TinyCRUD

Instant JSON CRUD APIs, no account required.

TinyCRUD gives you a temporary API endpoint in seconds. Create an endpoint, pick a collection name from the URL, and start storing JSON documents for a frontend prototype, demo, tutorial, hackathon, or quick experiment.

TinyCRUD is intentionally lightweight. It is useful when setting up a database or backend would slow you down. It is not a production database and should not hold sensitive, regulated, or long-lived data.

What You Get

• Public endpoints where the URL is the bearer secret.
• Private endpoints protected by a bearer API key.
• Dynamic collections such as todos, users, products, or posts.
• JSON document CRUD with generated public _id values.
• Endpoint stats, expiration, storage limits, body-size limits, and IP rate limiting.
• A browser UI for creating endpoints, copying credentials, saving endpoint info, and trying example requests.
• A small admin surface for operators when TINYCRUD_ADMIN_TOKEN is configured.

Quick API Example

Create a public endpoint:

curl -X POST http://localhost:3000/api/endpoints \
  -H "Content-Type: application/json" \
  -d '{"visibility":"public"}'

Example response:

{
  "endpointId": "tc_ep_abc123",
  "visibility": "public",
  "baseUrl": "http://localhost:3000/api/tc_ep_abc123",
  "expiresAt": "2026-05-28T12:00:00.000Z",
  "limits": {
    "maxCollections": 100,
    "maxCollectionStorageBytes": 1048576,
    "maxDocumentBytes": 65536
  }
}

Create a document in any collection:

curl -X POST http://localhost:3000/api/tc_ep_abc123/todos \
  -H "Content-Type: application/json" \
  -d '{"title":"Ship the demo","done":false}'

List the collection:

curl http://localhost:3000/api/tc_ep_abc123/todos

For private endpoints, create the endpoint with {"visibility":"private"} and send the returned apiKey as a bearer token:

curl http://localhost:3000/api/tc_ep_private123/todos \
  -H "Authorization: Bearer tc_key_secret123"

More route examples live in docs/api.md.

Local Development

TinyCRUD is a Bun workspace:

• apps/backend: Bun + Hono API server.
• apps/frontend: React + Vike + Tailwind frontend.
• packages/shared: shared limits and product types.

Install dependencies:

bun install

Create local environment variables:

cp .env.example .env

Start Postgres and Valkey:

docker compose up -d postgres valkey

Run database migrations:

bun run db:migrate

Start the API and web app:

bun run dev

Open the frontend at http://localhost:5173. The Vike dev server proxies /api, /healthz, and /readyz to the backend at http://localhost:3000.

Useful Commands

bun run dev              # API and frontend
bun run dev:api          # API only
bun run dev:web          # frontend only
bun run db:generate      # generate Drizzle migrations
bun run db:migrate       # run migrations
bun run cleanup:expired  # delete expired endpoints
bun run check            # Biome check
bun run typecheck        # TypeScript
bun run test             # backend, frontend, and shared tests
bun run build            # frontend production build

Health and readiness checks:

curl http://localhost:3000/healthz
curl http://localhost:3000/readyz

Public runtime config:

curl http://localhost:3000/api/config

Configuration

Copy .env.example to .env for local development. The most important settings are:

• DATABASE_URL: Postgres connection string.
• TINYCRUD_BASE_URL: public site origin used by frontend metadata and generated API URLs.
• TINYCRUD_MAX_*: endpoint, document, collection, and total storage limits.
• TINYCRUD_EMPTY_ENDPOINT_TTL_DAYS and TINYCRUD_ACTIVE_ENDPOINT_TTL_DAYS: expiration windows.
• TINYCRUD_ADMIN_TOKEN: enables the admin API and admin UI when set.
• TINYCRUD_RATE_LIMIT_ENABLED and REDIS_URL: configure shared rate-limit counters through Valkey (a Redis fork).

Full configuration notes live in docs/configuration.md.

Production Docker Compose

The repository includes docker-compose.prod.yml for a simple self-hosted deployment:

TINYCRUD_BASE_URL=https://tinycrud.example \
POSTGRES_PASSWORD=change-me \
docker compose -f docker-compose.prod.yml up --build

Production Compose runs the frontend, backend, Postgres, and Valkey.

Security Model

TinyCRUD has no accounts by design.

• Anyone with a public endpoint URL can read and mutate that endpoint.
• Anyone with a private endpoint URL and API key can read and mutate that endpoint.
• Endpoint URLs and API keys are bearer credentials.
• Private API keys are only returned when the endpoint is created.
• Do not store sensitive, private, regulated, or production data in TinyCRUD.

Project Docs

• docs/api.md: API route reference and curl examples.
• docs/configuration.md: environment variables, limits, cleanup, and rate limiting.
• docs/architecture.md: product and architecture decisions.
• tests/bench/README.md: local benchmark notes.