REST API for any Postgres database
The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:
PostgREST serves a fully RESTful API from any existing PostgreSQL database. It provides a cleaner, more standards-compliant, faster API than you are likely to write from scratch.
Big thanks to our sponsors! You can join them by supporting PostgREST on Patreon.
Invoke for help:
TLDR; subsecond response times for up to 2000 requests/sec on Heroku free tier. If you're used to servers written in interpreted languages, prepare to be pleasantly surprised by PostgREST performance.
Three factors contribute to the speed. First the server is written in Haskell using theWarpHTTP server (aka a compiled language with lightweight threads). Next it delegates as much calculation as possible to the database including
Finally it uses the database efficiently with theHasql library by
PostgREST handles authentication (via JSON Web Tokens) and delegates authorization to the role information defined in the database. This ensures there is a single declarative source of truth for security. When dealing with the database the server assumes the identity of the currently authenticated user, and for the duration of the connection cannot do anything the user themselves couldn't. Other forms of authentication can be built on top of the JWT primitive. See the docs for more information.
PostgreSQL 9.5 supports true row-level security. In previous versions it can be simulated with triggers and security-barrier views. Because the possible queries to the database are limited to certain templates usingleakprooffunctions, the trigger workaround does not compromise row-level security.
A robust long-lived API needs the freedom to exist in multiple versions. PostgREST does versioning through database schemas. This allows you to expose tables and views without making the app brittle. Underlying tables can be superseded and hidden behind public facing views.
This project uses HTTP to communicate other metadata as well. For instance the number of rows returned by an endpoint is reported by - and limited with - range headers. More aboutthat.
Rather than relying on an Object Relational Mapper and custom imperative coding, this system requires you put declarative constraints directly into your database. Hence no application can corrupt your data (including your API server).
The PostgREST exposes HTTP interface with safeguards to prevent surprises, such as enforcing idempotent PUT requests.
You can help PostgREST ongoing maintenance and development by:
Making a regular donation through Patreon https://www.patreon.com/postgrest
Alternatively, you can make a one-time donation via Paypal https://www.paypal.me/postgrest
Every donation will be spent on making PostgREST better for the whole community.
The PostgREST organization is grateful to:
The cool logo came from Mikey Casalaina.