If you find any errors, typos or have general feedback, select the text and click CTRL+ALT+ENTER.

See the Appery.io database overview here.

API format

Request format

For POST and PUT requests, the request body must be JSON, with the Content-Type header set to application/JSON.

Authentication is done via HTTP headers.

The X-Appery-Database-Id header identifies which database you are accessing. The database ID can be found in the Dashboard tab for the database. This header is always required.

The X-Appery-Session-Token header identifies the user session.

The Appery.io database supports CORS (Cross-Origin Resource Sharing), so it’s very easy to use via JavaScript (it doesn’t require using JSONP or proxies).

Response format

A JSON object is the response format for all requests.

An HTTP status code indicates whether the request succeeded or not.

A 2xx status code indicates success.

A 4xx status code indicates failure.

When a request fails, the response body is still JSON, but will contain an error message. For example:

Data types


The Date type value is a string which contains a UTC timestamp stored in ISO 8601 format with millisecond precision: YYYY-MM-DDThh:mm:ss.mmm.


An array value is a list of primitive values, such as: string, number or boolean.


Example above will create a new entry in the students collection with marks field type of array.


As MongoDB is not a relational database, it can’t perform SQL join operations. Instead, there are pointer types that are used as references to another object. It contains the collection name and _id of the referred-to value. Let’s say that the students collection contains the owner column. That column contains the user ID from the Users collection.

The result of the GET request will look like:

To read multiple children for a parent, use the following where parameter, where columnName is the name of the column with type=pointer and _id is the referenced object of the todo database:

The pointer value can be set using a POST command and by passing two parameters – collName and _id of referenced object:


Example above will create a new entry in the students collection with owner field type of pointer.

To retrieve the referenced object value (not a pointer value) use the include parameter.


This example shows how to use Server Code script and Pointer data type to setup user registration – Learn How to Create a User Registration Form with the Appery.io Database and Server Code


Object type is a general representation of a JSON object, which can have any structure. When an object with object type is given, the column value is specified as a JSON object in { } brackets. Object type also supports querying.

Read more about querying.


The Geopoint type is used to define a geographic location with longitude and latitude, and presented as an array of two values.



File type can be used to store any sort of file. While clicking on the cell with the File type, the Media Manager opens. By clicking “Upload file,” you can choose any file with a non-empty body and size up to 20MB. You can also insert the same file in other rows.

To remove a file from a certain row, click on a cell where it is located and then choose “Reset” in Media Manager.

To remove files from the Media Manager, choose the needed file and click “Delete file.” This operation cannot be undone.

All uploaded files are added to the predefined Files collection. This also works conversely: if the file was added to the predefined Files collection, it will also be available in Media Manager.

Media Manager only contains files related to a database where they have been added.

File type object must contain originalFileName and fileName fields.


Object format

The Appery.io database stores data in JSON format (it’s running MongoDB). For example, if you are building a ToDo app, a task object might look like:

When a new object is created, the following three columns are automatically created: _createdAt, _updatedAt, and _id. These field names are reserved, so you cannot set them yourself. Using the object above, if you did a GET on it, it would look like this, including the reserved fields:

If the collection name is todo, then the URL to the collection would be:

If you want to work with a particular object (for instance, the above example), then the URL would be either this:

Or this:

To make it easy to work with collections and objects, you can get the almost-complete curl command for each REST verb. Click on any of the REST verbs (GET, FIND, CREATE, UPDATE, DELETE) to get the curl request.

There is a default limit parameter which equals 100. That means that only 100 records will be returned if other wasn’t specified. To avoid this limitation, use the limit parameter in the requests and specify your own value. Max value is 1500.

For more precise examples, documentation below uses Students collection with following structure:

studentName studentId marks
string number array
John 10 [10,9,3]
Donna 20 [2,8,1]
Dina 100 [10,8,9]

Creating object

Creating new objects is done with a POST request.

POST https://api.appery.io/rest/1/db/collections/<collectionName>

If the creating was successful you’ll get a status code 200 OK and response, containing auto-generated _id for the new object and _createdAt timestamp, which specifies, when the object was created.


Sample response:

Retrieving all objects

To retrieve all the objects, use a GET request and specify the collection name.

GET https://api.appery.io/rest/1/db/collections/<collectionName>

The response body is a JSON object containing all the user-provided fields, plus the _createdAt, _updatedAt, and _id fields.

Sample response:

Retrieving a specific object

To retrieve a specific object, execute a GET command and also add the object ID to the end of the URL.

GET https://api.appery.io/rest/1/db/collections/<collectionName>/<objectId>


Sample response:

Updating objects

To update or change an object, send a PUT request. Since you are changing a particular object, the object ID needs to be used in the URL.

PUT https://api.appery.io/rest/1/db/collections/<collectionName>/<objectId>

The result is a JSON containing the object update time.

Sample response:

Updating multiple objects

By using the an operations parameter, you can update multiple objects at once. As with single object updating, you should use the PUT method, (there is no need to specify the object ID).

See the full list of supported operators, and read more about the operations parameters here.

PUT https://api.appery.io/rest/1/db/collections/<collectionName>/


The example above will change all of the values in the studentId column to 60.

By mixing the where and operations parameters, you can conditionally update multiple objects. Only  objects that satisfy the where condition will be updated. 

The query below finds all of the records where studentId equals 20 and changes it to 60.

Also, an update parameter is available when updating multiple objects. You can specify what fields the object should be updated in, and the values to change them.

If the operations object is specified then the update parameter is fully ignored. Their functionality can not be used simultaneously.

The following example finds all of the records where the studentId equals 20, and changes studentName field to 60:

Read more about the where and operations parameters here.

Updating arrays and pointers is also available for the update parameter. If we assume that your collection contains a column user with a pointer type to _users collection, you can update the marks column type of array:

The example above finds all the records where studentId equals 20, and changes the value in the user column to 5540ed6ae4b020ea2fabaf44. It also adds a new array values into marks array – 5 and 2.

Updating arrays

To help with storing array data, there are three operations that can be used to automatically change an array field:

  • Add – appends the given array of objects to the end of an array field.
  • AddUnique – adds only the given objects that aren’t already contained in an array field. The position of the insert is not guaranteed.
  • Removeremoves all instances of each given object from an array field.

Each method takes an array of objects to add or remove in the objects key. Use a PUT command to add an array of objects. Remember to paste the object ID in the end of the URL.

Read more about arrays in data types.

PUT https://api.appery.io/rest/1/db/collections/<collectionName>/<objectId>

The result is JSON containing the object update time.

Sample response:

__op defines a kind of operation. It can be Add, AddUnique, and Remove, as in the example above.

Saving arrays

When working with arrays, make sure you:

  1. Clean the localStorage variable value after you store the array to the database. Otherwise, you can get incorrect data, and errors will appear.
  2. Check the type of the array and database elements – they should be the same.

For example, when you store an array of objects to the database and you have this in a column:

This means you stored an array of strings, not array of objects. You will get a TypeError message, because you have no objects in the array.

In this case, you should convert the strings to an array of objects. The following JavaScript code example can help:

Deleting objects

To delete an object, send a DELETE request with the object ID in the URL.

DELETE https://api.appery.io/rest/1/db/collections/<collectionName>/<objectId>

The result is an empty JSON object.

Sample response:


Query constraints

It’s possible to specify a where clause in the request. The value of the where parameter needs to be in JSON format. As you’re sending a GET request, the JSON value is also then URL encoded.

Example below will return records where studentId = 50.


Sample response:

The where parameter also supports the following comparison values:

  • $lt – less than.
  • $lte – less than or equal to.
  • $gt – greater than.
  • $gte – greater than or equal to.
  • $ne – not equal to.
  • $in – contained in.
  • $nin – not contained in.
  • $exists – a value is set for the key.
  • $not – not match the expression.

Less than ($lt)

If you want to get only the students where the studentId is less than 50 ($lt):

The result is only the students with student ID of 10, 20, 30, and 40.

Less than or equal to ($lte)

If you want to get only students where the studentId is less than or equal to 50 ($lte):

The result is the same as the previous example, except now it also includes 50.

Greater than ($gt)

Going the opposite way, if you want to show all students with a studentId of greater than 50 ($gt):

This would return objects with IDs of 60, 70, 80, 90, and 100.

Greater than or equal to ($gte)

Using greater than or equal to ($gte) is very similar:

Not equal to ($ne)

By using not equal to ($ne), you can specify which object you don’t want to select:

You will get all the student objects except the student with the ID of 20.

Contained in ($in)

To get specific objects, use contained in ($in):

This will return only student objects with IDs of 20 and 80

Not contained in ($nin)

The opposite of contained in ($in) is not contained in ($nin):

This would return all objects besides objects with IDs of 20 and 80.

A value is set ($exists)

$exists option checks whether a value is set for a column:

As every object has the ID set, the above query would return the entire list. Or, specifying false:

It would return an empty list, as every object has the student ID set.

Not match the expression ($not)

$not performs a logical NOT operation on the specified operator expression and selects the documents that do not match the operator expression.

This request will return all records where studentId is NOT greater than 30.

Multiple where clauses

The Appery.io database also supports multiple where clauses. Read more about this on the MongoDB documentation page.

Logical OR ($or)

The $or operator performs a logical OR operation on an array of two or more expressions, and selects the documents that satisfy at least one of the expressions.

Example above means that the returned object must contain {"studentId":50} OR {"studentName":"Dan"}.

Logical AND ($and)

$and performs a logical AND operation on an array of two or more expressions and selects the documents that satisfy all the expressions in the array. The $and operator uses short-circuit evaluation: If the first expression evaluates to false, remaining expressions will not be evaluated:

Example above means that the returned object must contain {"studentId":50} AND {"studentName":"Dan"}.

Logical NOR ($nor)

$nor performs a logical NOR operation on an array of one or more query expressions and selects the documents that fail all the query expressions in the array:

Example above means that the returned object must NOT contain {"studentName":"John"} AND {"studentId": 50}.

Field update operators

The operations parameter is used to update multiple objects via a single REST Service. The operations parameter supports the following comparison values:

  • $set – sets the value of a field in a document.
  • $unset – removes the specified field from a document.
  • $inc – increments the value of the field by the specified amount.
  • $mul (Number only) – multiplies the value of the field by the specified amount.
  • $min (Number & Date only) – only updates the field if the specified value is less than the existing field value.
  • $max (Number & Date only) – only updates the field if the specified value is greater than the existing field value.

Read more about MongoDB field update operators.


Use the $set operator to replace the value of a field to the specified value. If the field does not exist, the $set operator will add the field with the specified value. The following example changes all values in the studentId column:

Read more about the $set operator here.


The $unset operator deletes a particular field. The specified value in the $unset expression (i.e. “” below) does not impact the operation. If the field does not exist, then $unset has no effect. The following example shows how to clear all values in the stundetId column:

Read more about the $unset operator here.


The $inc operator increments a value of a field by a specified amount. If the field does not exist, $inc adds the field and sets the field to the specified amount. $inc accepts positive and negative incremental amounts. The following example increments all values in the studentId column by 5:

Read more about $inc operator here.


Multiply the value of a field by a number. This works only for fields with Number type. The following example multiplies all values in the studentId column by 2.25:

Read more about the $mul operator here.


The $min operator updates the value of the field to a specified value if the specified value is less than the current value of the field. If the field does not exist, the $min operator sets the field to the specified value. Works only for Date and Number column types. The following example sets the values of the studentId column to 50 if they are bigger than 50. Smaller values will not be changed:

Read more about $min operator here.


The $max operator updates the value of the field to a specified value if the specified value is greater than the current value of the field. If the field does not exist, the $max operator sets the field to the specified value. Works only for Date and Number column types. The following example sets the values of the studentId column to 50 if they are smaller than 50. Bigger values will not be changed:

Read more about the $max operator here.

Conditional multiple objects update

By mixing where and operations parameters, you can conditionally update multiple objects.

The following example changes the studentId value to 25 for all records where studentName equals to Anna:


To sort data, specify sort as a request parameter. Also, specify the column by which you want to sort. For example, sort by the studentName column, in ascending order:

To sort in descending order, specify the column name with - before it:

You can also sort by more than one column:


To limit the number of objects you get, use the limit parameter. The following query will return the first 5 objects:

Max value for limit parameter is 1500. The value is Integer (Number JavaScript).

In addition to specifying how many objects to return, you can also specify from which object count to start with the skip parameter. The following example will start at object 6 (skip the first 5) and return (limit) 5 objects.

The value is Integer (Number JavaScript):

Queries on array values

Retrieve all objects with an array that contains the number 1:

There are several special operators that MongoDB provides for array queries.

The $all operator can be used to select the documents where the value of a field is an array that contains all the specified elements.

Retrieve all objects that contain array with 5, 6 and 7:

It’s possible to retrieve elements by array size, using the $size operator.

Retrieve all the objects that contain an array with 3 elements:

It’s also possible to use the $elemMatch operator to match more than one component within an array element. In this case, the array structure must be a little more complex.

The marks column with array of objects:

studentName studentId marks
string number array
John 10 [{“math”:”5″, “physics”:”7″}]

By using the $elemMatch operator, it’s possible to make a query for each of object fields. Therefore, it’s possible to retrieve all object arrays where the mark for math equals 5, and mark for physics is greater than 6:

Queries on pointer values

To properly get an object with a specific pointer value, you should provide an object with exactly the same fields in the where parameter:

Queries by related object

Querying objects also support subqueries, which are defined with keywords $inQuery and $notInQuery, and can be applied only to pointer fields:

Such a query will return only the objects linked to the objects returned by the subquery. In this example, you get an object that has a pointer to the objects with only a High-value in the priority field.

$notInQuery works inversely: the parent query will return the objects not linked to objects returned by the subquery.

How to get all students collection objects, where the owner column doesn’t reference a user named Alice:

Including related objects

In some situations, you may want to return multiple types of related objects in one query.

The following sample collection consists of two columns (owner and subtask) with the pointer-referenced Users and todo collections respectively:ToDoCollSubtask

The subtask _id is referred to the _id of the parameter from the same collection; while the owner _id is refer to the parameters from the Users collection of the same database:

When the query is executed with an include parameter for the key holding this pointer, the pointer will be expanded to the object:

You can also do multi-level “includes” using dot notation:

You can also execute a query with multiple fields included. Pass a comma-separated list of keys as the include parameter:

To update the collection, provide the X-Appery-Session-Token parameter and _id of the referenced collection entry you would like to update.

To delete the pointer-referenced entry from the collection, also provide the X-Appery-Session-Token and _id of the referenced collection entry you would like to delete. The response is empty object.


You can use a Projection to return only specified collection columns. You can do this by adding a proj parameter to your request. Here is how to retrieve only the studentName column:

When the certain column is marked with number 1 – MongoDB assumes that all other columns shouldn’t be retrieved. To retrieve several columns, specify them, separated by commas:

Digits should be passed as numbers, not as strings.

You can also specify which column should be excluded from the result. In this case, all columns will be retrieved except the excluded ones. To do this, mark column name with zero:

You cannot mix including and excluding fields due to MongoDB limitation.

You can mix the include parameter with proj to specify what columns should be retrieved from related object.

The following example retrieves only studentName and studentId fields from the collection in which the request was made, and only email from the related object:

Read more about MongoDB projection.

Queries on string values

You can use regular expressions to search over values containing strings. The constraint is represented by a hash with the key $regex mapping to a regular expression.

For example:

Geospatial queries

Say you have a collection with city names and their coordinates:

name location
string Geopoint
Munich [48.143, 11.574]
Athens [37.985, 23.729]
Amsterdam [52.373, 4.895]
Vienna [48.208, 16.375]

You can use different queries to work with your geopoints data. This can be handy when you’re developing an app with GPS services. The query itself must be placed in the where parameter:

Query examples:

Query 1 (80 miles diameter around Vienna):

Result (order by nearest). _createdAt, _updatedAt and _id removed for brevity:

Query 2 (550 kilometers diameter around Vienna):

Result (order by nearest):

Query 3 (0.21 radians [1350 kms] diameter around Vienna):


Query 4 (nearest to Vienna without distance limit):

Result (whole collection, order by nearest):

Query 5 (cities within a box [by SW and NE corners], [48,11] – SW, [50,20] – NE):


Query 6 (cities within a circle, with the center in Bratislava and a diameter of 100 kms):


Date queries

All of the comparison operators can be used to work with the value type of date.

Now say there is a time column that contains several date values:

taskName time priority
string date string
Debug soft 2014-11-12 19:00:00.000 High
Use cool API 2014-11-10 20:00:00.000 Low
Create an app 2014-11-09 09:00:00.000 High

Retrieve all the objects that equal the specific date value:

To get all the objects that contain a date greater than a certain value, use the $gt operator. This will retrieve all objects that contain dates greater (later) than the 10th of November 2014:

To get all the objects with dates less than a certain value, use the $lt operator. This will retrieve all objects with dates less than (earlier) the 10th of November 2014:

It’s also possible to retrieve dates in a certain range. Use a combination of the $lt and $gt operators. This will retrieve all objects with dates between the 9th and 11th of November 2014:

Accessing _createdAt and _updatedAt columns

You need to use a different syntax to access the predefined columns _createdAt and _updatedAt via a REST service. The date value must be presented like the following:

Also, the where clause must contain the $date variable and look like the following:

The _updatedAt column can be accessed the same way:

Counting objects

If you want to count how many objects there are in a collection, send the following request:count

Using a curl command:

Distinct values

It’s possible to retrieve all distinct values of a collection’s column using a POST request:

It’s also possible to use a GET request to retrieve distinct values:

File API

The file API allows you to upload and download files.

All file APIs require sending an X-Appery-Session-Token header. You can get its value when a user signs in. This is to prevent anyone but the user from uploading files.

You can find more about how to get an X-Appery-Session-Token here.

Uploading files

There are number of ways to upload files to a database:

  • Files can be uploaded to the database directly from the database dashboard using the Media Manager.
  • Files can be uploaded from the app you are creating:

To upload a file, send POST request to the following URL:

POST https://api.appery.io/rest/1/db/files/<fileName>


Sample response:

Use --form parameter and multipart/form-data for Content-Type to upload with FormData:

Uploading multipart data

To upload multiple files with form data, send POST request to the following URL:

POST https://api.appery.io/rest/1/db/files/


Sample response:

Retrieving file

To retrieve any file you need, add the name to the end of the URL, and use a GET request:

GET https://api.appery.io/rest/1/db/files/<fileName>


Retrieving files list

To retrieve a files list based on the files in the Files collection, send GET request and specify database id:

GET https://api.appery.io/rest/1/db/files

It’s necessary to provide an X-Appery-Session-Token or X-Appery-Master-Key to get the file list. In the case of using the X-Appery-Session-Token file, the list will contain only those files that where uploaded by the current user, or files that were uploaded via the Media Manager, and doesn’t contain default ACL:

Sample response:

If the ACL for the file defines that a certain user doesn’t have read rights, the file will be excluded from the files list:

Now user Pete will not get this file in the list:

Sample response:

By using the X-Appery-Master-Key, all the files from the Files collection will be included into the file list, despite specified ACL.

Use encoded parameter with base64 value to return the result as base64:

File content will be presented as field of base64data parameter:


Deleting files

Deleting files is similar to retrieving them; the only difference is the command type. Use a DELETE request:

DELETE https://api.appery.io/rest/1/db/files/<fileName>


There is no response for this operation.

Direct link to a file

The file can be downloaded with the direct link. To do it, use a URL with the following format:

The parameters above are:

  • databaseID – is the id of the database where the file is stored.
  • fileName – the name added to the file upon uploading to the Appery.io database.
  • encoded – if value of encoded parameter = base64, file content will be returned as base64 string as following:
  • userSessionToken (optional) – can be used to restrict users access.
  • masterKey (optional) – can be used to ignore ACLs (full access to data).

The resulting link looks like the following:



Many mobile apps have the notion of a User, where each user may sign up for an account in the app, view his or her information, perform actions, and change his or her password. As this functionality is very common, the Appery.io database comes with a built-in User Management feature. Users are created in the built-in collection called Users, and are managed via the predefined Users collection.

A user object is very similar to any other object you create, with one exception; the user object requires username and password fields. The password field is stored encrypted in the database, and will not be shown in any client request.

Signing up

To sign up (create) a new user, send a POST request:

POST https://api.appery.io/rest/1/db/users

It must include the username and password parameters:

Sample response:

The user object requires username and password fields, but you may also add other fields. To reduce the number of errors, the Appery.io database doesn’t allow the creation of new fields from a POST request. First, the fields need to be added in the web console. Once it’s done, you can add a new user with the new field:

The JSON response now contains the new field – email.

Signing in (login)

Once a user has been created, use a GET request to log in.

GET https://api.appery.io/rest/1/db/login

Define the username and password:

Save the sessionToken if you need to access the user information in subsequent requests. You can save the token in local storage.

Only the sessionToken and _id parameters will be returned in the response after successful authentication. If you want to retrieve custom fields (as email) that were created in Users collection you should send second request after authentication. Read here how get particular user details.

Session token

As you can see above, the log in and sign up procedures return the sessionToken parameter, which means that the user successfully logged in. The sessionToken parameter can also be used for database or server code operations that require user authentication.

Not all operations with the database require a sessionToken. See how to secure collections here.

Tokens issued by a server have a 120 minutes lifetime after the last activity. Last activity in this case means any REST service (even those that don’t contain an X-Appery-Session-Token) that triggers a database for any kind of operation – read, update, delete, etc. This also includes any REST service that triggers server code scripts secured by the database. Once the token has expired, the user should log in again to obtain a new sessionToken.

To change the sessionToken lifetime, go to Database > Settings and specify session timeout you need.

Signing out

To sign out a user, send GET request and provide X-Appery-Session-Token which was obtained for this user during login.

GET https://api.appery.io/rest/1/db/logout


There is no response for this request in case of success.

Signing in with social network

Read more about Social Login API.

To sign in the user with s social network, send a POST request:

POST https://api.appery.io/rest/1/db/oauth/login

Following parameters are available:

  • provider_id — one of the supported OAuth providers: twitter, facebook, google
  • token (required if OAuth 1.0a is used. In case of using Twitter) — request token obtained before.
  • verifier — the access code obtained from the provider after successful authentication (For example, code).
  • app_id (optional) — provider’s application id (client id, consumer key, etc.)
  • timeout (optional) — session timeout, ms.

Returns 201 with newly created user data or 200 with logged in user id and session token (if the user existed and was linked prior to this action).

If session_token is specified, authenticated user will be linked with provider’s user. Code 200 will be returned with the user id and session token.

Signing out from social network

To sign out from the social network, send a DELETE request:

DELETE https://api.appery.io/rest/1/db/oauth/logout

Include the social network id (twitter, facebook, google) as provider parameter:

Request token from Social Network

This method is used for OAuth 1.0a protocols (Used by Twitter for now). Use GET request to obtain token:

GET https://api.appery.io/rest/1/db/oauth/token

Returns an object with a single token field containing OAuth 1.0a request token.


  • provider_id — one of the supported OAuth 1.0a providers: twitter
  • app_id (optional) — provider’s application id (client id, consumer key, etc.)
  • callback_url (optional) — URL to which the redirect will be sent after token creation.

Retrieve current user

Use GET request to retrieve current user:

GET https://api.appery.io/rest/1/db/users/me

All parameters are identical Getting particular user details.

Getting particular user details

To retrieve a particular user, execute a GET request with the user ID in the URL.

GET https://api.appery.io/rest/1/db/users/<user_id>

Add the X-Appery-Session-Token header for authentication:

If the user object has any additional fields (columns), you will get them back as well.

Sample response:

Getting all users

You can retrieve multiple users at once by sending a GET request to the root user’s URL:

GET https://api.appery.io/rest/1/db/users

The returned JSON will include a list of all the users. You may also apply any of the queries options.


Sample response:

Updating users

To update an existing user, send a PUT request specifying the fields you want to update. Any fields not included in the request will not be updated.

PUT https://api.appery.io/rest/1/db/users/<users_id>

You need to specify the X-Appery-Session-Token for authentication, as well as the user ID in the URL.

Deleting users

To delete a user from the server, send a DELETE request and provide the X-Appery-Session-Token header to authenticate.

DELETE https://api.appery.io/rest/1/db/users/<users_id>


User queries

Queries with the Users collection can be performed in the same way as any other collection. All of the query constraints can be used.

The X-Appery-Session-Token must be provided in order to make queries with the Users collection. See how to get it via the link.

How to get all users with name Dan. Specify the X-Appery-Session-Token and where parameters:

How to retrieve all users with emails in @mail domain via a query with $regexp:


When you access the Appery.io database via the REST API key, access can be restricted by the ACL. The ACL is formatted as a JSON object where the keys are either object IDs or the special key “*” to indicate public access permissions. The values of the ACL are “permission objects”: JSON objects whose keys are the permission name and a value that is always true.

For example, if you want the user with ID 5278cafce4b01085e4b7945a to have read-and-write access to an object, as well as make the object publicly readable, the corresponding ACL is:

If you want to hide any record from a specific user, set the read property to false. Note that the * symbol has a priority, so you need to remove it from the ACL:

In the database editor, it looks like:

You can still read and modify ACLs via the REST API, just by accessing the ACL key of an object.

For instance, the following example updates the ACL data of one of the tasks. Log in to the database, as shown in signing in.

Set up the service as you would for an object update. You need to add the X-Appery-Session-Token (which you get upon login), and the ACL field with the type of object:

Remember that if the user doesn’t have permission to write the object, it cannot be updated. So you have to change the write property from the databas editor.

If you want to access your data and ignore all ACLs, you can use the X-Appery-Master-Key header instead of X-Appery-Session-Token provided in the database Settings tab:

For security, the master key should not be distributed to end users, but if you are running code in a trusted environment, feel free to use the master key for authentication.

Forgot Password

Read more about implementing the “Forgot Password” feature.

Import and export


You can create a new collection by importing data in CSV or JSON format. Go to the Collections tab, click “Import” and upload the data file. An example of a CSV file:

The above collection has two columns: _id and name. An optional data type is specified by “:” after the column name. If you don’t specify a data type, all the data will default to a string.

An example of a JSON file:

If you want to learn more about formats, create a sample collection with column types and data and then export it. Open the exported files and review the format.

You can’t update an existing collection by uploading a new CSV or JSON file. Instead, you can delete the current collection and create another one from the new file. If all the column names stay the same, there are no changes needed for REST services or mapping.


To export data, go to the Settings tab. You can export the entire database in JSON or CSV formats. Each collection will be exported into a separate file inside the zip file: