These tools like Postgrest are super fun but in the end, I always end up needing an API for secure business logic. At that point, these tools where "your DB is your API" just become another part of your backend rather than replacing the backend, and the value of that isn't clear to me.
It's awesome for hobby projects, but I wasn't able to figure out how to use it to build a SaaS app.
Postgrest includes security(paired with PG's row level access). plus if you go the way of pl/python or other languages built-into PG(includes javascript, c, etc, etc), you can get very far before you have to go add more layers. But even if you do, it can still be pretty great.
It's awesome for hobby projects, but I wasn't able to figure out how to use it to build a SaaS app.