Skip to main content

POST /api/data/:collectionName

Inserts a new document into the specified collection and returns the created document on success.

Required Header

x-api-key: sk_live_… by default. pk_live_… is accepted only when the collection has RLS enabled and the request includes a valid Authorization: Bearer <accessToken> header.

Path Parameters

collectionName
string
required
The name of the collection to insert into (e.g., posts, orders).

Request Body

Send a JSON object containing the document fields. The fields must conform to the collection’s schema if one is defined.
When using pk_live with RLS enabled, the owner field (e.g., userId) is automatically injected from the authenticated user’s JWT if you omit it. If you include the owner field but it doesn’t match the token’s user ID, the request is rejected with 403.

Response Fields

success
boolean
true when the document was created.
data
object
The newly created document, including its assigned _id and any auto-injected fields.
message
string
Human-readable status message.

Code Examples

// Use sk_live from your server — never expose it in frontend code
const res = await fetch('https://api.ub.bitbros.in/api/data/posts', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'x-api-key': 'sk_live_YOUR_SECRET_KEY'
  },
  body: JSON.stringify({
    title: 'Why BaaS is the future',
    body: 'Content goes here...',
    tags: ['tech', 'development'],
    meta: { views: 0, likes: 0 },
    userId: 'USER_ID'
  })
});

const { success, data } = await res.json();
// data is the created document

Success Response

{
  "success": true,
  "data": {
    "_id": "64fd1234abcd5678ef901234",
    "title": "My first post",
    "body": "Hello world",
    "userId": "64fd0000abcd5678ef900001",
    "createdAt": "2024-01-15T10:30:00.000Z"
  },
  "message": "Document created successfully"
}

Errors

StatusCause
400 Bad RequestSchema validation failed — missing required field or wrong type
401 UnauthorizedMissing/invalid API key, or missing Bearer token when using pk_live with RLS
403 Forbiddenpk_live without RLS enabled, or owner field in body doesn’t match the token’s user ID