Skip to main content
Every real app needs a place to store data, a way to know who’s using it, and a secure way to call external APIs. In Vibecode, your project comes with a backend server, a database, and a full authentication system—all set up for you by the AI when you need it.

How the Database Works

Where your app’s data lives

How Auth Works

User accounts and login

APIs and Integrations

Using APIs securely through your backend

Viewing Your Data

Browse and edit your database

What’s a Backend?

When you use an app—say, a to-do list—your tasks need to be saved somewhere so they’re still there when you come back tomorrow. That “somewhere” is the backend. It’s a server that runs behind the scenes, storing your data, handling logins, and calling external APIs securely. In Vibecode, every project includes a backend server powered by Hono. You don’t need to configure it—it’s already wired up and ready to go. When you deploy your app, the backend deploys with it. Without a backend, your app can only store data on the user’s device (it disappears if they delete the app), can’t share data between users, and can’t safely call APIs without exposing secret keys. A backend solves all of this.

The Database (SQLite)

Your app uses SQLite as its database—a simple, fast, and reliable database that stores everything in a single file. It’s the same database engine used by most mobile apps in the world, including every iPhone and Android phone. Prisma is used as the ORM to interact with it. When auth is set up, your database automatically includes tables for users, sessions, accounts, and verification codes. Beyond that, the AI can add any tables your app needs—products, posts, messages, orders, whatever you describe.
You don’t need to know SQL or database design. Just tell the AI what data your app needs to store—like “I need to save user posts with a title and body”—and it’ll handle the rest.

Authentication (Better Auth)

Authentication is how your app knows who is using it. Vibecode uses Better Auth as the auth system for your project. By default, Vibecode sets up email one-time passwords (OTP) so users can sign in without passwords. On top of that, Better Auth supports 30+ auth providers, so you can also add Google, Apple, GitHub, Discord, Microsoft, and more.

Default sign-in flow

  1. User enters their email on the login screen
  2. A 6-digit code is sent to their inbox via Vibecode’s built-in email service
  3. User enters the code and they’re signed in
No passwords to remember, no OAuth setup, no third-party accounts required.
The OTP email is sent automatically through Vibecode’s built-in email service. You do not need to wire up a separate email provider just to get default email auth working.

Sessions and protected routes

Once signed in, a session keeps the user authenticated as they use your app. Your backend always knows who’s making each request, so you can show users only their data, prevent unauthorized access, and personalize the experience. Your app automatically has public routes (like the login page) and protected routes (like a dashboard). If someone isn’t logged in and tries to visit a protected screen, they’re redirected to login automatically.

Adding Google, Apple, and any other Better Auth provider

Email OTP is the default, but you are not limited to it. Google sign-in has a guided setup built into Vibecode. When you ask the AI to add Google auth, Vibecode walks you through creating OAuth credentials in the Google Cloud Console and provides the correct redirect URLs for your project. Apple sign-in is available now, but it is a more manual setup. In practice, the flow is:
  1. Follow the relevant provider tutorial in the Better Auth docs
  2. Create the provider credentials in Apple, GitHub, Discord, or whichever platform you want
  3. Add the required environment variables to your Vibecode project
  4. Ask the AI to wire the provider into your existing Better Auth setup
This same approach works for any Better Auth provider, not just Apple. If Better Auth supports it, Vibecode can usually add it to your app.
Social login providers like Google and Apple will not work inside the embedded Vibecode preview because it runs in an iframe. Test them on your deployed app or a direct preview URL instead.

APIs and Integrations

Your backend is also where external API calls happen. Things like AI text generation, image generation, weather data, and more should always be called from the backend—never directly from the frontend. This keeps your API keys safe and hidden from users. In Vibecode, all API integrations are proxied through Vibecode and paid for with your Vibecode credits at no additional markup. You don’t need to create separate accounts with OpenAI, ElevenLabs, or other providers—just use the integration and it’s billed directly to your Vibecode credits. Browse all available integrations and their pricing at vibecodeapp.com/integrations.
To add an integration, just tell the AI what you need, like “add AI chat using GPT” or “generate images with GPT Image.” It will wire up the API call through your backend automatically.

Getting Started

You usually do not need to set any of this up manually. Just tell the AI what you need:
  • “Add user accounts to my app” — Sets up auth with login screens
  • “I need to save data for each user” — Sets up the database with user-specific tables
  • “Add a backend with login and a database” — Sets up everything at once
  • “Add Google sign-in to my app” — Uses the guided Google setup flow
  • “Add Apple sign-in using Better Auth” — Uses Better Auth’s Apple setup pattern
  • “Add GitHub auth using Better Auth” — Works for other Better Auth providers too
The AI handles all the packages, configuration, database schema, login screens, and wiring.

Viewing and Managing Your Data

Once your app has a database, you can view and edit your data from the deployment dashboard. After deploying your app, go to the Database tab to browse tables, view records, and make edits. This is useful for debugging, customer support, and content management.
During development, you can also ask the AI to query the database for you. For example: “Show me all users who signed up today” or “Delete the test accounts I created.”

Common Questions

Do I need to set up the database myself? No. Just tell the AI what data you need and it handles everything. Can I use a different database? Vibecode uses SQLite by default. It’s fast and works great for most apps. SQLite handles far more than most people think—you likely won’t outgrow it. What happens to my database when I deploy? Your database deploys with your app. You can view and manage it from the Database tab in your deployment dashboard. My users are stuck on the login screen after entering the code—what’s wrong? This is usually a session configuration issue. Ask the AI to verify the auth configuration—especially the cookie settings and trusted origins. Can I use Apple, GitHub, Discord, or another provider besides Google? Yes. Better Auth supports 30+ providers, and Vibecode can follow Better Auth’s provider tutorials to add them. Google has the most guided in-product setup today, while other providers are usually added by following the Better Auth docs and supplying the right environment variables.

Next Steps

Vibecode Cloud

Quick overview of cloud features

Google Sign-In

Add Google login to your app

Deploy Your App

Go live with your backend