Prev Next

Database / CouchDB Interview Questions

How does CouchDB implement authentication — cookie auth, JWT, and proxy auth?

CouchDB supports four authentication mechanisms, configurable simultaneously. Each request is checked against the enabled handlers in order.

1. Basic Authentication — HTTP Basic Auth over HTTPS. Credentials are sent with every request. Simple to implement but requires HTTPS in production to avoid credential exposure.

curl -u admin:password http://localhost:5984/_session

2. Cookie (Session) Authentication — the most common for web apps. POST credentials to /_session to receive a session cookie, then use that cookie for subsequent requests. The cookie has a configurable timeout.

# Login and get a session cookie
curl -X POST http://localhost:5984/_session \
  -H "Content-Type: application/json" \
  -d '{"name":"alice","password":"s3cret"}'
# Set-Cookie: AuthSession=abc123...; Version=1; Secure; HttpOnly

# Use the session
curl -b "AuthSession=abc123..." http://localhost:5984/mydb/_all_docs

# Logout
curl -X DELETE http://localhost:5984/_session -b "AuthSession=abc123..."

3. JWT Authentication (CouchDB 3.3+) — validates a JSON Web Token in the Authorization: Bearer {token} header. The JWT must contain a sub claim (the username) and optionally _couchdb.roles. CouchDB verifies the signature using a configured HMAC secret or RSA public key — it does not issue JWTs, only validates them.

[jwt_auth]
required_claims = exp
[jwt_keys]
hmac:default = aGVsbG93b3JsZA==

4. Proxy Authentication — for reverse-proxy setups (nginx, HAProxy). The proxy authenticates the user externally and forwards the identity in headers (X-Auth-CouchDB-UserName, X-Auth-CouchDB-Roles, X-Auth-CouchDB-Token). CouchDB trusts the headers if the correct HMAC token is present.

Which CouchDB endpoint do you POST to in order to establish a session and receive a cookie?
In CouchDB JWT authentication, does CouchDB issue the JWT token to the client?

Invest now in Acorns!!! 🚀 Join Acorns and get your $5 bonus!

Invest now in Acorns!!! 🚀
Join Acorns and get your $5 bonus!

Earn passively and while sleeping

Acorns is a micro-investing app that automatically invests your "spare change" from daily purchases into diversified, expert-built portfolios of ETFs. It is designed for beginners, allowing you to start investing with as little as $5. The service automates saving and investing. Disclosure: I may receive a referral bonus.

Invest now!!! Get Free equity stock (US, UK only)!

Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.

The Robinhood app makes it easy to trade stocks, crypto and more.

Webull! Receive free stock by signing up using the link: Webull signup.

More Related questions...

What is Apache CouchDB and what makes it different from relational databases? What data model does CouchDB use and how is a document structured? What is the CouchDB HTTP REST API and how do you perform basic CRUD operations? What is MVCC (Multi-Version Concurrency Control) in CouchDB and how does it handle write conflicts? What is the _rev field in CouchDB and why is it required for updates and deletes? What is the CouchDB storage engine (B-tree) and how does its append-only write work? What is database compaction in CouchDB and when should you run it? What are CouchDB attachments and when would you use them? What is the difference between CouchDB and Couchbase? What are the CAP theorem trade-offs for CouchDB — is it CP or AP? What are CouchDB design documents and what do they contain? What are MapReduce views in CouchDB and how do you define a map function? How does the reduce function work in CouchDB views and what are the built-in reduce functions? What are view indexes in CouchDB and how are they built and updated, including stale options? What is the Mango query language in CouchDB and how does it differ from MapReduce views? How do you create and use a Mango index in CouchDB (json and text indexes)? What are the query operators available in the Mango selector syntax? What is the _all_docs endpoint in CouchDB and how does it differ from a custom view? How do you paginate results in CouchDB views using startkey, endkey, and skip/limit? What is a list function in CouchDB and when would you use it? How does CouchDB replication work and what is the replication protocol? What is the difference between one-shot and continuous replication in CouchDB? What is filtered replication in CouchDB and how do you implement it? What is CouchDB Cluster mode (CouchDB 2.x+) and how does it differ from single-node CouchDB 1.x? How does CouchDB cluster sharding work — what are the Q, n, r, and w parameters? What is the _node and _cluster_setup API used for in CouchDB clustering? How does CouchDB handle replication conflicts and what strategies exist to resolve them? What is the CouchDB winning revision algorithm for conflict resolution? What is PouchDB and how does it enable offline-first applications with CouchDB sync? What is Couchbase Sync Gateway and how does it relate to CouchDB's replication model? How does CouchDB implement authentication — cookie auth, JWT, and proxy auth? What is CouchDB's permission model — admin party, database admins, and database readers? How do you implement document-level security in CouchDB using validate_doc_update functions? What is a CouchDB _security object and how do you configure roles and members? How do you enable SSL/TLS in CouchDB and what configuration is required? How do you monitor CouchDB performance using the _stats and _active_tasks endpoints? What are the key CouchDB configuration parameters to tune for production (max_dbs_open, os_process_limit, etc.)? How does CouchDB handle large document sets — what are the performance trade-offs of large vs many small documents? What is the CouchDB _changes feed and how do you use it for real-time event streaming? What are CouchDB update handlers and how do they differ from direct PUT operations? What are CouchDB show functions and when were they deprecated? How do you back up and restore a CouchDB database? How does CouchDB compare to MongoDB for document storage use cases? What are common CouchDB anti-patterns and how do you avoid them? How do you migrate data between CouchDB versions or instances?
Show more question and Answers...

MuleESB

Comments & Discussions

Interviews Questions

About Javapedia.net

Javapedia.net is for Java and J2EE developers, technologist and college students who prepare of interview. Also this site includes many practical examples.

This site is developed using J2EE technologies by Steve Antony, a senior Developer/lead at one of the logistics based company.

contact: javatutorials2016[at]gmail[dot]com

Kindly consider donating for maintaining this website. Thanks.

Copyright © 2026, javapedia.net, all rights reserved. privacy policy.

DMCA.com Protection Status