ichibaseichibase

How ichibase works

Every project is its own little backend: a database, end-user auth, file storage, realtime, and edge functions — all behind a single domain. This page maps the pieces so you know what you get and where each request goes.

What you get per project

When you create a project you get a complete backend, no servers to manage:

  • Database — Postgres or MongoDB, chosen when you create the project. (Paid plans can have both.)
  • Auth — sign up / sign in your end users, issue JWTs, OAuth providers, password reset and magic links.
  • Storage — upload and serve files, with public buckets served straight from a global CDN.
  • Realtime — push messages to your users over a WebSocket connection.
  • Edge Functions— deploy your own TypeScript that runs close to the data, behind your project's auth.

One project, one domain

A project is isolated infrastructure with a single base URL. Everything routes off that one host:

https://<project>.ichibase.net
├── /postgres/*    REST database API (Postgres projects)
├── /mongo/*       document database API (MongoDB projects)
├── /auth/*        sign up / sign in, tokens, OAuth, password reset
├── /functions/*   your deployed Edge Functions
└── /realtime      WebSocket endpoint for live messages

https://cdn.ichibase.net/<project>/<bucket>/<path>
                  files served from the CDN host

Here is what each path does:

  • /postgres/* — the REST database API for Postgres projects. Select, insert, update, delete, and call SQL functions over HTTP. Guarded by row-level security.
  • /mongo/* — the document API for MongoDB projects. The same kind of CRUD, plus restricted aggregation, guarded by JSON access rules.
  • /auth/* — the auth service. End users authenticate here and receive a JWT that every other endpoint understands.
  • /functions/*— your Edge Functions. Each deployed function gets its own route and runs with your project's credentials injected.
  • /realtime — the WebSocket endpoint. Clients connect and receive messages addressed to them; they never publish directly.
  • Storage CDN host — files are served from a single CDN host, cdn.ichibase.net/<project>/<bucket>/<path>, so reads come from the edge. The reserved public bucket needs no token; every other bucket requires a short-lived signed token per read.
Calls carry the same JWT regardless of database flavor. Auth is unified — a user's sub claim is the identity that database rules, realtime addressing, and storage tokens all key off of.

Postgres or MongoDB?

You pick one database flavor when you create a project. They expose different APIs and different security models, so choose by how you want to model and protect your data:

  • Postgres — relational tables, SQL, joins, and SQL functions you can call as RPCs. Security is enforced by row-level security (RLS) policies that run inside the database. Pick this for structured, related data and when you want SQL.
  • MongoDB — flexible JSON documents and collections. Mongo has no native row-level security, so ichibase puts a gateway in front of it that applies per-collection JSON access rules (with ${auth.uid} interpolation). Pick this for schema-light or document-shaped data.

On the free plan you choose exactly one. On paid plans a project can have both Postgres and MongoDB available at the same time, reachable through /postgres/* and /mongo/* respectively.

Tiers

The same set of capabilities runs on bigger or more machines as you move up. The difference between tiers is isolation, headroom, and a few features:

  • Free — your project runs on shared infrastructure alongside other free projects, isolated per project. One project per owner, one database flavor, with hard quotas: a combined database disk budget, an object-storage budget, a handful of concurrent database connections, a short statement timeout, a cap on concurrent realtime connections, and per-invocation limits on functions. Nightly backups with short retention. A free project may sleep after a period of inactivity. Good for prototypes and small apps.
  • Pro — a dedicated VPS owned by ichibase, sized to you. Both Postgres and MongoDB available, quotas relaxed to fit the box, larger object-storage budget, and nightly backups plus write-ahead-log archiving with longer retention. Priced as VPS cost plus margin.
  • Businessmultiple VPSs, horizontally scaled: a Postgres primary with read replicas, a MongoDB replica set, and the app tier replicated behind the router. The largest storage budgets, plus custom domain and SLA options.
Your project keeps the same <project>.ichibase.net subdomain when you upgrade. Moving up is a migration of the same components onto bigger or more machines — your URLs and code do not change.

The SDK is the easy path

You can call every endpoint above with plain HTTP, but the client SDK wraps all of it — database queries, auth, storage, realtime, and function calls — behind one typed object. Point it at your project URL and anon key and start building:

import { createClient } from '@ichibase/client';

const ichi = createClient(
  'https://<project>.ichibase.net',
  'ich_pub_...', // anon key
);

// One client, all capabilities:
const { data } = await ichi.from('posts').select('*');
const { user } = await ichi.auth.signInWithPassword({ email, password });

From here, see the /docs/quickstart to spin up your first project, the /docs/database guide for querying data, and /docs/auth for signing in your users.