You can think of Realtime Code Hosting Custom Functions as a function available to your client application that can be invoked remotely and is executed in a server with direct and secure database access. Custom functions are exposed to the client applications as a RESTful API, meaning you can use your preferred REST client to invoke your custom functions from your app.
A simple use case: imagine your app requires that you authenticate each user by validating their credentials against an item stored in the user database table. For security reasons you don’t want to give users read permissions over the user table.
With custom functions you could expose a login function that receives the user login and password (or even better, a one-way hash of the password) and returns the authentication result. Since the custom function runs server-side it has read access over the user table to check if the credentials sent match the credentials stored in the database. If they do, simply return the 200 status code signaling success, otherwise return a 401 or 403 status code and let the client application render the result to the user.
Your custom functions will be available for testing directly from the Realtime Console through an auto-generated Swagger interface, where you can input your parameters and invoke the function:
A cool bonus is that all your custom functions are exposed through https using our 2048 bits certificate, so your data is kept secure.
At this point you might be wondering in which programming language are triggers and custom functions coded. We'll talk about that in the next section.