How to Build a Backend for MeteorJS?
In this tutorial, you’ll learn how to build a complete backend for a MeteorJS application using Back4App.
We’ll walk through integrating essential Back4App features—such as database management, Cloud Code Functions, REST and GraphQL APIs, user authentication, and real-time queries (Live Queries)—to create a secure, scalable, and robust backend that seamlessly communicates with your MeteorJS application.
You’ll also see how Back4App’s quick setup and intuitive environment can drastically reduce the time and effort compared to manually configuring servers and databases.
Along the way, you’ll gain hands-on experience with key functionalities, including advanced security features, scheduling tasks with Cloud Jobs, and setting up webhooks for external integrations.
By the end of this tutorial, you’ll be well-prepared to enhance this foundational setup into a production-ready application, or easily incorporate custom logic and third-party APIs as needed.
To complete this tutorial, you will need:
- A Back4App account and a new Back4App project Getting Started with Back4App. If you do not have an account, you can create one for free. Follow the guide above to get your project ready.
- Basic MeteorJS development environment Make sure you have Meteor installed. If you don’t, follow the Meteor installation guide.
- Node.js (version 14 or above) installed You will need Node.js for running local development servers. Installing Node.js
- Familiarity with JavaScript and basic MeteorJS concepts MeteorJS Official Documentation. If you’re new to Meteor, review the official docs or a beginner’s tutorial before starting.
Make sure you have all of these prerequisites in place before you begin. Having your Back4App project set up and your local MeteorJS environment ready will help you follow along more easily.
The first step in building your MeteorJS backend on Back4App is creating a new project. If you have not already created one, follow these steps:
- Log in to your Back4App account.
- Click the “New App” button in your Back4App dashboard.
- Give your app a name (e.g., “Meteor-Backend-Tutorial”).
Once the project is created, you will see it listed in your Back4App dashboard. This project will be the foundation for all backend configurations discussed in this tutorial.
Back4App relies on the Parse Platform to manage your data, provide real-time features, handle user authentication, and more. Connecting your MeteorJS application to Back4App involves installing the parse npm package and initializing it with the credentials from your Back4App dashboard.
Retrieve your Parse Keys: In your Back4App dashboard, navigate to your app’s “App Settings” or “Security & Keys” section to find your Application ID and JavaScript Key. You will also find the Parse Server URL (often in the format https://parseapi.back4app.com).
Install the Parse SDK in your MeteorJS project:
You can create a startup file or a configuration file (e.g., parseConfig.js) in a folder that Meteor loads early (such as imports/ or client/compatibility/). One option is to place this code in imports/startup/client/parseConfig.js or a similarly relevant path:
This file ensures that whenever you import Parse elsewhere in your Meteor app, it is pre-configured to connect to your specific Back4App instance.
By completing this step, you have established a secure connection between your MeteorJS front-end (and/or server) and the Back4App backend. All requests and data transactions are securely routed through this SDK, reducing the complexity of manual REST or GraphQL calls (although you can still use them when needed).
With your Back4App project set up and the Parse SDK integrated into your Meteor app, you can now start saving and retrieving data. The simplest way to create a record is to use the Parse.Object class:
Alternatively, you can use Back4App’s REST API endpoints:
Back4App also provides a GraphQL interface:
These diverse options let you integrate data operations in the way that best suits your development process—whether that's through the Parse SDK, REST, or GraphQL.
By default, Parse allows schema creation on the fly, but you can also define your classes and data types in the Back4App dashboard for more control.
- Navigate to the “Database” section in your Back4App dashboard.
- Create a new class (e.g., “Todo”) and add relevant columns, such as title (String) and isCompleted (Boolean).
Back4App also supports various data types: String, Number, Boolean, Object, Date, File, Pointer, Array, Relation, GeoPoint, and Polygon. You can choose the appropriate type for each field. If you prefer, you can also let Parse automatically create these columns when you first save an object from your Meteor app.
Back4App offers an AI Agent that can help you design your data model:
- Open the AI Agent from your App Dashboard or on the menu.
- Describe your data model in simple language (e.g., “Please, create a new ToDo App at back4app with a complete class schema.”).
- Let the AI Agent create the Schema for you.
Using the AI Agent can save you time when setting up your data architecture and ensure consistency across your application.
If you have relational data—say, a Category object that points to multiple Todo items—you can use Pointers or Relations in Parse. For example, adding a pointer to a Category:
When you query, you can also include pointer data:
This include('category') call fetches category details alongside each Todo, making your relational data seamlessly accessible.
For real-time updates, Back4App provides Live Queries. In your MeteorJS app, you can subscribe to changes in a specific class:
- Enable Live Queries in your Back4App dashboard under your app’s Server Settings. Make sure “Live Queries” is turned on.
- Initialize a Live Query Subscription in your code:
By subscribing, you receive real-time notifications whenever a new Todo is created, updated, or deleted. This feature is particularly valuable for collaborative or dynamic apps where multiple users need to see the latest data without refreshing the page.
Back4App takes security seriously by providing Access Control Lists (ACLs) and Class-Level Permissions (CLPs). These features let you restrict who can read or write data on a per-object or per-class basis, ensuring only authorized users can modify your data.
An ACL is applied to individual objects to determine which users, roles, or the public can perform read/write operations. For example:
When you save the object, it has an ACL that prevents anyone but the specified user from reading or modifying it.
CLPs govern an entire class’s default permissions, such as whether the class is publicly readable or writable, or if only certain roles can access it.
- Go to your Back4App Dashboard, select your app, and open the Database section.
- Select a class (e.g., “Todo”).
- Open the Class-Level Permissions tab.
- Configure your defaults, such as “Requires Authentication” for read or write, or “No Access” for the public.
These permissions set the baseline, while ACLs fine-tune permissions for individual objects. A robust security model typically combines both CLPs (broad restrictions) and ACLs (fine-grained per-object restrictions). For more information go to App Security Guidelines.
Cloud Code is a feature of the Parse Server environment that allows you to run custom JavaScript code on the server side—without needing to manage your servers or infrastructure. By writing Cloud Code, you can extend your Back4App backend with additional business logic, validations, triggers, and integrations that run securely and efficiently on the Parse Server.
When you write Cloud Code, you typically place your JavaScript functions, triggers, and any required NPM modules in a main.js (or app.js) file. This file is then deployed to your Back4App project, which is executed within the Parse Server environment. Since these functions and triggers run on the server, you can trust them to handle confidential logic, process sensitive data, or make backend-only API calls—processes you might not want to expose directly to the client.
All Cloud Code for your Back4App app runs inside the Parse Server that is managed by Back4App, so you don’t have to worry about server maintenance, scaling, or provisioning. Whenever you update and deploy your main.js file, the running Parse Server is updated with your latest code.
main.js File Structure A typical main.js might contain:
- Require statements for any needed modules (NPM packages, built-in Node modules, or other cloud code files).
- Cloud function definitions using Parse.Cloud.define().
- Triggers such as Parse.Cloud.beforeSave(), Parse.Cloud.afterSave(), etc.
- NPM modules you installed (if needed). For example, you might install a package like axios to make HTTP requests. You can then require (or import) it at the top of your file.
With the ability to install and use NPM modules, Cloud Code becomes incredibly flexible, allowing you to integrate with external APIs, perform data transformations, or execute complex server-side logic.
- Business Logic: For example, you may calculate a user’s score in a game by aggregating multiple object properties, and then store that data automatically.
- Data Validations: Ensure certain fields are present or that a user has correct permissions before saving or deleting a record.
- Triggers: Perform actions when data changes (e.g., send a notification when a user updates their profile).
- Integrations: Connect with third-party APIs or services. For example, you could integrate with payment gateways, Slack notifications, or email marketing platforms directly from Cloud Code.
- Security Enforcement: Add an extra layer of security by validating and sanitizing input parameters in your Cloud Code functions.
Below is a simple Cloud Code function that calculates the length of a text string sent from the client:
Deploying via the Back4App CLI:
1 - Install the CLI:
- For Linux/MacOS:
3 - Deploy your cloud code:
Deploying through the Dashboard:
- In your app’s dashboard, go to Cloud Code > Functions.
- Copy/paste the function into the main.js editor.
- Click Deploy.
From MeteorJS using the Parse SDK (for instance, in a client method or after a user action):
You can also call it via REST:
Or via GraphQL:
This flexibility enables you to integrate your custom logic into your MeteorJS app or any other client that supports REST or GraphQL.
Back4App leverages the Parse User class as the foundation for authentication. By default, Parse handles password hashing, session tokens, and secure storage. This means you don’t have to set up complex security flows manually.
In a MeteorJS application, you can create a new user with:
Via REST, a login might look like:
After a successful login, Parse creates a session token that is stored in the user object. In your MeteorJS app, you can access the currently logged-in user:
Parse automatically handles token-based sessions in the background, but you can also manually manage or revoke them. This is useful when you need to log out:
Back4App and Parse can integrate with popular OAuth providers, such as Google or Facebook, by installing additional packages or using existing adapters. For example, you can set up a Facebook login by configuring your Facebook App ID and using Parse.FacebookUtils.logIn(). Detailed instructions vary, so refer to the Social Login Docs.
To enable email verification and password reset:
- Navigate to the Email Settings in your Back4App dashboard.
- Enable email verification to ensure new users verify ownership of their email addresses.
- Configure the From address, email templates, and your custom domain if desired.
These features improve account security and user experience by validating user ownership of emails and providing a secure password-recovery method.
Parse includes the Parse.File class for handling file uploads, which Back4App stores securely:
Retrieving the file URL is straightforward:
You can display this imageUrl in your Meteor templates or front-end components by setting it as the src of an <img> tag.
Parse Server provides flexible configurations to manage file upload security. The following example shows how you can set permissions to control who can upload files to the server:
{ "fileUpload": { "enableForPublic": true, "enableForAnonymousUser": true, "enableForAuthenticatedUser": true } }
- enableForPublic: When set to true, allows anyone, regardless of authentication status, to upload files.
- enableForAnonymousUser: Controls whether anonymous users (not signed up) can upload files.
- enableForAuthenticatedUser: Specifies whether only authenticated users can upload files.
Cloud Jobs in Back4App let you schedule and run routine tasks on your backend—like cleaning up old data or sending a daily summary email. A typical Cloud Job might look like this:
- Deploy your Cloud Code with the new job (via CLI or the dashboard).
- Go to the Back4App Dashboard > App Settings > Server Settings > Background Jobs.
- Schedule the job to run daily or at whatever interval suits your needs.
Cloud Jobs enable you to automate background maintenance or other periodic processes—without requiring manual intervention.
Webhooks allow your Back4App app to send HTTP requests to an external service whenever certain events occur. This is powerful for integrating with third-party systems like payment gateways (e.g., Stripe), email marketing tools, or analytics platforms.
- Navigate to the Webhooks configuration in your Back4App dashboard > More > WebHooks and then click on Add Webhook.
- Configure triggers to specify which events in your Back4App classes or Cloud Code functions will fire the webhook.
For instance, if you want to notify a Slack channel whenever a new Todo is created:
- Create a Slack App that accepts incoming webhooks.
- Copy the Slack webhook URL.
- In your Back4App dashboard, set the endpoint to that Slack URL for the event “New record in the Todo class.”
- You can also add custom HTTP headers or payloads if needed.
You can also define Webhooks in Cloud Code by making custom HTTP requests in triggers like beforeSave, afterSave:
The Back4App Admin App is a web-based management interface designed for non-technical users to perform CRUD operations and handle routine data tasks without writing any code. It provides a model-centric, user-friendly interface that streamlines database administration, custom data management, and enterprise-level operations.
Enable it going to App Dashboard > More > Admin App and clicking on the “Enable Admin App” button.
Create a First Admin User (username/password), which automatically generates a new role (B4aAdminUser) and classes (B4aSetting, B4aMenuItem, and B4aCustomField) in your app’s schema.
Choose a Subdomain for accessing the admin interface and complete the setup.
Log In using the admin credentials you created to access your new Admin App dashboard.
Once enabled, the Back4App Admin App makes it easy to view, edit, or remove records from your database—without requiring direct use of the Parse Dashboard or backend code. With configurable access controls, you can safely share this interface with team members or clients who need a clear, point-and-click way to manage data.
By following this comprehensive tutorial, you have:
- Created a secure backend for a MeteorJS app on Back4App.
- Configured a database with class schemas, data types, and relationships.
- Integrated real-time queries (Live Queries) for immediate data updates.
- Applied security measures using ACLs and CLPs to protect and manage data access.
- Implemented Cloud Code functions to run custom business logic on the server side.
- Set up user authentication with support for email verification and password resets.
- Managed file uploads and retrieval, with optional file security controls.
- Scheduled Cloud Jobs for automated background tasks.
- Used Webhooks to integrate with external services.
- Explored the Back4App Admin Panel for data management.
With a solid MeteorJS platform and a robust Back4App backend, you are now well-equipped to develop feature-rich, scalable, and secure applications. Continue exploring more advanced functionalities, integrate your business logic, and harness the power of Back4App to save you countless hours in server and database administration. Happy coding!
- Build a production-ready MeteorJS app by extending this backend to handle more complex data models, caching strategies, and performance optimizations.
- Integrate advanced features such as specialized authentication flows, role-based access control, or external APIs (like payment gateways).
- Check out Back4App’s official documentation for deeper dives into advanced security, performance tuning, and logs analysis.
- Explore other tutorials on real-time chat applications, IoT dashboards, or location-based services. You can combine the techniques learned here with third-party APIs to create complex, real-world applications.
