Quickstarters
How to Build a Backend for Kotlin?

38min
Introduction
In this tutorial, you’ll learn how to build a complete backend for an Android application (written in Kotlin) using Back4App. 
We’ll walk through integrating essential Back4App features—including database management, Cloud Code Functions, REST and GraphQL APIs, user authentication, and real-time queries (Live Queries)—to create a secure, scalable, and robust backend that seamlessly communicates with your Android app.
You’ll also see how Back4App’s quick setup and intuitive environment can drastically reduce the time and effort compared to manually configuring servers and databases. 
Along the way, you’ll gain hands-on experience with key functionalities, including advanced security features, scheduling tasks with Cloud Jobs, and setting up webhooks for external integrations.
By the end of this tutorial, you’ll be well-prepared to enhance this foundational setup into a production-ready application, or easily incorporate custom logic and third-party APIs as needed.
Prerequisites
To complete this tutorial, you will need:
A Back4app account and a new Back4app project
 Getting Started with Back4app.
If you do not have an account, you can create one for free. Follow the guide above to get your project ready.
Basic Android/Kotlin development environment
 Ensure you have Android Studio installed on your machine. You can follow Android Studio’s official setup docs if you haven’t set it up yet.
A minimum of Android 4.0 or above in your app’s Gradle config
Typically, you’ll set this in your minSdkVersion in your module’s build.gradle.
Familiarity with Kotlin and basic Android concepts
 Android Developer Docs.
If you’re new to Android or Kotlin, review official docs or a beginner’s tutorial before starting.
Make sure you have all of these prerequisites in place before you begin. Having your Back4app project set up and your local Android environment ready will help you follow along more easily.
Step 1 – Setting Up Back4app Project
Create a New Project
The first step in building your Android backend on Back4app is creating a new project. If you have not already created one, follow these steps:
Log in to your Back4app account.
Click the “New App” button in your Back4app dashboard.
Give your app a name (e.g., “Android-Kotlin-Backend-Tutorial”).
﻿
Once the project is created, you will see it listed in your Back4app dashboard. This project will be the foundation for all backend configurations discussed in this tutorial.
Connect the Parse SDK
Back4App relies on the Parse Platform to manage your data, provide real-time features, handle user authentication, and more. Integrating your Android app with Back4App involves adding the Parse Android SDK dependencies to your Gradle files and initializing them with credentials from your Back4App dashboard.
Retrieve your Parse Keys:
In your Back4App dashboard, navigate to your app’s “App Settings” or “Security & Keys” section to find your Application ID and Client Key. You will also find the Parse Server URL (often in the format https://parseapi.back4app.com).
﻿
Add the Parse SDK to your build.gradle files:
In your root build.gradle (project-level):
Text
allprojects {
    repositories {
        maven { url "https://jitpack.io" }
    }
}
allprojects {
    repositories {
        maven { url "https://jitpack.io" }
    }
}
﻿
In your module-level build.gradle (usually app/build.gradle):
Text
dependencies {
    implementation "com.github.parse-community.Parse-SDK-Android:parse:latest.version.here"
}
dependencies {
    implementation "com.github.parse-community.Parse-SDK-Android:parse:latest.version.here"
}
﻿
Initialize Parse in your Android application:
Create a custom Application class (e.g., App.kt) if you don’t already have one:
Kotlin
package com.example.app

import android.app.Application
import com.parse.Parse
import com.parse.ParseInstallation

class App : Application() {
    override fun onCreate() {
        super.onCreate()

        // Initialize Parse
        Parse.initialize(
            Parse.Configuration.Builder(this)
                .applicationId("YOUR_APP_ID")  // from Back4App Dashboard
                .clientKey("YOUR_CLIENT_KEY")  // from Back4App Dashboard
                .server("https://parseapi.back4app.com/")
                .build()
        )

        // (Optional) Track statistics around app opens
        ParseInstallation.getCurrentInstallation().saveInBackground()
    }
}
package com.example.app

import android.app.Application
import com.parse.Parse
import com.parse.ParseInstallation

class App : Application() {
    override fun onCreate() {
        super.onCreate()

        // Initialize Parse
        Parse.initialize(
            Parse.Configuration.Builder(this)
                .applicationId("YOUR_APP_ID")  // from Back4App Dashboard
                .clientKey("YOUR_CLIENT_KEY")  // from Back4App Dashboard
                .server("https://parseapi.back4app.com/")
                .build()
        )

        // (Optional) Track statistics around app opens
        ParseInstallation.getCurrentInstallation().saveInBackground()
    }
}
﻿
Next, open your AndroidManifest.xml and register the custom Application class:
XML
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.example.app">

    <application
        android:name=".App"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        android:usesCleartextTraffic="true"
        ... >
        ...
    </application>

</manifest>
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.example.app">

    <application
        android:name=".App"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        android:usesCleartextTraffic="true"
        ... >
        ...
    </application>

</manifest>
﻿
By completing this step, you have established a secure connection between your Android (Kotlin) front end and the Back4App backend. All requests and data transactions are securely routed through this SDK, reducing the complexity of manual REST or GraphQL calls (although you can still use them when needed).
Step 2 – Setting Up the Database
Saving and Querying Data
With your Back4App project set up and the Parse SDK integrated into your Android app, you can now start saving and retrieving data. Below is an example using Kotlin to create and fetch data.
Kotlin
import com.parse.ParseObject
import com.parse.ParseQuery
import com.parse.SaveCallback
import com.parse.ParseException

// Example: Create a Todo item
fun createTodoItem(title: String, isCompleted: Boolean) {
    val todo = ParseObject("Todo")
    todo.put("title", title)
    todo.put("isCompleted", isCompleted)

    todo.saveInBackground { e: ParseException? ->
        if (e == null) {
            println("Todo saved successfully")
        } else {
            println("Error saving Todo: ${e.localizedMessage}")
        }
    }
}

// Example: Query all Todo items
fun fetchTodos() {
    val query = ParseQuery<ParseObject>("Todo")
    query.findInBackground { results, e ->
        if (e == null) {
            println("Fetched Todo items: ${results.size}")
        } else {
            println("Error fetching Todos: ${e.localizedMessage}")
        }
    }
}
import com.parse.ParseObject
import com.parse.ParseQuery
import com.parse.SaveCallback
import com.parse.ParseException

// Example: Create a Todo item
fun createTodoItem(title: String, isCompleted: Boolean) {
    val todo = ParseObject("Todo")
    todo.put("title", title)
    todo.put("isCompleted", isCompleted)

    todo.saveInBackground { e: ParseException? ->
        if (e == null) {
            println("Todo saved successfully")
        } else {
            println("Error saving Todo: ${e.localizedMessage}")
        }
    }
}

// Example: Query all Todo items
fun fetchTodos() {
    val query = ParseQuery<ParseObject>("Todo")
    query.findInBackground { results, e ->
        if (e == null) {
            println("Fetched Todo items: ${results.size}")
        } else {
            println("Error fetching Todos: ${e.localizedMessage}")
        }
    }
}
﻿
Alternatively, you can use Back4App’s REST API endpoints:
Bash
curl -X POST \
  -H "X-Parse-Application-Id: YOUR_APPLICATION_ID" \
  -H "X-Parse-REST-API-Key: YOUR_REST_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"title": "Buy groceries", "isCompleted": false}' \
  https://parseapi.back4app.com/classes/Todo
curl -X POST \
  -H "X-Parse-Application-Id: YOUR_APPLICATION_ID" \
  -H "X-Parse-REST-API-Key: YOUR_REST_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"title": "Buy groceries", "isCompleted": false}' \
  https://parseapi.back4app.com/classes/Todo
﻿
Back4app also provides a GraphQL interface:
GraphQL
mutation {
  createTodo(input: {
    fields: {
      title: "Clean the house"
      isCompleted: false
    }
  }) {
    todo {
      objectId
      title
      isCompleted
    }
  }
}
mutation {
  createTodo(input: {
    fields: {
      title: "Clean the house"
      isCompleted: false
    }
  }) {
    todo {
      objectId
      title
      isCompleted
    }
  }
}
﻿
These diverse options let you integrate data operations in the way that best suits your development process—whether that’s through the Parse SDK, REST, or GraphQL.
Schema Design and Data Types
By default, Parse allows schema creation on the fly, but you can also define your classes and data types in the Back4app dashboard for more control.
Navigate to the “Database” section in your Back4app dashboard.
Create a new class (e.g., “Todo”) and add relevant columns, such as title (String) and isCompleted (Boolean).
Create New Class
﻿
Back4app offers an AI Agent that can help you design your data model:
Open the AI Agent from your App Dashboard or on the menu.
Describe your data model in simple language (e.g., “Please create a new ToDo App at back4app with a complete class schema.”).
Let the AI Agent create the Schema for you.
﻿
Using the AI Agent can save you time when setting up your data architecture and ensure consistency across your application.
Relational Data
If you have relational data—say, a Category object that points to multiple Todo items—you can use Pointers or Relations in Parse. For example, adding a pointer to a Category:
Kotlin
// Linking a Todo to a Category with a pointer
fun createTaskForCategory(categoryObjectId: String, title: String) {
    val todo = ParseObject("Todo")
    val categoryPointer = ParseObject("Category")
    categoryPointer.objectId = categoryObjectId

    todo.put("title", title)
    todo.put("category", categoryPointer)

    todo.saveInBackground { e ->
        if (e == null) {
            println("Created Task with category relationship")
        } else {
            println("Error creating Task: ${e.localizedMessage}")
        }
    }
}
// Linking a Todo to a Category with a pointer
fun createTaskForCategory(categoryObjectId: String, title: String) {
    val todo = ParseObject("Todo")
    val categoryPointer = ParseObject("Category")
    categoryPointer.objectId = categoryObjectId

    todo.put("title", title)
    todo.put("category", categoryPointer)

    todo.saveInBackground { e ->
        if (e == null) {
            println("Created Task with category relationship")
        } else {
            println("Error creating Task: ${e.localizedMessage}")
        }
    }
}
﻿
When you query, you can also include pointer data:
Kotlin
val query = ParseQuery.getQuery<ParseObject>("Todo")
query.include("category")
query.findInBackground { todos, e ->
    if (e == null) {
        println("Fetched ${todos.size} todos with category data")
    }
}
val query = ParseQuery.getQuery<ParseObject>("Todo")
query.include("category")
query.findInBackground { todos, e ->
    if (e == null) {
        println("Fetched ${todos.size} todos with category data")
    }
}
﻿
This include("category") call fetches category details alongside each Todo, making your relational data seamlessly accessible.
Live Queries
For real-time updates, Back4app provides Live Queries. You can subscribe to changes in a specific class from your Android app:
Enable Live Queries in your Back4App dashboard under your app’s Server Settings.
Initialize a Live Query Subscription in your code:
Kotlin
import com.parse.ParseLiveQueryClient
import com.parse.ParseQuery
import com.parse.SubscriptionHandling
...

val parseLiveQueryClient = ParseLiveQueryClient.Factory.getClient()
val parseQuery = ParseQuery<ParseObject>("Todo")

val subscriptionHandling: SubscriptionHandling<ParseObject> =
    parseLiveQueryClient.subscribe(parseQuery)

subscriptionHandling.handleEvent(SubscriptionHandling.Event.CREATE) { queryTodo, todo ->
    println("New Todo created: ${todo.getString("title")}")
}
subscriptionHandling.handleEvent(SubscriptionHandling.Event.UPDATE) { queryTodo, todo ->
    println("Todo updated: ${todo.getString("title")}")
}
subscriptionHandling.handleEvent(SubscriptionHandling.Event.DELETE) { queryTodo, todo ->
    println("Todo deleted: ${todo.getString("title")}")
}
import com.parse.ParseLiveQueryClient
import com.parse.ParseQuery
import com.parse.SubscriptionHandling
...

val parseLiveQueryClient = ParseLiveQueryClient.Factory.getClient()
val parseQuery = ParseQuery<ParseObject>("Todo")

val subscriptionHandling: SubscriptionHandling<ParseObject> =
    parseLiveQueryClient.subscribe(parseQuery)

subscriptionHandling.handleEvent(SubscriptionHandling.Event.CREATE) { queryTodo, todo ->
    println("New Todo created: ${todo.getString("title")}")
}
subscriptionHandling.handleEvent(SubscriptionHandling.Event.UPDATE) { queryTodo, todo ->
    println("Todo updated: ${todo.getString("title")}")
}
subscriptionHandling.handleEvent(SubscriptionHandling.Event.DELETE) { queryTodo, todo ->
    println("Todo deleted: ${todo.getString("title")}")
}
﻿
Whenever a new Todo is created, updated, or deleted, the client gets a callback in real time—perfect for collaborative or dynamic apps.
Step 3 – Applying Security with ACLs and CLPs
Back4app Security Mechanism
Back4app takes security seriously by providing Access Control Lists (ACLs) and Class-Level Permissions (CLPs). These features let you restrict who can read or write data on a per-object or per-class basis, ensuring only authorized users can modify your data.
﻿
Access Control Lists (ACLs)
An ACL is applied to individual objects to determine which users, roles, or the public can perform read/write operations. For example:
Kotlin
fun createPrivateTodo(title: String, ownerUser: ParseObject) {
    val todo = ParseObject("Todo")
    todo.put("title", title)

    // Create an ACL granting read/write access only to the owner
    val acl = com.parse.ParseACL(ownerUser)
    acl.publicReadAccess = false
    acl.publicWriteAccess = false

    todo.acl = acl

    todo.saveInBackground { e ->
        if (e == null) {
            println("Saved private todo")
        } else {
            println("Error: ${e.localizedMessage}")
        }
    }
}
fun createPrivateTodo(title: String, ownerUser: ParseObject) {
    val todo = ParseObject("Todo")
    todo.put("title", title)

    // Create an ACL granting read/write access only to the owner
    val acl = com.parse.ParseACL(ownerUser)
    acl.publicReadAccess = false
    acl.publicWriteAccess = false

    todo.acl = acl

    todo.saveInBackground { e ->
        if (e == null) {
            println("Saved private todo")
        } else {
            println("Error: ${e.localizedMessage}")
        }
    }
}
﻿
Class-Level Permissions (CLPs)
CLPs govern an entire class’s default permissions, such as whether the class is publicly readable or writable.
Go to your Back4app Dashboard, select your app, and open the Database section.
Select a class (e.g., “Todo”).
Open the Class-Level Permissions tab.
Configure your defaults, such as “Requires Authentication” for read or write, or “No Access” for the public.
﻿
Step 4 – Writing Cloud Code Functions
Cloud Code lets you run custom Kotlin-like JavaScript code on Parse Server (uploaded as .js files), without needing to manage server infrastructure. This is ideal for business logic, validations, triggers, and external API calls.
How It Works
You typically place JavaScript functions, triggers, and any required npm modules in a main.js file. This file is deployed to your Back4App project and runs in the Parse Server environment.
Typical Use Cases
Business Logic
Data Validations
Triggers (like beforeSave, afterSave)
Security Enforcement
Integrations with third-party APIs
Deploy Your Function
Below is a simple Cloud Code function:
main.js
Parse.Cloud.define('calculateTextLength', async (request) => {
  const { text } = request.params;
  if (!text) {
    throw new Error('No text provided');
  }
  return { length: text.length };
});
Parse.Cloud.define('calculateTextLength', async (request) => {
  const { text } = request.params;
  if (!text) {
    throw new Error('No text provided');
  }
  return { length: text.length };
});
﻿
Deploying via the Back4App CLI:
Bash
# For Linux/Mac
curl https://raw.githubusercontent.com/back4app/parse-cli/back4app/installer.sh | sudo /bin/bash

# For Windows, download the .exe from the releases page
# For Linux/Mac
curl https://raw.githubusercontent.com/back4app/parse-cli/back4app/installer.sh | sudo /bin/bash

# For Windows, download the .exe from the releases page
﻿
Then configure and deploy:
Bash
b4a configure accountkey
b4a deploy
b4a configure accountkey
b4a deploy
﻿
Calling Your Function
From your Android (Kotlin) code via the Parse SDK:
Kotlin
import com.parse.ParseCloud
import com.parse.FunctionCallback
import com.parse.ParseException

fun callTextLengthFunction(someText: String) {
    val params = hashMapOf("text" to someText)
    ParseCloud.callFunctionInBackground<Map<String, Any>>("calculateTextLength", params) { result, e ->
        if (e == null) {
            val length = result["length"] as Int
            println("Text length: $length")
        } else {
            println("Error calling Cloud Code: ${e.localizedMessage}")
        }
    }
}
import com.parse.ParseCloud
import com.parse.FunctionCallback
import com.parse.ParseException

fun callTextLengthFunction(someText: String) {
    val params = hashMapOf("text" to someText)
    ParseCloud.callFunctionInBackground<Map<String, Any>>("calculateTextLength", params) { result, e ->
        if (e == null) {
            val length = result["length"] as Int
            println("Text length: $length")
        } else {
            println("Error calling Cloud Code: ${e.localizedMessage}")
        }
    }
}
﻿
You can also call it via REST or GraphQL in a similar manner.
Step 5 – Configuring Authentication
User Authentication in Back4App
Back4App leverages the Parse User class for authentication. Parse handles secure password hashing, session tokens, and more out of the box.
Setting Up User Authentication
In Kotlin, you can create a new user:
Kotlin
import com.parse.ParseUser
...
fun signUpUser(username: String, password: String, email: String) {
    val user = ParseUser()
    user.username = username
    user.setPassword(password)
    user.email = email

    user.signUpInBackground { e ->
        if (e == null) {
            println("User signed up successfully!")
        } else {
            println("Error signing up user: ${e.localizedMessage}")
        }
    }
}
import com.parse.ParseUser
...
fun signUpUser(username: String, password: String, email: String) {
    val user = ParseUser()
    user.username = username
    user.setPassword(password)
    user.email = email

    user.signUpInBackground { e ->
        if (e == null) {
            println("User signed up successfully!")
        } else {
            println("Error signing up user: ${e.localizedMessage}")
        }
    }
}
﻿
Log in an existing user:
Kotlin
fun logInUser(username: String, password: String) {
    ParseUser.logInInBackground(username, password) { user, e ->
        if (user != null && e == null) {
            println("User logged in: ${user.username}")
        } else {
            println("Error logging in: ${e?.localizedMessage}")
        }
    }
}
fun logInUser(username: String, password: String) {
    ParseUser.logInInBackground(username, password) { user, e ->
        if (user != null && e == null) {
            println("User logged in: ${user.username}")
        } else {
            println("Error logging in: ${e?.localizedMessage}")
        }
    }
}
﻿
Social logins such as Google, Facebook, and Apple can also be integrated. Check Social Login Docs for details.
Session Management
Parse automatically manages session tokens. You can access the current user:
Kotlin
val currentUser = ParseUser.getCurrentUser()
if (currentUser != null) {
    println("Currently logged-in user: ${currentUser.username}")
} else {
    println("No user is logged in")
}
val currentUser = ParseUser.getCurrentUser()
if (currentUser != null) {
    println("Currently logged-in user: ${currentUser.username}")
} else {
    println("No user is logged in")
}
﻿
And log out:
Kotlin
ParseUser.logOut()
ParseUser.logOut()
﻿
Step 6 – Handling File Storage
Uploading and Retrieving Files
Parse includes the ParseFile class for handling file uploads:
Kotlin
import com.parse.ParseFile
import com.parse.ParseException

fun uploadImage(file: java.io.File) {
    val bytes = file.readBytes()
    val parseFile = ParseFile(file.name, bytes)

    parseFile.saveInBackground { e: ParseException? ->
        if (e == null) {
            println("File saved: ${parseFile.url}")
        } else {
            println("Error uploading file: ${e.localizedMessage}")
        }
    }
}
import com.parse.ParseFile
import com.parse.ParseException

fun uploadImage(file: java.io.File) {
    val bytes = file.readBytes()
    val parseFile = ParseFile(file.name, bytes)

    parseFile.saveInBackground { e: ParseException? ->
        if (e == null) {
            println("File saved: ${parseFile.url}")
        } else {
            println("Error uploading file: ${e.localizedMessage}")
        }
    }
}
﻿
File Security
You can control who can upload or download files by adjusting ACLs and CLPs or by using file-specific settings in the parse-server configuration.
Step 7 – Email Verification and Password Reset
Enable email verification in your Back4App dashboard settings.
Configure your from address, email templates, or custom domain if desired.
Use ParseUser.requestPasswordResetInBackground(email, callback) to trigger a password reset flow in your app.
Step 8 – Scheduling Tasks with Cloud Jobs
Cloud Jobs let you automate routine tasks like cleaning data or sending periodic notifications.
JS
Parse.Cloud.job('cleanupOldTodos', async (request) => {
  const Todo = Parse.Object.extend('Todo')
  const query = new Parse.Query(Todo)
  // e.g., remove todos older than 30 days
  const cutoff = new Date(Date.now() - 30 * 24 * 60 * 60 * 1000)
  query.lessThan('createdAt', cutoff)

  const oldTodos = await query.find({ useMasterKey: true })
  await Parse.Object.destroyAll(oldTodos, { useMasterKey: true })
  return `Deleted ${oldTodos.length} old Todos.`
})
Parse.Cloud.job('cleanupOldTodos', async (request) => {
  const Todo = Parse.Object.extend('Todo')
  const query = new Parse.Query(Todo)
  // e.g., remove todos older than 30 days
  const cutoff = new Date(Date.now() - 30 * 24 * 60 * 60 * 1000)
  query.lessThan('createdAt', cutoff)

  const oldTodos = await query.find({ useMasterKey: true })
  await Parse.Object.destroyAll(oldTodos, { useMasterKey: true })
  return `Deleted ${oldTodos.length} old Todos.`
})
﻿
Schedule the job in your Back4App dashboard under Server Settings > Background Jobs.
Step 9 – Integrating Webhooks
Webhooks allow your Back4App app to send HTTP requests to an external service whenever certain events occur.
Add a Webhook in your Back4App Dashboard under More > Webhooks.
Configure triggers (e.g., after saving a new object).
Add a URL endpoint (like a Slack or Stripe webhook).
Adding a Webhook
﻿
Step 10 – Exploring the Back4App Admin Panel
The Back4App Admin App is a friendly web-based interface for non-technical users to manage data.
Enable it under App Dashboard > More > Admin App.
Create your first admin user.
Choose a subdomain to access the admin panel.
Log In to view, edit, or remove records from your database easily.
Enable Admin App
﻿
Conclusion
By following this comprehensive tutorial, you have:
Created a secure backend for an Android app on Back4App.
Configured a database with class schemas, data types, and relationships.
Integrated real-time queries (Live Queries) for immediate data updates.
Applied security measures using ACLs and CLPs to protect and manage data access.
Implemented Cloud Code functions to run custom business logic on the server side.
Set up user authentication with support for email verification and password resets.
Managed file uploads and retrieval, with optional file security controls.
Scheduled Cloud Jobs for automated background tasks.
Used Webhooks to integrate with external services.
Explored the Back4App Admin Panel for data management.
With a solid Android (Kotlin) front end and a robust Back4App backend, you are now well-equipped to develop feature-rich, scalable, and secure applications. Continue exploring more advanced functionalities, integrate your business logic, and harness the power of Back4App to save you countless hours in server and database administration. Happy coding!
Next Steps
Build a production-ready Android app by extending this backend to handle more complex data models, caching strategies, and performance optimizations.
Integrate advanced features such as specialized authentication flows, role-based access control, or external APIs (like payment gateways).
Check out Back4app’s official documentation for deeper dives into advanced security, performance tuning, and logs analysis.
Explore other tutorials on real-time chat applications, IoT dashboards, or location-based services. You can combine the techniques learned here with third-party APIs to create complex, real-world applications.
﻿
Updated 14 Jan 2025
Did this page help you?
How to Build a Backend for Swift?
How to Build a Backend for Android?