Todo App Backend Template
GraphQL — Schema, API & AI Guide
A production-ready GraphQL Todo backend schema and Starter Kit on Back4app: ER diagram, data dictionary, JSON schema, API playground, code examples, and a one-click AI Agent prompt to deploy in minutes.
Key Takeaways
On this page you get a production-ready schema, a one-click AI prompt, and step-by-step GraphQL code — so you can ship a Todo app without building the backend.
- Deploy in minutes — paste the AI Agent prompt and get a running app with frontend, backend, and database.
- Secure by default — row-level ACLs ensure each user only sees their own todos.
- GraphQL-native SDK — typed objects, async/await, offline pinning, and Live Queries out of the box.
- REST + GraphQL — both APIs are auto-generated; no custom endpoints to write.
- Two classes — _User (built-in auth) and Todo (tasks with title, done, dueDate, priority, owner).
What Is the GraphQL Todo App Backend Template?
Back4app is a backend-as-a-service (BaaS) ideal for Todo apps: managed backend, auth, real-time, and SDKs for 13+ technologies. The GraphQL Todo App Backend Template is a pre-built, production-ready backend schema hosted on Back4app. It gives you two database classes (_User and Todo), ownership-based ACLs, REST and GraphQL APIs, and a one-click AI Agent prompt — so you can connect a GraphQL frontend and ship a working Todo app in minutes instead of days.
Best for:
Overview
A Todo app is one of the most common starting points for learning backend development. Under the hood it needs user registration, task CRUD, ownership-based access control, and optionally real-time sync.
The schema below defines two classes — _User (built-in) and Todo — connected by a Pointer. With the Back4app GraphQL SDK, you can interact with this backend from your app — querying, creating, updating, and deleting objects — without writing a custom API layer.
Why Build Your Todo GraphQL API with Back4app?
Back4app provides a GraphQL endpoint alongside REST so you can query and mutate with a single endpoint.
- •Single endpoint: POST to the GraphQL endpoint with queries and mutations; request only the fields you need.
- •Typed schema: The Todo and User types are generated from your Back4app schema; use them in your client for type-safe requests.
- •Auth in context: Send the session token in headers; the resolver enforces ownership so responses only include the current user's todos.
Ideal for teams already using GraphQL clients (Apollo, urql) or code generation.
Core Benefits
A production-ready Todo backend so you can ship faster and focus on your app.
Ship Faster, No Backend Code
REST & GraphQL APIs and a ready-to-use schema — connect your app and go.
Secure by Default
ACLs and class-level permissions so users only access their own data.
Real-Time Updates
Live Queries over WebSockets for instant UI updates.
Built-In Auth
User sign-up, login, and session handling out of the box — no custom auth layer.
Works Offline
Local pinning keeps data available offline and syncs when you reconnect.
Deploy in Minutes
Use the AI Agent to create and deploy your Todo app from this template.
Ready to try it?
Let the Back4app AI Agent create your Todo app backend, connect the GraphQL frontend, and deploy — all from a single prompt.
Free to start — 50 AI Agent prompts/month, no credit card required
Technical Stack
Everything powering this Todo app template at a glance.
ER Diagram
Entity-Relationship diagram for the GraphQL Todo app data model.
The _User class contains objectId, username, email, password, createdAt, and updatedAt. The Todo class contains objectId, title, done, dueDate, priority, and an owner Pointer to _User, plus createdAt and updatedAt. Each _User owns zero or many Todo items.
View diagram source
erDiagram
_User {
String objectId PK
String username
String email
String password
Date createdAt
Date updatedAt
}
Todo {
String objectId PK
String title
Boolean done
Date dueDate
Number priority
Pointer owner FK
Date createdAt
Date updatedAt
}
_User ||--o{ Todo : "owns"
Integration Flow
Auth-to-CRUD sequence: how your GraphQL app talks to Back4app — login, then query and create todos.
View diagram source
sequenceDiagram
participant User
participant Client as GraphQL Client
participant Back4app as Back4app Cloud
User->>Client: Login
Client->>Back4app: mutation { logIn(username, password) }
Back4app-->>Client: Session token
Client-->>User: Logged in
User->>Client: Load todos
Client->>Back4app: query { todos { edges { node { objectId title done } } } }
Back4app-->>Client: Todo list
Client-->>User: Show list
User->>Client: Create todo
Client->>Back4app: mutation { createTodo(input: { ... }) }
Back4app-->>Client: Todo (objectId)
Client-->>User: Updated listData Dictionary
Complete field reference for every class in the schema.
| Field | Type | Description | Required |
|---|---|---|---|
| objectId | String | Auto-generated unique identifier | auto |
| title | String | Short description of the task | |
| done | Boolean | Whether the task is completed | — |
| dueDate | Date | Optional deadline for the task | — |
| priority | Number | Priority level (1 = high, 3 = low) | — |
| owner | Pointer<_User> | User who owns this task | — |
| createdAt | Date | Auto-generated creation timestamp | auto |
| updatedAt | Date | Auto-generated last-update timestamp | auto |
8 fields in Todo
Security & Permissions
How ownership, ACLs, and class-level permissions protect data in this schema.
Row-Level ACLs
Each Todo gets an ACL tied to its owner. Only the creator can read, update, or delete their own tasks.
Class-Level Permissions
CLPs restrict which roles or users can create, read, update, or delete objects at the class level — your first line of defense.
Pointer-Based Ownership
The owner Pointer links each Todo to its _User. Cloud Code triggers can auto-set ownership and enforce ACLs on save.
Schema (JSON)
Raw JSON schema definition — copy and use in your Back4app app or import via the API.
{
"classes": [
{
"className": "Todo",
"fields": {
"objectId": {
"type": "String",
"required": false
},
"title": {
"type": "String",
"required": true
},
"done": {
"type": "Boolean",
"required": false,
"defaultValue": false
},
"dueDate": {
"type": "Date",
"required": false
},
"priority": {
"type": "Number",
"required": false,
"defaultValue": 3
},
"owner": {
"type": "Pointer",
"targetClass": "_User",
"required": false
},
"createdAt": {
"type": "Date",
"required": false
},
"updatedAt": {
"type": "Date",
"required": false
}
}
},
{
"className": "_User",
"fields": {
"objectId": {
"type": "String",
"required": false
},
"username": {
"type": "String",
"required": true
},
"email": {
"type": "String",
"required": true
},
"password": {
"type": "String",
"required": true
},
"createdAt": {
"type": "Date",
"required": false
},
"updatedAt": {
"type": "Date",
"required": false
}
}
}
]
}Build with AI Agent
Use the Back4App AI Agent to build a real Todo app from this template: it will create the frontend, the backend (this schema, auth, and APIs), and deploy it — no manual setup. The prompt below describes this Todo stack so the Agent can generate a production-ready app in one go.
Create a Todo app on Back4app with this exact schema and behavior. Schema: 1. _User (use Back4app built-in): username (String, required), email (String, required), password (String, required); objectId, createdAt, updatedAt (system). 2. Todo: title (String, required), done (Boolean, default: false), dueDate (Date, optional), priority (Number, default: 3; 1=high, 2=medium, 3=low), owner (Pointer to _User; set to current user on create); objectId, createdAt, updatedAt (system). Security: - Set ACLs on every Todo so only the owner has read and write. No public read/write. - On create, set Todo.owner to the current user (e.g. via Cloud Code beforeSave or client-side). - Use Class-Level Permissions so only authenticated users can create/read/update/delete Todo. Auth: - Sign-up (username, email, password) and login; support logout/session. - After login, the app should only show and allow CRUD for the current user's todos. Behavior: - Full CRUD for Todo: create, list (only owner's), get one, update (toggle done, edit title, dueDate, priority), delete. - List todos with sort (e.g. by priority then dueDate or createdAt). Default priority for new todos: 3 (low). Deliver: - Create the Back4app app with the schema above, ACLs, and any Cloud Code needed (e.g. beforeSave on Todo to set owner). - Generate the frontend and connect it to this backend; deploy so the app is runnable end-to-end.
Press the button below to open the Agent with this template's prompt pre-filled.
API Playground
Try the REST and GraphQL endpoints for the Todo schema. Responses from the example data above — no Back4app account needed.
Uses the same Todo schema as this template.
Step-by-Step GraphQL Integration
Connect to your Back4app backend from a GraphQL app using the Back4app GraphQL SDK.
usage.graphql.step1Title
usage.graphql.step1Desc
GraphQLquery GetTodos { todos { edges { node { objectId title done dueDate priority createdAt } } } }usage.graphql.step2Title
usage.graphql.step2Desc
GraphQLmutation CreateTodo($title: String!, $done: Boolean, $priority: Int) { createTodo(input: { fields: { title: $title done: $done priority: $priority } }) { todo { objectId title done createdAt } } }usage.graphql.step3Title
usage.graphql.step3Desc
GraphQLmutation UpdateTodo($objectId: ID!, $done: Boolean) { updateTodo(input: { objectId: $objectId fields: { done: $done } }) { todo { objectId done } } } mutation DeleteTodo($objectId: ID!) { deleteTodo(input: { objectId: $objectId }) { success } }
Frequently Asked Questions
Common questions about the Todo app backend template.
Ready to Build Your Todo App?
Start your GraphQL project in minutes. No credit card required.