InstantDB MCP Server

Working with data Instant on the Backend You can use Instant on the server as well! This can be especially useful for running scripts, custom auth flows, or sensitive application logic. Admin SDK We currently offer a javascript library @instantdb/admin for using Instant in a non-browser context. This library is similar to our client SDK with a few tweaks. init import { init, id } from '@instantdb/admin'; const db = init({ appId: INSTANT_APP_ID, adminToken: process.env.INSTANT_APP_ADMIN_TOKEN, }); Similar to @instantdb/react, you must init before doing any queries or writes. Running init authenticates you against our admin API. In addition to providing your appId, you must also provide your adminToken. Whereas exposing your appId in source control is fine, it's not safe to expose your admin token. Permission checks will not run for queries and writes from our admin API. Be sure to regenerate your token from your dashboard if it accidentally leaks. Reading and Writing Data query and transact let you read and write data as an admin. query const data = await db.query({ goals: {}, todos: {} }); const { goals, todos } = data; In react we export useQuery to enable "live queries", queries that will automatically update when data changes. In the admin SDK we instead export an async query function that simply fires a query once and returns a result. transact const res = await db.transact([db.tx.todos[id()].update({ title: 'Get fit' })]); console.log('New todo entry made for with tx-id', res['tx-id']); transact is an async function that behaves nearly identical to transact from @instantdb/react. It returns a tx-id on success. Schema init also accepts a schema argument: import { init, id } from '@instantdb/admin'; import schema from '../instant.schema.ts'; const db = init({ appId: process.env.INSTANT_APP_ID, adminToken: process.env.INSTANT_APP_ADMIN_TOKEN, schema, }); If you add a schema, db.query and db.transact will come with autocompletion and typesafety out of the box. The backend will also use your schema to generate missing attributes. To learn more about writing schemas, head on over to the Modeling your data section. Impersonating users When you use the admin SDK, you can make any query or transaction. As an admin, you bypass permissions. But, sometimes you want to make queries on behalf of your users, and would like to respect permissions. You can do this with the db.asUser function. // Scope by their email const scopedDb = db.asUser({ email: 'alyssa_p_hacker@instantdb.com' }); // Or with their auth token const token = db.auth.createToken('alyssa_p_hacker@instantdb.com'); const scopedDb = db.asUser({ token }); // Or use the db as a guest! const scopedDb = db.asUser({ guest: true }); // Queries and transactions will run with those permissions await scopedDb.query({ logs: {} }); Retrieve a user As an admin, you can retrieve an app user record by email, id, or refresh_token. You can do this with the db.auth.getUser function. const user = await db.auth.getUser({ email: 'alyssa_p_hacker@instantdb.com' }); const user = await db.auth.getUser({ id: userId, }); const user = await db.auth.getUser({ refresh_token: userRefreshToken, }); Delete a user You can also delete an app user record by email, id, or refresh_token. You can do this with the db.auth.deleteUser function. const deletedUser = await db.auth.deleteUser({ email: 'alyssa_p_hacker@instantdb.com', }); const deletedUser = await db.auth.deleteUser({ id: userId, }); const deletedUser = await db.auth.deleteUser({ refresh_token: userRefreshToken, }); Note that this only deletes the user record. It does not delete all user data. If you want to delete all of a user's data, you'll need to do it manually: const { goals, todos } = await db.query({ goals: { $: { where: { creator: userId } } }, todos: { $: { where: { creator: userId } } }, }); await db.transact([ ...goals.map((item) => db.tx.goals[item.id].delete()), ...todos.map((item) => tx.todos[item.id].delete()), ]); // Now we can delete the user await db.auth.deleteUser({ id: userId }); Sign Out The db.auth.signOut method allows you to log out a user by invalidating any tokens associated with their email. This can be useful when you want to forcibly log out a user from your application: try { await db.auth.signOut('alyssa_p_hacker@instantdb.com'); console.log('Successfully signed out'); } catch (err) { console.error('Sign out failed:', err.message); }