
111
112	// Export for discoverability
113	export default worker;

1	$ cd api_tests
2	$ ./post.sh "Write a good README.md for Github"
3	{
4	"insertedId": "618615d879c8ad6d1129977d"
5	}
6	$ ./post.sh "Commit and push"
7	{
8	"insertedId": "618615e479c8ad6d11299e12"
9	}
10	$ ./findAll.sh
11	[
12	{
13	"_id": "618615d879c8ad6d1129977d",
14	"owner": "6186154c79c8ad6d11294f60",
15	"done": false,
16	"todo": "Write a good README.md for Github"
17	},
18	{
19	"_id": "618615e479c8ad6d11299e12",
20	"owner": "6186154c79c8ad6d11294f60",
21	"done": false,
22	"todo": "Commit and push"
23	}
24	]
25	$ ./findOne.sh 618615d879c8ad6d1129977d
26	{
27	"_id": "618615d879c8ad6d1129977d",
28	"owner": "6186154c79c8ad6d11294f60",
29	"done": false,
30	"todo": "Write a good README.md for Github"
31	}
32	$ ./patch.sh 618615d879c8ad6d1129977d true
33	{
34	"matchedCount": 1,
35	"modifiedCount": 1
36	}
37	$ ./findAll.sh
38	[
39	{
40	"_id": "618615d879c8ad6d1129977d",
41	"owner": "6186154c79c8ad6d11294f60",
42	"done": true,
43	"todo": "Write a good README.md for Github"
44	},
45	{
46	"_id": "618615e479c8ad6d11299e12",
47	"owner": "6186154c79c8ad6d11294f60",
48	"done": false,
49	"todo": "Commit and push"
50	}
51	]
52	$ ./deleteOne.sh 618615d879c8ad6d1129977d
53	{
54	"deletedCount": 1
55	}
56	$ ./findAll.sh
57	[
58	{
59	"_id": "618615e479c8ad6d11299e12",
60	"owner": "6186154c79c8ad6d11294f60",
61	"done": false,
62	"todo": "Commit and push"
63	}
64	]