Backend as a Service Blog Ivan Stoyanov's Posts

We are happy to announce that we are openly giving developers the ability to code and run their own Business Logic. With Business Logic, you can run JavaScript code inside your Kinvey backend, giving you PaaS-like capabilities without having to code an entire backed.

A week ago Microsoft announced Azure Mobile Services, a service which “makes it incredibly easy to connect a scalable cloud backend to your client and mobile applications”. With the Azure team positioned firmly in the Backend as a Service space, we asked: what are they bringing to the table?

Our customers have conveyed that customization is critical when choosing between Kinvey and a DIY backend solution. Indeed, every app has specific business rules that are unique to its offering. For many apps these business rules can run on the client side, as part of the mobile or web app. In many others, however, this is not enough. For example, the rules in a multiplayer game must be executed on the server to prevent cheating. That is also the case when an app needs triggered messaging – some condition in the data to trigger a message – email, push notification or an sms text. Finally, executing the business rules on the server means less code written for multi platform apps and faster development iterations overall, as server-side code deploys instantly.

In April of this year, we launched our public beta, and over the last 3 months we’ve been amazed to see the innovative frenzy with which developers from all over the world have been building the next generation of mobile and tablet apps using Kinvey as their backend.

We’ve been working really hard these past weeks to add a final coat of polish to all our existing features, but we’ve also added a bunch more:

Node+Mongo on EC2 is a very popular software stack among web services developers. There are many user guides on how to design such a system with built-in redundancy so that even coordinated failures don’t bring down the service. The absolute minimum for a resilient service requires a MongoDB replica set behind a load-balanced node farm.

However, you are not ready for an EC2 outage until you have deliberately shutdown components in your system and verified the expected behavior. As you periodically do this, you might discover that there are gaps you did not account for. In this blog I want to share our experiences beyond the initial configuration and add some fine details on creating a Node+Mongo application that is both secure and resilient to common EC2 failures.

You know those times when you see an open-source project and you think – “wow, this will be so useful, I wanted to build this exact same thing one day!” If this was ever really really true, it was when I saw the ql.io announcement late last year.

At Kinvey, we are in the business of building Backend as a Service for mobile, tablet and web applications. We make it very easy for developers to setup and operate a backend for any application. While the core building block of a backend is its own data store, modern applications need to dynamically connect to a variety of external data sources – GeoPlaces data such as Google Places, product data such as Ebay’s Product API and social data like Twitter. We at Kinvey want to enable the developer to use those external data sources right from the Kinvey SDK and have the same intuitive experience when it comes to interfaces and querying that they get from their Kinvey data store.

I am very pleased to announce that, after a lot of customer discovery, user feedback, architectural improvements, UI/UX changes and platform hardening and testing, Kinvey is publicly available.

Kinvey is the first Backend as a Service platform that makes it ridiculously easy for developers to setup and operate a cloud backend for their mobile application.

Most mobile applications these days have some geographical aspect – they find restaurants near you, send you a notification when your friends are close by, or track your run or bike path.

The common underlying technology starts with having a special data attribute that can contain coordinates information. On top of that you need a library that can perform operations on those coordinates by comparing their longitudes and latitudes.

Kinvey recently rolled out a feature that makes it really easy to query your data based on geographic information.

All you need to do to your object is add a field with name _geoloc with a [lon,lat] value.

HTML5 apps created using a third party backend run into same-origin restrictions. Browsers have historically implemented these restrictions to increase security by disallowing connections to potentially malicious external websites. In the backend-as-a-service model, the app and the backend are hosted on two different domains. Even though the domains trust each other, the browser’s same-origin policy implementation is still triggered. 

One way developers get around the problem is by creating a simple proxy on the app hosting domain, which forwards requests to the backend domain. This is not a great solution as the app hosting then has to worry about a different request volume and pattern that may not be their specialty. It also makes debugging a production issues much harder. A better approach is to use JSONP, however, this makes the application code more clunky and confusing.

Luckily, WebKit-based browsers like Mobile Safari and the Android browser have support for W3C’s Cross-Origin Resource Sharing specification, making it possible for the app to cleanly make requests against third party domains without any additional logic necessary in the client app. What is important in this case, however, is for the backend server to properly handle CORS request headers and send the right responses.

Over the winter holidays we at Kinvey added CORS support to our API. Here are the main points to keep in mind.

Imagine you’re driving. You speak “New York Times Top Ten”:, and a Morgan Freeman-esch voice reads you today’s top news. Say “more” and the news story’s title and you can listen to the full text. Or, if you say: “Opentable – Legal Seafood – 7:30, two people” gets you a reservation. “Livescore, Real-Madrid vs. Barcelona” reads you a live score update. “Schwab – buy GLD” … okay, that may be a little too far.