What's the best way to let mobile clients query remote server?

I am using couchbase mobile stack for iOS app. Some server side documents are never replicated to mobile clients, but mobile clients need to query the contents of these documents occasionally. What’s the best way to do that? My understanding is QueryBuilder and N1QL for mobile only allow query against database on mobile clients, sync gateway doesn’t allow query, directly exposing remote server to mobile clients doesn’t seem to be a good idea.

Whatever solution you suggest, could you provide some code sample?

Thanks a lot !

Couchbase Lite doesn’t an API to query documents from Couchbase Server directly. You could look at using the REST API to query. See N1QL REST API | Couchbase Docs for more detail.

Hi Pasin,

Thanks for your answer, I tried to query from iOS client directly to Couchbase Server through REST API but wasn’t successful, here’s the ios client side code:

    let queryString = "?statement=" + "SELECT%20propA%20FROM%20%60default%60%20WHERE%20doc_type=typeA"
    let endPoint = "http://[CBServerIP]:8093/query/service" + queryString

    Alamofire.request(endPoint, method: .get, encoding: JSONEncoding.default, headers: nil).authenticate(user: "adminUser", password: "adminPassword").responseJSON{ response in

Here’s the response I got:

errors =     (
        code = 13014;
        msg = "User does not have credentials to run SELECT queries on default:default. Add role bucket_full_access on default:default to allow the query to run.";
metrics =     {
    elapsedTime = "4.706453ms";
    errorCount = 1;
    executionTime = "4.594064ms";
    resultCount = 0;
    resultSize = 0;
    serviceLoad = 6;
requestID = "...604d581...";
results =     (
signature =     {
    channels = json;
status = fatal;


Then I add adminUser in security tab of couchbase server(community edition 7.0.1) web console, set password same as adminUser’s web console login password, and give full admin privilege to default bucket and saved the changes. (this is all I can do, I couldn’t find bucket_full_access anywhere). After this, the error above persists.

GET query with CURL command on terminal works.

I have two questions:

  1. Could you tell me how to properly give a user (admin and non-admin) bucket_full_access?

  2. I prefer put the statement, user and password in a parameter dictionary like following to avoid all these cumbersome %20s etc. , and make the code simpler:

[“statement”: “SELECT propertyA FROM default WHERE doc_type=typeA”,
“user”: “adminUser”,
“password”: “adminPassword”

but when I tried it with Alamofire(using Alamofire.request() similar to above, only adding parameter as another function parameter), the error message says I can’t put parameters in GET request. So how should I make GET request with parameters ?

if you could provide some code example, that would be great. Thanks a lot !

As you’re directly accessing the Query service endpoint, see:
for details of requests. You can use JSON rather than URL-encode your query & authentication information.

Thanks dh. Can you answer the first question as well? Namely:

how to properly give a user (admin and non-admin) bucket_full_access?

No matter I use URL encoding or JSON parameter, I keep getting the error mention above.


There are three fixed roles in the community edition of Couchbase providing coarser access control: Bucket Full Access (bucket_full_access[*]), Admin (admin), and Read Only Admin (ro_admin).

So this this Bucket->Application Access->[*] in the roles panel in the UI or from the command line:

# couchbase-cli user-manage --cluster localhost --username Administrator --password pwrd --set --rbac-username testuser --rbac-password password --roles 'bucket_full_access[*]' --auth-domain local
SUCCESS: User testuser set

And to confirm:

# couchbase-cli user-manage --cluster localhost --username Administrator --password pwrd --list
    "id": "testuser",
    "domain": "local",
    "roles": [
        "role": "bucket_full_access",
        "bucket_name": "*",
        "origins": [
            "type": "user"
    "groups": [],
    "external_groups": [],
    "uuid": "c2b54781-3309-4fe2-aab2-96b0e62eecc7",
    "password_change_date": "2022-12-05T08:58:48.000Z"

Have you confirmed access as your user using say just curl on the command line ?


curl -v http://host:8093/query/service -H 'Content-Type: application/json' -d '{"creds":[{"user":"Admin","pass":"pwrd"}], "statement":"SELECT prop FROM default WHERE doc_type = \"typeA\""}'