|
|
|
|
|
|
by billygoat
3287 days ago
|
|
|
Sure - PostgREST provides a RESTful API endpoint for any PostgreSQL database. It's kinda magic. It's an interesting beast: it has almost no configuration at all, you just point it to one database schema, and it then uses the postgres permissions system to decide what tables & views to expose, and who gets to see them. The only part of it that was a little tricky was creating multiple database users for anonymous views off the internet vs. internal staff who would want to do more than just select some rows. |
|
|
PostgREST exposes everything within a particular schema and then every call gets translaed into a query and executed. It's the database (PostgreSQL) that is deciding if the query will be executed or it will raise a permissions error. PostgREST just kind of says "hey db, this is the current user. Now run this query for him"
From a high level, postgrest is just a pure function that translates a rest call to a sql query and executes it with the privileges of the user that is making the request. The database does all the heavylifting