PocketBase
An entire backend in a single Go executable: PocketBase embeds SQLite with realtime subscriptions, authentication and user management, file storage, and an admin dashboard, all behind a REST-ish API. SQLite runs in WAL mode, which outperforms client-server databases for the read-heavy workloads typical of small and mid-sized apps. Authentication supports email/password, one-time passwords, and 15+ OAuth2 providers including Google, Apple, and GitHub, with stateless tokens. Clients subscribe to record changes over server-sent events, and official JavaScript and Dart SDKs cover web, mobile, and Flutter frontends. Collections, rules, and API access permissions are managed visually in the admin UI. When you need custom logic, extend it with JavaScript hooks running in the embedded JS VM of the prebuilt binary, or import PocketBase as a Go library and compile custom business logic into your own single-file backend. File storage attaches uploads to records with thumbnail generation for images and optional S3-compatible external storage. All state lives in one pb_data directory, so backup is a directory copy and upgrade is replacing a binary - one of the lowest-maintenance backends you can run. The contrast with Firebase is the point: where usage-based pricing scales with reads, writes, and bandwidth, PocketBase runs the entire backend at flat hosting cost, and the data is a plain SQLite file you can copy anywhere. MIT-licensed.
Hasura
A PostgreSQL database becomes a production-grade GraphQL API the moment Hasura GraphQL Engine points at it: track tables and relationships - existing schemas included - and full query, mutation, and subscription types appear with where, order_by, limit, offset, and on_conflict arguments, no resolvers or boilerplate written. Its Haskell core compiles GraphQL to efficient SQL, and any query becomes a real-time live query with a single keyword, powering dashboards and collaborative UIs over standard GraphQL subscriptions. Authorization is where Hasura earns its enterprise reputation: role-based access control with row- and column-level permission policies driven by session variables from JWTs, auth webhooks, or headers - each role effectively sees its own GraphQL schema containing only what it may touch, integrating cleanly with Auth0, Firebase, or homegrown auth. Event triggers fire webhooks on inserts, updates, and deletes for asynchronous business logic; Actions extend the schema with custom REST handlers; remote schema stitching merges external GraphQL services into one endpoint; and auto-generated REST endpoints serve clients that skip GraphQL. A browser console handles data modeling and API exploration, the CLI manages migrations and metadata as code, and deployment is a single stateless Docker container beside Postgres.