Next.js Server Actions: A Complete Guide

By LearnWebCraft Team15 min readIntermediate
Next.jsServer ActionsReactServer ComponentsFormsData Mutation

Let's be real for a second. If you've built any kind of web app in the last few years, you know the dance. The form-handling shuffle. You set up your component state, you write an onChange handler for every single input, you have a useState for loading, another for errors, and maybe another for the success message.

Then you write that onSubmit function that bundles it all up, makes a fetch request to an API endpoint—an endpoint you probably had to create in a separate api/ folder—and then you have to handle the response, updating all those state variables accordingly. It works, of course. But it's... a lot. A lot of boilerplate, a lot of context switching between your client code and your server code.

I've been there more times than I can count. And if I'm being honest, it always felt a bit clunky.

And then Next.js Server Actions came along. When I first saw them, I had one of those rare "Wait, it can be this easy?" moments. The idea that a function I defined on the server could be called directly from a form on the client, with no API routes in between, felt like actual magic. It still kind of does.

This guide is pretty much everything I've learned about them since that moment. We're going to pull back the curtain on that magic, piece by piece. We'll start with the absolute basics and work our way up to the tricky stuff like optimistic UI and file uploads. By the end, you won't just understand Server Actions; you'll probably wonder how you ever lived without them.

So, What's the Big Deal with Server Actions?

When you boil it all down, Next.js Server Actions are asynchronous functions that you write once, declare with 'use server', and then... well, you just use them. They run on the server, but you can call them from either Server Components or, even more impressively, from Client Components.

Think about that for a second. You can have a button in your 'use client' component that, when clicked, directly invokes a secure function running on your server. No manual API endpoint creation, no fetch calls, no axios instances to configure.

And look, this isn't just about saving a few lines of code. It fundamentally simplifies the way we think about client-server communication. Here’s why this feels like such a game-changer to me:

  • Zero API Boilerplate: This is the big one. You don't need to create a file in pages/api or app/api just to handle a single form submission. The action is the API.
  • Progressive Enhancement by Default: Forms that use Server Actions work even if JavaScript is disabled on the client. Next.js handles it for you automatically. It's a huge win for accessibility and resilience that you basically get for free.
  • Integrated Data Revalidation: Ever submitted a form and then had to manually refetch data to update the UI? Server Actions have built-in helpers like revalidatePath that make this trivial. You post a new comment, revalidate the page, and the new comment appears. It's as simple as that.
  • Simplified State Management: With new hooks like useFormState and useFormStatus, you can handle pending states, errors, and validation messages with so much less client-side state management.

It's a bit of a paradigm shift, really. It moves the mutation logic right next to the data it's mutating—back on the server where it belongs.

Our First Server Action: The Classic Form

Alright, enough talk. Let's start coding. The best way to really get this is to see it in action. We'll build a dead-simple "Create User" form.

First, let's create a new file, maybe app/actions.js. This is where our server-side logic is going to live.

// app/actions.js
'use server';

import { db } from './lib/db'; // A placeholder for your database client

export async function createUser(formData) {
  // We can read the form data directly
  const name = formData.get('name');
  const email = formData.get('email');

  console.log('Creating user:', { name, email });

  // Here you would do your database magic
  // const user = await db.user.create({ data: { name, email } });

  // For now, we'll just log it.
  // We'll add revalidation and redirects later.
}

Okay, let's pause for a second and look at what we just did.

The 'use server'; directive at the very top is crucial. This is the magic string that tells Next.js, "Hey, this function and everything else in this file should only ever run on the server." You can put it at the top of a file to apply it to all exports, or inside a specific function. Personally, I prefer the file-level approach for clarity.

Notice that the function receives formData, which is a standard FormData object. You can easily pull values out of it using formData.get('input-name').

Now, let's actually use this action in our page.

// app/page.jsx
import { createUser } from './actions';

export default function HomePage() {
  return (
    <main>
      <h1>Create a New User</h1>
      <form action={createUser}>
        <input type="text" name="name" placeholder="Your Name" required />
        <input type="email" name="email" placeholder="Your Email" required />
        <button type="submit">Sign Up</button>
      </form>
    </main>
  );
}

And would you look at that <form> tag? No onSubmit handler, no e.preventDefault(). Just a simple action={createUser}. We're passing the server function we wrote directly to the form's action prop.

When you hit that "Sign Up" button, the Next.js compiler does all the heavy lifting. It creates an RPC (Remote Procedure Call) endpoint behind the scenes, securely sends the form data over to the server, executes our createUser function, and handles the whole round trip.

And just like that, you've performed a server mutation without writing a single line of API code. Take a moment to appreciate that. It's beautiful.

Handling State: Feedback is Everything

Our form works, but let's be honest, it gives the user zero feedback. Did it succeed? Did it fail? Is it even doing anything? We need to fix that. This is where the useFormState hook comes in, and it's brilliant.

It's a React hook, which means we'll need to use it in a Client Component. Let's make a dedicated UserForm component.

First, though, we need to update our createUser action to actually return some state.

// app/actions.js
'use server';

import { z } from 'zod'; // Let's use Zod for real validation

const UserSchema = z.object({
  name: z.string().min(2, { message: 'Name must be at least 2 characters.' }),
  email: z.string().email({ message: 'Please enter a valid email.' }),
});

export async function createUser(prevState, formData) {
  // 1. Validate the form data
  const validatedFields = UserSchema.safeParse({
    name: formData.get('name'),
    email: formData.get('email'),
  });

  // 2. If validation fails, return the errors
  if (!validatedFields.success) {
    return {
      errors: validatedFields.error.flatten().fieldErrors,
      message: 'Validation failed. Please check your input.',
    };
  }

  // 3. If validation succeeds, do the database stuff
  try {
    console.log('Creating user with:', validatedFields.data);
    // await db.user.create({ data: validatedFields.data });
    return { message: 'User created successfully!', errors: {} };
  } catch (error) {
    return { message: 'Database error: Failed to create user.', errors: {} };
  }
}

The first thing you'll probably notice is that the function signature changed to async function createUser(prevState, formData). The useFormState hook requires the action to accept the previous state as its first argument. We're also now returning a structured object with a message and any validation errors.

Now let's use this in our new form component.

// app/user-form.jsx
'use client';

import { useFormState } from 'react-dom';
import { createUser } from './actions';

const initialState = {
  message: null,
  errors: {},
};

export function UserForm() {
  const [state, formAction] = useFormState(createUser, initialState);

  return (
    <form action={formAction}>
      <input type="text" name="name" placeholder="Your Name" required />
      {state.errors?.name && (
        <p style={{ color: 'red' }}>{state.errors.name[0]}</p>
      )}

      <input type="email" name="email" placeholder="Your Email" required />
      {state.errors?.email && (
        <p style={{ color: 'red' }}>{state.errors.email[0]}</p>
      )}
      
      <button type="submit">Sign Up</button>

      {state.message && <p>{state.message}</p>}
    </form>
  );
}

So here's the breakdown of what's happening:

  1. We import useFormState from react-dom. Yes, react-dom, not react. That's one of those little gotchas to remember.
  2. We call it with our server action (createUser) and an initialState.
  3. It gives us back a tuple: state (which holds the result from the last action call) and formAction (a new, wrapped action function that we pass to our form).

Now, when the form is submitted, formAction gets called, which in turn calls our real createUser action on the server. Whatever createUser returns becomes the new state, and our component re-renders to display the messages. It's a clean, self-contained loop.

The Waiting Game: Showing a Loading State

Okay, so our form now has error and success states. But what about the in-between? When the user clicks "Sign Up," the button should probably change to "Signing Up..." and become disabled to prevent any frantic double-submissions.

This is where another handy hook, useFormStatus, comes into play. It gives you the pending status of the parent <form>. The only catch? It has to be used in a component that's rendered inside the form.

So, let's create a dedicated SubmitButton component.

// app/submit-button.jsx
'use client';

import { useFormStatus } from 'react-dom';

export function SubmitButton() {
  const { pending } = useFormStatus();

  return (
    <button type="submit" disabled={pending}>
      {pending ? 'Signing Up...' : 'Sign Up'}
    </button>
  );
}

Yep, it's really that simple. The useFormStatus hook gives us a pending boolean. We can use it to disable the button and change its text while the form submission is in flight.

Now we just drop this into our UserForm.

// app/user-form.jsx (updated)
'use client';

import { useFormState } from 'react-dom';
import { createUser } from './actions';
import { SubmitButton } from './submit-button'; // <-- Import the button

const initialState = {
  message: null,
  errors: {},
};

export function UserForm() {
  const [state, formAction] = useFormState(createUser, initialState);

  return (
    <form action={formAction}>
      {/* ... your input fields ... */}
      
      <SubmitButton /> {/* <-- Use the new button */}

      {state.message && <p>{state.message}</p>}
    </form>
  );
}

With just these two hooks, useFormState and useFormStatus, we've recreated the entire form state management dance (loading, error, success) with almost no client-side useState. That's a huge win for simplicity.

Beyond Forms: Revalidating Data and Redirecting

But Server Actions are so much more than just a tool for forms. They are for any server mutation you can think of. A classic example is deleting an item from a list. When you delete it, you want the list on the page to update automatically.

And this, for me, is where the integration with Next.js's caching system just shines. Let's imagine we have a page that lists a bunch of posts.

// app/posts/actions.js
'use server';

import { revalidatePath } from 'next/cache';
import { redirect } from 'next/navigation';
import { db } from '@/lib/db';

export async function createPost(formData) {
  const title = formData.get('title');
  const content = formData.get('content');

  // Logic to save the post to the database
  const newPost = await db.post.create({ data: { title, content } });

  // This is the key part!
  // It tells Next.js to clear the cache for the '/posts' page.
  // The next time someone visits, they'll get fresh data.
  revalidatePath('/posts');
  
  // And now, let's send the user to their new post's page.
  redirect(`/posts/${newPost.id}`);
}

Inside this action, right after creating the post, we call revalidatePath('/posts'). This is us telling Next.js: "Hey, the data on this page is now stale. Dump the cache." The very next time that page is rendered, it will refetch its data from the source.

Then, we call redirect(). This is a server-side redirect that smoothly sends the user to a new URL. It's incredibly useful for post-submission workflows.

You can also get more granular with revalidateTag, which lets you tag specific fetch requests and then invalidate all data associated with that tag. It’s powerful stuff for managing complex data dependencies. You can find more details in the official Next.js docs on caching.

The Illusion of Speed: Optimistic UI

This is one of my absolute favorite patterns. Optimistic UI is when you update the user interface immediately, assuming the server action will succeed, without waiting for the response. It makes the app feel instantaneous. If it turns out the action failed, you simply roll back the change.

React 18 introduced a hook specifically for this: useOptimistic.

Let's imagine a simple to-do list where adding a new item is a server action.

'use client';

import { useOptimistic, useRef } from 'react';
import { addTodo } from './actions'; // A server action
import { SubmitButton } from './submit-button';

export function TodoList({ todos }) {
  const formRef = useRef(null);
  
  // The useOptimistic hook
  const [optimisticTodos, addOptimisticTodo] = useOptimistic(
    todos, // The original, real state
    (currentState, newTodoText) => {
      // The "reducer" function to create the temporary, optimistic state
      return [
        ...currentState,
        {
          id: Math.random(), // Temporary ID
          text: newTodoText,
          sending: true, // A flag to show it's pending
        },
      ];
    }
  );

  async function formAction(formData) {
    const newTodoText = formData.get('text');
    
    // 1. Immediately add the optimistic todo to the UI
    addOptimisticTodo(newTodoText);

    // Reset the form right away
    formRef.current?.reset();

    // 2. Call the real server action
    await addTodo(formData); // This function would save to DB and revalidate
  }

  return (
    <div>
      <form action={formAction} ref={formRef}>
        <input type="text" name="text" placeholder="Add a new todo..." />
        <SubmitButton />
      </form>
      
      <ul>
        {optimisticTodos.map((todo) => (
          <li key={todo.id} style={{ opacity: todo.sending ? 0.5 : 1 }}>
            {todo.text}
          </li>
        ))}
      </ul>
    </div>
  );
}

Let's walk through the flow:

  1. The user types "Buy milk" and hits submit.
  2. Our formAction is called.
  3. addOptimisticTodo('Buy milk') is called immediately. The UI re-renders with "Buy milk" in the list, maybe slightly greyed out. The app feels instant.
  4. Meanwhile, in the background, await addTodo(formData) is running, talking to the server.
  5. Once the server action completes and the data is revalidated, Next.js re-renders the component with the actual data from the server. The optimisticTodos state is replaced with the true todos prop, and our temporary item is seamlessly replaced by the real one from the database.

And if the server action fails? React automatically and gracefully throws away the optimistic state, reverting the UI to the original todos. It's a complex-sounding concept made surprisingly manageable with this hook.

Best Practices and Staying Out of Trouble

Server Actions are powerful, but with great power comes... well, you know. Here are a few things I've learned to keep in mind to keep things running smoothly.

  • Always Validate on the Server: Never, ever trust data coming from the client. Even if you have client-side validation, you should always re-validate inside your server action. Libraries like Zod or Joi are your best friends here.
  • Handle Authentication and Authorization: Just because a function is a Server Action doesn't mean anyone should be able to call it. Inside your action, always check for the user's session and their permissions before performing sensitive operations.
  • Keep Them Focused: A Server Action should ideally do one thing and do it well (e.g., createUser, updatePostSettings). Try to avoid creating monolithic actions that handle a dozen different cases.
  • Error Handling is Key: Wrap your database calls and any other logic that might fail in try...catch blocks. Return clear error messages so you can display them nicely on the client using useFormState.

Server Actions are a fundamental part of the Next.js App Router paradigm. They aren't just a neat feature; they're a core piece of the puzzle that brings the client and server closer together than ever before. It takes a little getting used to, I'll admit, but once it clicks, it's hard to imagine going back.

So go ahead, delete some of those old API routes. Your codebase will thank you.

Frequently Asked Questions

Can I use Server Actions in the Pages Router?

No, Server Actions are a feature of the App Router and rely on the React Server Components architecture. They are not available in the traditional Pages Router.

How are Server Actions different from API routes?

They solve similar problems (handling client requests on the server), but the approach is different. API routes require you to manually create endpoints and use fetch on the client. Server Actions are functions that can be called directly, with Next.js handling the underlying RPC mechanism, form data serialization, and integration with React hooks like useFormState.

Are Server Actions secure?

Yes, they are designed with security in mind. The code for a Server Action is never sent to the client. Next.js creates a unique endpoint for each action, and data is transmitted via a POST request. However, you are still responsible for implementing your own security measures like input validation and authentication/authorization checks within the action's body.

Can a Server Action return data?

Absolutely. A Server Action can return any serializable data. This is how useFormState gets its state updates. You can return objects, strings, numbers—anything that can be sent over the network. This is useful for more than just form state; you could have an action that fetches some data on demand and returns it to a Client Component.

Related Articles

nextjs

Next.js API Routes vs. Server Actions: A Guide

Confused about Next.js API Routes and Server Actions? This guide breaks down when to use each for building a powerful Next.js backend.

Intermediate
5 min read
nextjs

A Friendly Intro to the Next.js App Router

Finally understand the Next.js App Router. This guide breaks down routing, server components, and data fetching in a way that actually makes sense.

Intermediate
5 min read
nextjs

Next.js Image Optimization: A Guide That Actually Clicks

Master the Next.js Image component. Go from blurry, slow-loading pages to lightning-fast, optimized visuals that boost your Core Web Vitals.

Intermediate
5 min read