As explained in the Security section, PocketStarter uses a hybrid SSR/CSR (CSR-dominant) setup, using mostly PocketBase API calls and hooks. However, authentication happens server-side and it also fully supports Next.js API routes for server-side operations.
You can use the following approaches to make API calls:
PocketBase API
For direct client-side API calls to PocketBase with full type safety:
import { pocketbase } from '@/lib/pocketbase'
import { Collections } from '@/types/pocketbase-types'
// Example: Update user profile
await pocketbase.collection(Collections.Users).update(user.id, {
name: 'John Doe'
})PocketBase Hooks
For server-side operations and webhooks, PocketBase has the amazing pb_hooks folder. PocketStarter uses the following hooks for some of the functionality:
- Contact Form: Router that processes contact form submissions
- Stripe: Router that handles payment processing and webhooks
- Brevo: Hooks that trigger when users are created or updated for email marketing integration
Next.js API Routes
If the PocketBase approach is not sufficient, you can create custom API routes.
- Create the route file in
src/app/api/your-endpoint/route.ts - If a user should be authenticated, use the
requireAuth()helper - Handle errors appropriately with proper HTTP status codes
import { requireAuth } from '@/lib/auth/server'
export async function GET() {
try {
const user = await requireAuth() // Use this if the user should be authenticated
// Your API logic here
return NextResponse.json({ data: 'Your response' })
} catch (error) {
return NextResponse.json(
{ error: 'Authentication required' },
{ status: 401 }
)
}
}You can also find an example in the src/app/api/example/route.ts file.