Skip to content

Database

Every project with Frontend Cloud enabled gets its own SQL (SQLite) database. You query it over HTTP by sending SQL statements to the /api/v1/query endpoint — there’s no connection string to manage.

While you build, the AI assistant can run these queries for you: ask it to create tables, insert records, or read data, and it executes SQL directly against this database. Your deployed app uses the same endpoint at runtime.

POST https://cloud.frontend.co/api/v1/query

Authenticate with your project API key and send a JSON body:

FieldTypeDescription
sqlstringThe SQL statement to execute
paramsarrayOptional values bound to ? placeholders in sql

The response has the shape:

{
"success": true,
"result": [
{
"results": [{ "id": 1, "name": "Alice Johnson" }],
"success": true,
"meta": { "rows_read": 1, "rows_written": 0, "duration": 0.3 }
}
]
}

result is an array with one entry per executed statement. Each entry’s results holds the returned rows, and meta carries row counts and timing from the database engine.

Terminal window
curl -X POST "https://cloud.frontend.co/api/v1/query" \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"sql": "CREATE TABLE contacts (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT, email TEXT, created_at TEXT DEFAULT CURRENT_TIMESTAMP)"
}'

Use ? placeholders and pass values in params to safely bind user input:

Terminal window
curl -X POST "https://cloud.frontend.co/api/v1/query" \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"sql": "INSERT INTO contacts (name, email) VALUES (?, ?)",
"params": ["Alice Johnson", "alice.johnson@example.com"]
}'
Terminal window
curl -X POST "https://cloud.frontend.co/api/v1/query" \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "sql": "SELECT * FROM contacts" }'
async function query(sql: string, params: unknown[] = []) {
const res = await fetch('https://cloud.frontend.co/api/v1/query', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'x-api-key': process.env.FRONTEND_API_KEY!,
},
body: JSON.stringify({ sql, params }),
});
const data = await res.json();
if (!data.success) throw new Error(data.error);
return data.result[0].results;
}
// Usage
const contacts = await query('SELECT * FROM contacts WHERE email = ?', [
'alice.johnson@example.com',
]);

Always pass user-supplied values through params rather than concatenating them into the sql string. Values are bound to the ? placeholders in order, which keeps queries safe from SQL injection.

Note: parameters can only be used with a single statement. If you send multiple SQL statements in one request, params must be empty.

StatusMeaning
401Missing or invalid API key
403Frontend Cloud is not enabled for the project
400Missing sql, or an invalid JSON body
500The query failed — see error in the response