Docs Menu

Introduction to MongoDB Realm for Web Developers

On this page

  • User Authentication and Management
  • Schema Validation and Data Access Rules
  • Event-Driven Serverless Functions
  • Secure Client-Side Queries
  • GraphQL for MongoDB
  • Client-Side MongoDB Queries
  • Get Started with MongoDB Realm
  • Summary

Building a web app usually requires sending data from a server to the browser. This comes with lots of overhead, such as authentication, and data validation. And then the application has to be scalable and secure. Many libraries and frameworks exist to provide these services. Selecting the best ones for your project requires deep understanding of the tradeoffs.

MongoDB Realm is a serverless application backend that streamlines solving these common challenges. Realm provides configurable functions, integrated data access, and security rules. With Realm, you can focus on building unique features instead of boilerplate backend code.


If you prefer working on mobile or backend applications, check out the Introduction for Mobile Developers or the Introduction for Backend Developers.

Secure user authentication is essential for most apps. Some apps authenticate users with traditional email/password combinations. Others use API keys or third-party authentication providers like Facebook and Google. These methods often require a lot of complex boilerplate code.

MongoDB Realm provides built-in user management and authentication methods. These features encapsulate complexity and make it easy to integrate third-party authentication providers. You can enable authentication providers in your server-side configuration then immediately log in from any client application using a Realm SDK.

To learn more about authentication in MongoDB Realm, see Users & Authentication.

Modern applications require that data is available using consistent types and formats. Data consistency guarantees that all the application's components can work together. It's also important to make sure that any given piece of data is only accessible to an authorized user. For example, you might grant a user access to only their own data.

MongoDB Realm validates data with a Realm schema you define in the JSON schema standard. A Realm schema serves as the source of truth for defining data types in your application. Realm also uses the schema to map data between your application and a MongoDB Atlas collection.

You can also configure Realm to secure data with role-based data access rules. These rules determine each user's access to every document for every request. A user can only insert, read, or modify data if both they and the document meet pre-defined conditions.

To learn more about defining a schema and access rules for your data, see collection rules.

Many applications require that some business logic runs on a server. Usually this logic deals with sensitive user data or interacting with external services. Apps might also need to respond in real time when something happens in the app or in an external service.

MongoDB Realm lets you define serverless JavaScript functions called Realm Functions. You can use Realm Functions for the following common backend use cases:

  • Call from client applications with the Realm Web SDK.
  • Execute Realm Functions in response to trigger events, like an update to a document in MongoDB or at a scheduled time.
  • HTTPS endpoints that execute a function in response to external applications.

To learn more about defining and using serverless functions, see Functions and Triggers Overview.

Developers need efficient, secure data access. If the data is on a server, you need an API to access the data and prevent unauthorized access.

The Realm Web SDK includes a secure MongoDB client to interact with data. It uses GraphQL and the Query API to access data in MongoDB Atlas. Use either or both of these APIs to work with your application's data.

Realm's server-side rules ensures that users only read and modify permitted documents. Rules consist of one or more user roles for each collection. A role determines if a given user has permission to access and edit a document. Realm determines a role for each document in every request. It then enforces the role's permissions before responding.

GraphQL is a standard, open-source API architecture that is an alternative to REST and other HTTP APIs. It features a query language that lets you access only the data you need.

GraphQL has a couple of primary benefits for web developers:

  • Minimize Bandwidth: GraphQL queries specify the exact fields to return. This lets you to avoid fetching unnecessary data.
  • Minimize Roundtrips: A single GraphQL endpoint handles all requests. You can group your GraphQL queries into a single request to one endpoint instead of sending requests to multiple endpoints.

MongoDB Realm generates a GraphQL API for your application based on your data model. The API includes a set of CRUD operations that you can access with a GraphQL client or in a HTTP request. You can also create custom resolvers backed by functions.

To learn more about the Realm GraphQL API, see GraphQL API.

Traditionally developers query the database on the server and access the server from the client through a HTTP API. This requires more developer resources and lacks the flexibility of directly querying a database.

MongoDB Realm includes the Query API, a powerful API that lets you access MongoDB Atlas data from the client. You can query Atlas like you're using a database driver and Realm enforces data access rules rules for all requests.

To learn more about the built-in MongoDB service, see MongoDB Data Sources.

You can ship your first web app built with MongoDB Realm in minutes.

To get started, follow the Task Tracker application tutorial or create a MongoDB Realm application.

You can also refer to the Web SDK documentation for TypeScript and JavaScript.

  • MongoDB Realm is a serverless application platform that makes it easy to deploy and scale.
  • You can build a Realm app with custom logic via functions and triggers, custom permissions via rules, and authentication via third-party SSO.
←  Introduction to MongoDB Realm for Backend DevelopersFind Your Project or App ID →
Give Feedback
© 2022 MongoDB, Inc.


  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2022 MongoDB, Inc.