Skip to main content
EdgeSpark validates database access, enforces authentication, and isolates storage access before your handler sees the request.

SQL validation

Only runtime CRUD-style operations are allowed:
AllowedBlocked
SELECTCREATE TABLE
INSERTALTER TABLE
UPDATEDROP TABLE
DELETECREATE INDEX
REPLACEOther DDL
WITH (CTEs)
Schema changes do not happen through runtime SQL. Update server/src/defs/db_schema.ts, then use edgespark db generate and edgespark db migrate.

Authentication enforcement

Before your code runs, EdgeSpark evaluates the route prefix and the session state. Protected routes receive a valid auth.user or the request is rejected. See path-based auth for the route rules.

Storage isolation

Storage access is scoped to the current project and the buckets you declared in server/src/defs/storage_schema.ts. Projects cannot read each other’s files. For large uploads and downloads, use presigned URLs and review platform limits.

Batch queries

Use db.batch() for atomic multi-step operations:
server/src/index.ts
import { db } from "edgespark";
import { posts, tags } from "@defs";

await db.batch([
  db.insert(posts).values({ title: "Post 1", authorId: "user_1" }),
  db.insert(tags).values({ postId: 1, name: "news" }),
]);

See also

Path-based auth

How URL path conventions control authentication for every route.

Platform limits

Database, storage, and runtime limits that shape safe app behavior.
Last modified on April 7, 2026