PostgreSQL as REST API Server without coding Priya Ranjan @ranjanprj
API Future of Application Development APIs are prerequisite for innovation Microservices provide APIs in a bounded context Existing APIs combined in unexpected ways bring enormous value In the future APIs would come together around your context to provide value UI/UX are simply the face on top of APIs Possibilities are endless with AI, ML APIs
API Development Currently APIs Nginx/Apache/Caddy - SSL Exposing REST API (Authorization, Security, Data Privacy, OpenAPI 2.0) Development in NodeJS, Python, Java, Golang etc DATA SCIENCE GEO SOCIAL FINANCIAL IDENTITY TRANSACTIONAL TRACKING PostgreSQL DB Schema
PostgreSQL API Development with PostgREST APIs Nginx/Apache/Caddy - SSL PostgREST ( Automatic OpenAPI 2.0 ) Automatic API Generation PostgreSQL DB Schema - Authorization, Security, Data Privacy, Roles, Extensions, SQL Function, FDW DATA SCIENCE GEO SOCIAL FINANCIAL IDENTITY TRANSACTIONAL TRACKING
PostgreSQL API Development Platform PostgreSQL has all the right mix of features as an API Dev Platform Data security Data integrity Data access logic Extension Mechanism FDW Standards Implementation Backward Compatibility Robust Production Deployment Awesome Community
PostgREST Your Schema as API Joe Nelson https://postgrest.com/ https://github.com/begriffs/postgrest
PostgREST Schematics PostgREST :: Schema -> HTTP -> SQL
PostgREST Simple Recipe Create Schema PostgREST needs an anonymous ROLE to read schema. Here we define such role called web_anon ROLE.
PostgREST Simple Recipe Setup PostgREST Download PostgREST binary for Linux, Windows, BSD Create file tutorial.conf db-uri = "postgres://postgres:mysecretpassword@localhost/postgres" db-schema = "api" db-anon-role = "web_anon" Run./postgrest tutorial.conf
PostgREST Simple Recipe Run PostgREST
PostgREST Simple Recipe REST API Ready OpenAPI Specification at the root url Access table using /table_name, permission applied
PostgREST Simple Recipe Limit Auth We are allowing web_anon role read access to table todos to. Hence anyone can see all the todos, but not update it. This way you can restrict at granular level whatever access you want for your web_anon role. curl http://localhost:3000/todos -X POST \ -H "Content-Type: application/json" \ -d '{"task": "do bad thing"} Response is 401 Unauthorized: { "hint": null, "details": null, "code": "42501", "message": "permission denied for relation todos"
PostgREST Simple Recipe Create Auth Role
PostgREST Simple Example Sign Tokens Create a password of 32 Chars and sign it at https://jwt.io or service Eg mysupersecretpasswordpleasekeep Switches to this role on Authentication
PostgREST Simple Example Register Secret In tutorial.conf add jwt-secret = mysupersecretpasswordpleasekeep
PostgREST Schematics For Table TODOS READ - GET /todos?select=id,done,task,due&id=gt.10&order=due SELECT id,done,task,due FROM todos WHERE id > 10 ORDER BY due CREATE - POST / todos Content-Type : application/json { task : this is my new task } UPDATE - PATCH /todos?id=eq.10 Content-Type : application/json { done : 1} DELETE - DELETE /todos?id=eq.10 ***Ensure PATCH & DELETE is parameterized using proxy
PostgREST Simple Example Create Records
Showcase 1 Find Nearest Cab Uses GoogleMaps PostgreSQL Postgis PostgREST
Showcase 1 Find Nearest Cab
PostgREST Showcase 1 Create a location table with some data GET http://localhost:3000/geospatial_location_view?distance=lt.20 000&consumer_key=eq.'1234'&source_entity_id='1'&source_e ntity_type='user'&target_entity_type='asset' Find all within 20KM radius
Showcase 2 On-demand Carwash Company Uses - GoogleMaps PostgreSQL Postgis PostgREST Stripe Payment API call as Postgres function
Showcase 2
Showcase 2 SQL JS Different Schema Not exposed Directly by PostgREST
Showcase 2 SQL JS
PostgREST Showcase 2 SQL JS
PostgREST Showcase 2 SQL JS
Showcase 3 An Uber/Ola Clone Uses GoogleMaps PostgreSQL Postgis Postgrest Reuses same APIs of Showcase 2 No new API development required!!!
Showcase 3
Use cases Develop focused apps without developing REST API Expose existing PostgreSQL Schema as API Expose complex Extensions ( custom, Postgis ) Expose complex FDW as REST API Expose Views for creating live dashboard Schema as bounded context can act as Microservices Architecture Create a central API HUB Use PostgreSQL C speed JSON, Search, Geo, Indexing as APIs
Setting Up PostgREST Caveats PostgREST exposes database as is DELETE http://localhost:3000/my_table_name would delete entire table!!! PATCH http://localhost:3000/my_table_name Content-Type: Application/json { status : completed } would update for entire table!!! PostgREST must be behind a PROXY which checks for parameters in case of DELETE & PATCH
Setting Up PostgREST Alternatives PostGraphQL Nodejs A GraphQL API created by reflection over a PostgreSQL schema. prest Golang Serve a RESTful API from any PostgreSQL database Pgasus Golang Pgasus offers RESTful interface for PostgreSQL.
Conclusion PostgreSQL is complete solution for building API PostgREST makes it trivial to expose PostgreSQL as API server PostgREST must be behind proxy server such as Nginx Parameters for DELETE & PATCH must be checked at proxy level PostgREST is ideal for building small focused apps and POC PostgreSQL Extensions and FDW can be easily exposed as APIs Using different schema, you can support two versions of same API
Questions? Priya Ranjan @ranjanprj