The API database architecture – Stop writing HTTP-GET endpoints

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • postgrest

    REST API for any Postgres database

    Speaking of postgrest, it looks like the article links to `www.postgrest.org` which has been "hijacked"? The correct url should be https://postgrest.org

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • sqitch

    Sensible database change management

    Yeah, I fully agree. The tooling for putting that much logic into the database is just not great. I've been decently happy with Sqitch[0] for DB change management, but even with that you don't really get a good basis for testing some of the logic you could otherwise test in isolation in app code.

    I've also tried to rely heavily on the database handling security and authorization, but as soon as you start to do somewhat non-trivial attribute-/relationship-based authorization (as you would find in many products nowadays), it really isn't fun anymore, and you spend a lot of the time you saved on manually building backend routes on trying to fit you authz model into those basic primitives (and avoiding performance bottlenecks). Especially compares to other modern authz solutions like OPA[1] or oso[2] it really doesn't stack up.

    [0]: https://github.com/sqitchers/sqitch

    [1]: https://www.openpolicyagent.org

    [2]: https://www.osohq.com

  • OPA (Open Policy Agent)

    Open Policy Agent (OPA) is an open source, general-purpose policy engine.

    Yeah, I fully agree. The tooling for putting that much logic into the database is just not great. I've been decently happy with Sqitch[0] for DB change management, but even with that you don't really get a good basis for testing some of the logic you could otherwise test in isolation in app code.

    I've also tried to rely heavily on the database handling security and authorization, but as soon as you start to do somewhat non-trivial attribute-/relationship-based authorization (as you would find in many products nowadays), it really isn't fun anymore, and you spend a lot of the time you saved on manually building backend routes on trying to fit you authz model into those basic primitives (and avoiding performance bottlenecks). Especially compares to other modern authz solutions like OPA[1] or oso[2] it really doesn't stack up.

    [0]: https://github.com/sqitchers/sqitch

    [1]: https://www.openpolicyagent.org

    [2]: https://www.osohq.com

  • pg_masking

    (WIP) Dynamic data masking for Postgres

    Last time I tried it though, it didn't play well with transaction variables (`current_setting(my.username)`). So you could not combine it with RLS logic and application users[5]. I'll be exploring an alternative on https://github.com/steve-chavez/pg_masking.

    [1]: https://www.ibm.com/docs/en/db2-for-zos/12?topic=statements-...

    [2]: https://learn.microsoft.com/en-us/sql/relational-databases/s...

    [3]: https://postgresql-anonymizer.readthedocs.io/en/latest/decla...

    [4]: https://www.2ndquadrant.com/en/blog/application-users-vs-row...

  • ag-crud-rethink

    Realtime CRUD data management layer/plugin for SocketCluster using RethinkDB as the database

    It's interesting reading this because I implemented a Node.js solution for this problem years ago but it fell on deaf ears. GraphQL was getting all the attention at the time.

    https://github.com/socketcluster/ag-crud-rethink

    I wrote it for RethinkDB but it could be adapted to any database as it doesn't rely on changefeeds.

    I then ended building a complete serverless solution around it: https://saasufy.com/

  • NpgsqlRest

    Automatic REST API for PostgreSQL Database as .NET Middleware

  • supabase-tenant-rbac

    A template for implementing basic RBAC for a multi-tenant supabase project

    Ok, this is not provided in the UI but why don't you use something like this?

    - https://github.com/point-source/supabase-tenant-rbac

  • supabase-multitenancy-rbac

    POC for implementing RBAC roles in multi-tenant environment, using Supabase

  • postgrest-js

    Isomorphic JavaScript client for PostgREST.

    You have explicit control over transactions with https://postgrest.org/en/latest/references/api/functions.htm....

    I think this sentiment stems from users of postgrest-js[1], which is a JS library that gives an ORM feel to PostgREST requests. Under that abstraction, users don't realize they're using a REST API, instead of a direct postgres connection.

    So in this case users are really asking for "client-side transactions"[2], which are not supported in PostgREST.

    [1]: https://github.com/supabase/postgrest-js

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • PostgREST: Providing HTML Content Using Htmx

    12 projects | news.ycombinator.com | 18 Dec 2023
  • Starter Kit and tooling for authoring REST API back ends for PostgREST

    1 project | news.ycombinator.com | 15 Jun 2023
  • PostgREST – Serve a RESTful API from Any Postgres Database

    22 projects | news.ycombinator.com | 29 Dec 2022
  • SubZero – GraphQL and REST API for your database

    1 project | news.ycombinator.com | 8 Sep 2022
  • Auto generating API schema code?

    5 projects | /r/PostgreSQL | 29 Aug 2021

Did you konow that PLpgSQL is
the 49th most popular programming language
based on number of metions?