Skip to main content

Launch a Realtime Backend: PostgreSQL, Instant GraphQL, Auth, and Storage in One Button

· 5 min read
FoundryDB Team
FoundryDB Team
Engineering @ FoundryDB

Building the backend for a new app is the same checklist every time. Provision a database. Put a GraphQL or REST layer in front of it. Stand up sign-in so users have accounts. Open a bucket for uploads. Then spend the rest of the day wiring those four pieces together with connection strings, access keys, and issuer URLs you paste between environment files. The product you actually wanted was always a day of plumbing away.

The Launch a realtime backend stack collapses that into one button. You get a complete backend on your own PostgreSQL: an instant real-time GraphQL API, end-user auth, and an object-storage bucket, wired together and EU-resident, in minutes, with no backend code to write.

realtime-backend stack · compose, wire & introspect
RUNNING Protected, EU-resident realtime backend
Stack Templaterealtime-backendlaunch ⇉PostgreSQLtables · :5432Hasurawired · auth · edgeFilesobject bucketintrospect →GraphQL APIqueries · mutations · subscriptions
TemplatePostgreSQLHasuraFiles bucketEnd-user authEdge domainGraphQL API (introspected)wiring (env injected)

What you launch

Pick Launch a realtime backend from the catalog and the platform stands up four things and connects them:

  • Your own PostgreSQL. A managed PostgreSQL 17 database that is the durable home for your application data. Real tables you can query, back up, scale, and connect other tools to, not a black box.
  • An instant GraphQL API, powered by Hasura. Hasura introspects your database and exposes every table as GraphQL: queries, mutations, and real-time subscriptions over a WebSocket. Create a table, track it, and the API is already there. No resolver to write.
  • End-user auth as a service. A managed OpenID Connect issuer signs your users in with hosted login pages and magic links, and writes every identity into your own PostgreSQL. Your client validates standard RS256 tokens; your GraphQL API enforces per-user access from their claims.
  • An object-storage bucket. A 10 GB Files bucket, attached to the API, for avatars, attachments, and exports.

Everything is fronted by a custom edge domain with an automatically issued certificate, so the GraphQL endpoint, the console, and live subscriptions are reachable over HTTPS the moment the stack is Running.

Wired, not just provisioned

The hard part of a backend is never the individual pieces. It is connecting them. This stack does that for you.

The Hasura app boots already knowing how to reach the database: the connection string is injected as HASURA_GRAPHQL_DATABASE_URL during the wiring phase, so by the time the stack is Running there is nothing to configure. The bucket's S3 credentials are injected the same way, so uploads work without you pasting an access key. Auth is enabled on the app, so the platform applies the identity schema to your database, brings up the OIDC issuer, and assigns a fixed issuer URL your client signs in against.

The result is that a real-time, authenticated API enforces per-user access at the database layer with permissions like this, and you never wrote an application server to do it:

{ "owner_id": { "_eq": "X-Hasura-User-Id" } }

Hasura reads the user id from the validated token and applies the filter inside PostgreSQL, so each user only ever sees their own rows.

Your data, your users, in Europe

Because end-user identities are written into your PostgreSQL (in a managed _mdb_auth schema), they live where your database lives. The control plane stores only configuration: the issuer URL, key references, and status. Put the database in Stockholm and your users are in Stockholm.

That is true of the whole stack. The database, the bucket, the Hasura app, and the auth issuer all run within the platform's European footprint. EU residency is where the platform runs, not a setting you remember to flip.

Trust, built into the launch

Like every stack, the realtime-backend launch carries the platform guarantees in the flow itself.

A hard cost preview before you launch. You see exactly what the stack costs, the database, the bucket, and the app, broken down per resource, before anything is provisioned. You accept a number, then the launch runs. No line item here is a budget ceiling.

Atomic rollback. A stack is several resources coming up together. If any step fails, the whole launch rolls back cleanly. You end up with the finished backend or with nothing, never with an orphaned database quietly costing you money.

Launch one

# 1. Preview the cost
curl -X POST https://api.foundrydb.com/stacks/preview \
  -H "Authorization: Bearer $FOUNDRYDB_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"template_name": "realtime-backend"}'

# 2. Accept the previewed total and launch
curl -X POST https://api.foundrydb.com/stacks \
  -H "Authorization: Bearer $FOUNDRYDB_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "my-backend", "template_name": "realtime-backend", "accepted_monthly_cost": 31.00}'

Poll the stack until it is Running, open the endpoint_url, create a table, and watch it become a real-time GraphQL API. Or do the whole thing from the Stacks catalog in the console with one click.

For the full walkthrough, including creating your first table, running a query, mutation, and subscription, tying a permission to your end users, and tearing the stack down atomically, read the Launch a Realtime Backend tutorial.

Stop wiring a backend together by hand. Launch the finished thing, on PostgreSQL you own, in Europe, today.