Scaleup Infotech
Scaleup Infotech.
Back to Blog
Web Development11 min read

Next.js Server Actions: Mutations Without Writing API Routes

Scaleup Infotech

Scaleup Infotech

Software & Marketing Agency

Jun 15, 2026
Next.js Server Actions: Mutations Without Writing API Routes
Next.jsServer ActionsReactForms

For years, mutating data in Next.js meant writing an API route, calling it with fetch, managing loading state, and revalidating caches by hand. Server Actions collapse all of that into a single async function you can call directly from a form. Here is how to use them well in production.

Your First Server Action

A Server Action is an async function marked with "use server". Pass it straight to a form's action prop:

tsx
// app/actions.ts
"use server";
import { db } from "@/lib/db";
import { revalidatePath } from "next/cache";

export async function createPost(formData: FormData) {
  const title = formData.get("title") as string;
  await db.post.create({ data: { title } });
  revalidatePath("/posts"); // refresh the cached list
}
tsx
// app/posts/new/page.tsx
import { createPost } from "../../actions";

export default function NewPost() {
  return (
    <form action={createPost}>
      <input name="title" required />
      <button type="submit">Create</button>
    </form>
  );
}

Validate Before You Trust Input

A Server Action is a public endpoint — treat every input as hostile. Validate with Zod:

ts
import { z } from "zod";

const Schema = z.object({ title: z.string().min(3).max(120) });

export async function createPost(formData: FormData) {
  const parsed = Schema.safeParse({ title: formData.get("title") });
  if (!parsed.success) return { error: "Invalid title" };
  // ... safe to use parsed.data
}

Loading State with useFormStatus

tsx
"use client";
import { useFormStatus } from "react-dom";

export function SubmitButton() {
  const { pending } = useFormStatus();
  return <button disabled={pending}>{pending ? "Saving..." : "Save"}</button>;
}

Security Reminder

Server Actions run on the server but are callable by anyone. Always authenticate and authorize inside the action — never assume the UI restricted access.

When to Use Them

Use Server Actions for form submissions and mutations tied to your own UI. Keep traditional Route Handlers for public APIs consumed by mobile apps or third parties.

Server Actions remove an entire layer of boilerplate while keeping your data logic on the server. Combined with revalidatePath and Zod, they are the cleanest way to handle mutations in the App Router.

Share this article:

Keep Reading

React 19 is Here: use(), Actions, and the Hooks You Need to KnowWeb Development

React 19 is Here: use(), Actions, and the Hooks You Need to Know

React 19 ships Actions, the use() hook, useOptimistic, and the React Compiler. Here's what actually changes in how you write components.

10 min read
Tailwind CSS v4: What's New and How to MigrateWeb Development

Tailwind CSS v4: What's New and How to Migrate

A rewritten engine, CSS-first configuration, and native cascade layers. Everything that changed in Tailwind v4 and how to upgrade smoothly.

8 min read
Partial Prerendering in Next.js: Static Speed With Dynamic ContentWeb Development

Partial Prerendering in Next.js: Static Speed With Dynamic Content

PPR serves a static shell instantly and streams the dynamic holes. Understand how it works and how to opt parts of a page into it.

9 min read

Ready to implement these ideas?

Work With Scaleup Infotech