Build a Totally Serverless REST API with MongoDB Atlas
Rate this video
00:00:00Introduction to Serverless MongoDB
Nick Raboy introduces the concept of going serverless with MongoDB Atlas, highlighting the benefits of using scalable, pay-as-you-go services for building serverless applications.00:01:47Setting Up a Serverless Database Instance
The video guides viewers through the process of creating a new MongoDB cluster, selecting the serverless option, and configuring the database instance.00:02:57Creating Serverless Functions and HTTPS Endpoints
Nick demonstrates how to create serverless functions within MongoDB Atlas and how to set up HTTPS endpoints that act as an API Gateway for these functions.00:05:32Deploying and Testing the Create Function
The tutorial continues with deploying the 'create person' function and testing it using Postman to insert data into the serverless database.00:08:55Setting Up a Retrieve Function
A new endpoint is created for retrieving data, and the 'get people' function is set up and tested to ensure it returns the correct data from the database.00:11:15Securing the Serverless API
Nick touches on security aspects, such as IP access lists and authentication mechanisms, to control who can access the serverless API.00:14:00Conclusion and Next Steps
The video concludes with a summary of the steps taken to create a serverless application with MongoDB Atlas and encourages viewers to integrate these practices into their own workflows.00:18:57Final Thoughts and Call to Action
Nick wraps up the tutorial, invites viewers to like and subscribe to the channel, and teases future content.The primary focus of the video is to demonstrate how to build a serverless application using MongoDB Atlas, including setting up a serverless database instance, creating serverless functions, and securing the application.
🔑 Key Points
- Introduction to creating a serverless application with MongoDB Atlas.
- Step-by-step guide on setting up a serverless database instance.
- Explanation of serverless functions and HTTPS endpoints as an API Gateway.
- Demonstration of creating, deploying, and testing serverless functions for CRUD operations.
- Overview of securing serverless APIs with IP access lists and authentication mechanisms.
🔗 Related Links
Full Video Transcript
hi my name is Nick raboy and I'm from mongodb and in this tutorial we're going to see how to go totally serverless using mongodb Atlas serverless database instances as well as mongodb Atlas https endpoints and functions so we're not going to be deploying any of our own infrastructure we're going to use fully scalable pay-as-you-go services for building a serverless application so totally serverless what you will need prior to this is you will need a manga to be Atlas account and you will need at least some familiarity with JavaScript with that in mind what you're going to see on my screen is you will see mongodb Atlas and what we're going to do is we're going to create a new mongodb cluster so we're going to say create now when I click that create instead of choosing dedicated or shared I'm going to go ahead and click on serverless so this is going to allow us to create a serverless database instance and like I said what that means is it's going to scale to meet demand of your users so if you get a lot of burst traffic or traffic that is unpredictable this could be very valuable to you and it's going to be pay as you go so while the database is not being used you're not going to be billed but as it's used as requests are made that's how your bill accumulates and you can see the finer details of this inside of the mongodb Alice documentation which is kind of out of the scope of this particular tutorial so I chose serverless what I'm going to do is I'm going to choose my cloud region or provider so where do I want it to live and this is for latency Reasons I'm going to choose AWS I'm going to leave the default as North Virginia and I'm going to continue down I don't need any particular backups because this is a tutorial so I'm going to say basic backup and I'm going to scroll down and I'm going to just leave it as the default name you can go ahead and name it to whatever makes the most sense for you and I'm going to say create instance now you'll notice that my serverless instance is being created it should be pretty fast but while that's going what I'm going to do is I'm going to click on app services So within the app services this is where we're actually going to create the serverless application component of this particular tutorial so we just saw the database component which was pretty fast pretty easy to set up it was just a few clicks of the mouse now we're going to create our serverless application and that's going to include a little bit of JavaScript and a few serverless functions also referred to as functions as a service so I'm going to click on create a new app I'm going to give it a name I'm just going to leave the name as application zero it doesn't really matter and I'm going to choose my serverless instance 0 because that's what I named it and I'm going to scroll down to create app service all right so now we have access to the mongodb app Services which you can do a whole lot more than just create https endpoints and functions you can actually make use of graphql among other things that's out of the scope of this particular tutorial so we're just going to be focusing on functions and https endpoints and these https endpoints can be thought of as an API Gateway so for example you have a function and to actually reach that function through a web browser or an HTTP request you'll be creating an https endpoint for that so what I'm going to do is I'm going to scroll down I'm going to click on https endpoints and I have no endpoints at the moment so what I'm going to do is I'm going to say add an endpoint I'm going to give it a route so this is how I'm going to be able to access it through a web browser or through Postman or through my application code and let's go ahead and say for this example I'm going to say I want to create some data in particular I'm going to say I want to create people data so I'm going to say create person so slash person will be my endpoint route it will be enabled this right here is the URL that I'll be able to access it by whether I'm using like I said Postman I can do a fetch request instead of a JavaScript application however you see fit for accessing this endpoint it's totally up to you but I'm going to leave it as that here's a sample curl request that we could use the method because we plan to create data I'm going to leave it as post but you can choose whatever makes the most sense for you I do want it to respond with the result because if you leave this off and you execute this function through the endpoint you're not going to get anything back but for example I may want to know the ID of the data created I may want a success response who knows I want a result so I'm going to enable it the return type you can choose Json or you can use extended Json which would include bson properties I'm going to leave it as Json for this example but if you want to read more about what ejson offers I encourage you to check out the documentation for this so scrolling down we have our function so this is where our actual logic takes place and it's less about the actual HTTP endpoint itself so it's just a logic so we don't have any functions at the moment so what I'm going to say is I'm going to select create new function we can give it a function name um this it's totally up to you on what you want to call it for this it makes sense to say maybe create person because we're creating a person document and this is uh the function editor and we can actually leave it or we can edit it right here I'm going to leave it so that way you know how to access it in the future for editing so I'm just going to leave it as the default I'm going to scroll down authorization we're not going to add any authorization here but we will when we get into the function side of things in the other area of the application that I show you I'm going to continue scrolling down we don't need to worry about fetching custom user data we don't need to create users upon authentication for this particular example but depending on what you're up to this could be valuable to you and your application needs so I'm going to save the draft I'm going to say next and got it and I'm going to review draft and deploy so when I scroll down I'm going to say deploy and that function that endpoint it's ready to go if I were to try to access it I mean it won't do much because it's using the boilerplate code but it should still work so now what I'm going to do is I'm going to navigate over to the functions tab within the app Services dashboard and this is how I can actually access these functions if I chose not to modify them directly in the https endpoints screen so I'm going to say create person and I'm going to scroll down and what I'm going to do is I'm going to wipe some of this up stuff out so that way it's a little easier to read so that way we're just left with the function perimeter itself or function body and this is we're going to add our logic so for our logic let's say that we want to insert a single document so to do that we can say something like constant we can say result um and then we can say context.services and we can say we want to get manga to be Atlas we want to define the database that we want to use so we're going to say let's go and say examples it doesn't really matter so if your database does exist it will be used if it does not exist it will be created so you don't have to create this ahead of time especially with a serverless instance for the collection that I want to insert this document into I'm going to say collection and I'm gonna say let's go and say people because we're inserting information about a person so it makes sense to have the collection called people and I'm going to say insert one so I'm going to insert a single document I'm going to say json.parse and let's assume that the user is passing in some kind of request body when they access this https endpoint so let's go ahead and use exactly what was passed in that body so I'm going to say body.txt now something to note we're not doing any kind of validation on this particular endpoint or function so whatever that user passes even if it has nothing to do with people data it will be inserted regardless because the data validation and things like that the clean up the the sanitation it's not in the scope of this particular example now I do want to return something I don't have to but like I said I enabled that checkbox so it makes sense I'm going to say return and I'm going to say results so it's going to return whatever whatever this insert one operation returns it will be returned back to the client that made the request whether that be curl or something else I'm going to save the draft now if I wanted to I could hit that review draft and deploy but we're not quite done yet I do have to go to the settings inside the settings I do have to change the authentication for this function this is different from the authorization that we saw on the previous screen so the authentication mechanisms available to us we do have application authentication we can use system level which is full privilege if we decide that we want to work with users we can enable user ID or we can do some kind of script based authentication as well I'm going to choose system because this particular example we want to keep it simple and easy to understand but I definitely encourage you to check out the documentation if you want to see more on what you can do when it comes to authentication in your serverless applications um so I take that box I'm going to scroll down everything looks good we're not going to worry about any particular authorization rules for this example I'm going to explain more on what this is towards the end but for now I'm just going to say save draft and I'm going to review the draft and deploy it'll it'll be deploying two different changes that I made one for the actual function code and the other for the authentication so I'm going to say deploy perfect so now what we're going to do is we're going to go back into the https endpoint side of things I'm going to click on the particular endpoint being this post endpoint what I'm doing here is I'm actually going back to get the actual link or the URL for this endpoint I'm going to copy it and rather than creating a brand new application for actually using this endpoint or even using the command prompt I'm going to go into Postman which is a common tool for testing apis I'm going to paste that URL in and I'm going to say that I want to do a post request and for the body of that post request I'm going to say raw and it's going to be Json and let's go ahead and add some request body so for example I want to say that the first name it's going to be Nick the last name is going to be reboy and let's go ahead and say that the username is going to be Android boy I mean typically you'd have a lot more complicated stuff in your documents but this is just an example we want to show that we're actually able to create this document so I'm going to say send you'll notice that the inserted ID was part of the response what I can actually do is I can go into my web browser once more I'm going to click on this Atlas tab I'm going to go to my instance and I'm going to say browse collections you'll notice that I have an examples database something that I didn't have from the start as well as a people's collection so it was created and I have this document with a first name last name username and then this object ID for our particular document so that insert operation did in fact work now let's go and create another endpoint so this next endpoint will be for retrieving data and the process is going to be very similar so I'm going to go back into my application zero which your your name might be different it's up to you I'm going to go down to https endpoints I'm going to add an endpoint so for this one if I want to get data let's say that I want to get all people in my collection so I'm just going to call it people the naming conventions that you use are totally up to you I'm going to say that this is enabled I'm going to say that this is going to be a get endpoint for retrieving data it will definitely return a result we're going to leave it as Json the authentication will be we'll be changing that in just a moment the function let's go ahead and create a new function let's go ahead and call this one maybe get people and let's go ahead and work towards actually finishing up this function uh right here in line so once again I am going to clear things out just so that way it's a little easier you'll notice that in the comments it does have some stuff to get you started actually what I can do is I can leave that so I'm going to leave that I'm going to remove everything else just for now and we're going to repopulate it so let's go and say that this is Doc rather than doc let's say docs plural uh let's go ahead and do the same thing that we did before so get which is manga to be Atlas the database is going to be examples The Collection let's go ahead and say that the collection is going to be people and instead of a find one we're just going to do a find which will get more than one document if it exists and for the filter we're just going to leave empty brackets in there meaning that we are going to filter against all documents so we're going to we're basically going to return every document in the collection and finally let's let's go ahead and add the two array so that way we're not working with cursors and let's return the results so the results would be return Docs and we're just going to leave it as is for now it'll save when we hit that save button uh let's go down and let's say save draft we're going to review draft and deploy and it'll just take a second to deploy we're not quite done yet we do have to go to functions we have to click on get people we have to change the settings so that way we use once again system so that way we don't actually have to create any kind of users or any kind of special rules and I'm going to save the draft perfect I'm going to review the draft and deploy I'm going to go back to the https endpoints I'm going to click on get I'm going to copy this endpoint URL and I'm going to go back into Postman and I'm going to paste it in and I'm going to change this to get I'm also going to wipe out this body because we're not actually using it and I'm going to click Send you'll notice that it returned all of our documents in this case it was only a single document but it did in fact work now we could create other endpoints for deleting or updating the process is going to be more or less the same so just just to kind of reiterate here on what we did before we move on to the kind of the next step on some of the other things that you can do is we created two endpoints these endpoints use manga to be Atlas HTTP endpoints which act as an API Gateway for the serverless functions so these are functions that Scale based on the demand so if your experience a high load of traffic these functions will scale to meet that demand and you'll be billed appropriately now in addition to having a serverless application we also made a serverless database instance which was just a few point-and-click steps uh nothing to it really we could actually browse that instance and do pretty much everything that we could with any other uh pre-provisioned clustered here but this one scales based on demand so if you know that maybe you're going to get burst traffic where it may Spike up it could save you a lot of manual work towards actually having to worry about scaling and you get to benefit from that pay as you go model um now one thing that I said that I that I'd look into at the end which would be more around the security so the authentication and the authorization there's other stuff too to just kind of touch base on uh but we won't explore it too thoroughly here let me go into the application that we had created uh the first thing that I want to go over is let's say that this API is private use only maybe it's for internal maybe you want to share with certain people something that you could do is you could you could go into the app settings and you can go into the IP access list and instead of allowing access from anywhere maybe you add the IP range for your organization so that way maybe it's only accessible privately from people within your organization that's one way to secure your API so your serverless apis within mongodb Atlas like I said previously there are different ways to authenticate so you could do email password authentication you could do some kind of social social media so oauth authentication you can create your own gwts so this could be an added layer to the IP access list if you wanted to or a replacement depending on your use case so in this case the user would have to authenticate before they have access to your apis so they get some kind of token now the other side of things if I wanted to click on say for example functions and let's go ahead and say create function doesn't matter we're going to go to settings if I scroll down to the authorization part what you can do is you can create a Json expression within mongodb Atlas and you can lock down certain aspects so for example maybe you want only the user that has authenticated to be able to access their own documents when making the HTTP request so documents where their user matches some criteria that's totally plausible and you can actually do it very easily within mongodb Atlas so you can add authorization rules so what could be accessed versus the authentication rules which is who's allowed to use your API in general so just various things in terms of security when it comes to your serverless or your totally serverless restful API so once again this is a serverless example totally serverless serverless database serverless application we did it quite fast with a few clicks very little code this is something that you can start integrating into your own application workflows if you enjoyed this tutorial please make sure you hit that like button subscribe to the YouTube channel and I'll see you on the next video