A lap around Azure Mobile Apps Node SDK Preview

Microsoft Azure App Service recently released a slew of mobile announcements – PowerApps being the big one. Of lesser note, the Azure Mobile Apps Node SDK hit a milestone and entered preview. It’s been a while since I lapped around the SDK, so let’s take a look at some of the breaking changes.

The SQL Azure data provider is now called mssql

There was one provider in the alpha version of the SDK – the sql driver that used mssql to access a SQL Azure instance or an on-premise SQL Server instance. However, there are plans for more providers and support was needed for multiple providers. If you are specifying a SQL Azure connection string via the Azure Portal, then nothing changes. For local development, however, it’s fairly common to use an azureMobile.js file to specify the data connection. Something like this:

module.exports = {
    logging: {
        level: 'silly'
    data: {
        provider: 'mssql',
        server: 'localhost',
        database: 'sample',
        user: 'testuser',
        password: 'testpass'

Note the highlighted line. That used to be just ‘sql’ – now it’s ‘mssql’. Again, this is all to prepare for multiple providers, so it’s a good move in my book.

You should initialize the database before listening

The common server.js file would just import tables and then start listening. This caused a significant delay on first access along with potential failures because the database was not set up properly. To combat this, a Promise structure was introduced that allowed you to defer listening for connections until after the database was initialized. You use it like this:

// Import the files from the tables directory to configure the /tables API

// Initialize the database before listening for incoming requests
// The tables.initialize() method does the initialization asynchronously
// and returns a Promise.
  .then(function () {
    app.use(mobile);    // Register the Azure Mobile Apps middleware
    app.listen(process.env.PORT || 3000);   // Listen for requests

If a table has dynamic schema, then the initialize() call immediately resolves since the database is managed by the SDK. If you have set up static tables, then those tables are created prior to listening for connections, which means that your users get a timeout instead of a 500 server failure, which is probably a better experience.

You can seed tables with static data

There are cases when you want data to be “already there”. An example of this is in testing – you want to test the GET response and ensure specific records are there for you. Another example is if you want to have a read-only table for settings. To assist with this, you can add a seed property to the table definition. Something like this:

var table = require('azure-mobile-apps').table();
table.columns = {
	"text": "string",
	"complete": "boolean"
table.dynamicSchema = false;

// Seed data into the table
table.seed = [
	{ text: "Example 1", complete: true },
	{ text: "Example 2", complete: false }

module.exports = table;

The seed property is defined as an array of objects. Data seeding happens during the initialize() call, so you need to ensure you call initialize() if you want to seed data.

There is a new getIdentity() API

Azure App Service introduced a new app-specific authentication mechanism during the November 2015 update. The authentication gateway is now deprecated. Along with that change is a new getIdentity() call in the Node SDK that calls the authentication backend to retrieve the claims that you defined. You can use it like this in a table definition file:

table.access = 'authenticated';

table.read(function (context) {
    return context.user.getIdentity()
        .then(function (identity) {
            logger.info('table.read identity = ', identity);
            return context;
        .then(function (context) {
            return context.execute();
        .catch(function (error) {
            logger.error('Error in table.read: ', error);

The getIdentity() call returns a Promise. Once the promise is resolved, the identity is available in the resolution. You can then adjust the context (just like the personal-table sample) with any information in the claims that you registered. Note that I’m chaining the promises together – when getIdentity() resolves, I get an identity. I then adjust the context and return the adjusted context, which is used asynchronously to execute the query and return the result of that.

You can disable access to table operations

Ever wanted to have a read-only table? How about a logging table that you can add to, but you can’t update/delete? All of those are possible by adjusting permissions on the table.

// Read-only table - turn off write operations
table.insert.access = 'disabled';
table.update.access = 'disabled';
table.delete.access = 'disabled';

You can also make it so that reads can be unauthenticated, but writes require authentication. The values for the access parameter are ‘anonymous’, ‘authenticated’ and ‘disabled’. Pick the right one for all operations and another one for an individual operation, if you like.

There are lots of samples

The team is dedicated to providing lots of sample variations to show off specific situations. You can still check out the canonical todo sample – that has been documented to a point where there is more documentation than code. However, there are lots of additional samples now.


CORS is a difficult subject right now as Azure App Service has just rolled out a change that delegates the handling of CORS to App Service. This means that you only care about CORS in your code when you are running the server locally. In this case, set skipVersionCheck to true in your azureMobile.js, like this:

module.exports = {
  skipVersionCheck: true,
  cors: {
    origins: [ '*' ]

This will enable CORS for development purposes.

Need more information?

As yet another avenue for asking questions, you can log onto the Gitter channel and have a direct chat with the developers. That’s in addition to the Azure Forums, Stack Overflow and GitHub Issues. We aren’t starved of methods to discuss problems with the team!

Did I mention documentation? No? Well, here you are – the API documentation is published as well.