The most common task when using PocketBase as framework probably would be querying and working with your collection records.

You could find detailed documentation about all the supported Record model methods in core.Record but below are some examples with the most common ones.

any (without cast) record.GetBool("someField") // -> cast to bool record.GetString("someField") // -> cast to string record.GetInt("someField") // -> cast to int record.GetFloat("someField") // -> cast to float64 record.GetDateTime("someField") // -> cast to types.DateTime record.GetStringSlice("someField") // -> cast to []string // retrieve the new uploaded files // (e.g. for inspecting and modifying the file(s) before save) record.GetUnsavedFiles("someFileField") // unmarshal a single "json" field value into the provided result record.UnmarshalJSONField("someJSONField", &result) // retrieve a single or multiple expanded data record.ExpandedOne("author") // -> nil|*core.Record record.ExpandedAll("categories") // -> []*core.Record // export all the public safe record fields as map[string]any // (note: "json" type field values are exported as types.JSONRaw bytes slice) record.PublicExport() `} />

Collection fields can be marked as "Hidden" from the Dashboard to prevent regular user access to the field values.

Record models provide an option to further control the fields serialization visibility in addition to the "Hidden" fields option using the record.Hide(fieldNames...) and record.Unhide(fieldNames...) methods.

Often the Hide/Unhide methods are used in combination with the OnRecordEnrich hook invoked on every record enriching (list, view, create, update, realtime change, etc.). For example:

For custom fields, not part of the record collection schema, it is required to call explicitly record.WithCustomData(true) to allow them in the public serialization.

All single record retrieval methods return nil and sql.ErrNoRows error if no record is found.

All multiple records retrieval methods return empty slice and nil error if no records are found.

In addition to the above query helpers, you can also create custom Record queries using RecordQuery(collection) method. It returns a SELECT DB builder that can be used with the same methods described in the Database guide.

To expand record relations programmatically you can use app.ExpandRecord(record, expands, optFetchFunc) for single or app.ExpandRecords(records, expands, optFetchFunc) for multiple records.

Once loaded, you can access the expanded relations via record.ExpandedOne(relName) or record.ExpandedAll(relName) .

For example:

0 { return fmt.Errorf("failed to expand: %v", errs) } // print the expanded records log.Println(record.ExpandedOne("author")) log.Println(record.ExpandedAll("categories")) `} />

To check whether a custom client request or user can access a single record, you can use the app.CanAccessRecord(record, requestInfo, rule) method.

Below is an example of creating a custom route to retrieve a single article and checking if the request satisfy the View API rule of the record collection:

PocketBase Web APIs are fully stateless (aka. there are no sessions in the traditional sense) and an auth record is considered authenticated if the submitted request contains a valid Authorization: TOKEN header (see also Builtin auth middlewares and Retrieving the current auth state from a route ) .

If you want to issue and verify manually a record JWT (auth, verification, password reset, etc.), you could do that using the record token type specific methods:

Each token type has its own secret and the token duration is managed via its type related collection auth option (the only exception is NewStaticAuthToken).

To validate a record token you can use the app.FindAuthRecordByToken method. The token related auth record is returned only if the token is not expired and its signature is valid.

Here is an example how to validate an auth token: