Learn — Backend & PostgreSQL Glossary

ACID transactions guarantee that a group of database operations is Atomic, Consistent, Isolated, and Durable — so related changes either all succeed or all fail together.

An API key is a secret token that identifies and authorizes a client when calling an API, controlling access and often rate limits and permissions.

A backend-as-a-service (BaaS) is a platform that provides ready-made backend building blocks — database, authentication, storage, and an API — so developers don't have to build and operate them from scratch.

Connection pooling reuses a set of open database connections across many requests, avoiding the cost of opening a new connection each time and protecting the database from overload.

CORS is a browser security mechanism that controls whether a web page on one origin may call an API on a different origin, using HTTP headers to grant access.

CRUD stands for Create, Read, Update, and Delete — the four basic operations for persistent data that most application APIs and database interactions are built around.

A database index is a data structure that speeds up reads by letting the database find rows without scanning the whole table, at the cost of extra storage and slower writes.

A database migration is a versioned, repeatable change to a database schema (such as adding a table or column) that lets teams evolve the schema safely over time.

Database replication copies data from a primary database to one or more replicas, improving availability, read scalability, and disaster recovery.

A database schema is the structure of a database — its tables, columns, types, relationships, and constraints — that defines how data is organized and validated.

A database view is a saved query that behaves like a virtual table, letting you encapsulate complex logic and expose a simplified, reusable interface to data.

A foreign key is a column (or set of columns) that references the primary key of another table, enforcing referential integrity between related rows.

Full-text search finds documents matching natural-language queries by indexing words and their variants, ranking results by relevance rather than exact matching.

GraphQL is a query language and runtime for APIs that lets clients request exactly the fields they need from a single endpoint, returning predictable, typed responses.

A JSON Web Token (JWT) is a compact, signed token that securely carries claims (like a user's identity) between a client and server, commonly used for stateless authentication.

Multi-tenancy is an architecture where a single application serves multiple isolated customers (tenants), keeping each tenant's data separate and secure.

OAuth is an open standard for delegated authorization that lets users grant an application limited access to their accounts (e.g. 'Sign in with Google') without sharing passwords.

Object storage is a system for storing files (images, documents, backups) as objects with metadata, typically accessed over an S3-compatible API and served via signed URLs.

An ORM (object-relational mapping) is a library that maps database tables to objects in your programming language, letting you query and persist data without writing raw SQL.

Pagination splits a large result set into smaller pages, returning a slice at a time so APIs and UIs stay fast and memory-efficient.

PostgREST is an approach (and tool) that turns a PostgreSQL database directly into a RESTful API, generating endpoints from your schema and enforcing access with database permissions.

A primary key is a column (or set of columns) that uniquely identifies each row in a table, enforced by the database to be unique and non-null.

Rate limiting restricts how many requests a client can make to an API in a given time window, protecting the backend from abuse, overload, and runaway costs.

A REST API is a web interface that exposes resources over HTTP using standard methods (GET, POST, PUT, DELETE) and JSON, making data easy to read, cache, and integrate.

Row-level security (RLS) is a PostgreSQL feature that restricts which rows a user can read or modify using policies enforced by the database on every query.

A serverless database scales compute automatically and can scale to zero when idle, billing for actual usage instead of a fixed always-on server.

A soft delete marks a row as deleted (e.g. with a deleted_at timestamp) instead of removing it, so data can be recovered, audited, or filtered out.

SQL injection is a security vulnerability where untrusted input is inserted into a SQL query, letting an attacker read or modify data they shouldn't.

A stored procedure (or function) is logic stored and executed inside the database, letting you run complex operations close to the data in a single call.

An upsert inserts a row, or updates it if a row with the same key already exists — a single operation that means 'insert or update'.

A UUID is a 128-bit identifier designed to be globally unique without a central authority, often used as a primary key in distributed systems.

A webhook is an HTTP callback that a service sends to a URL you provide when an event happens, letting systems react to changes in real time without polling.