|PostgREST Turns PostGRE RESTful|
|Written by Kay Ewbank|
|Thursday, 21 November 2019|
PostgREST, a standalone web server that turns your PostgreSQL database directly into a RESTful API has been updated with improvements to full text search and support for embedding views.
PostgREST serves a fully RESTful API from any existing PostgreSQL database. The developers say it provides a cleaner, more standards-compliant, faster API than you are likely to write from scratch. and achieves sub-second response times for up to 2000 requests per second on Heroku free tier.
One reason for the speed is that the server is written in Haskell using the Warp HTTP server, which is a compiled language with lightweight threads. PostgREST delegates as much calculation as possible to the database including serializing JSON responses directly in SQL, data validation, authorization, and combined row counting and retrieval.
It also uses the database efficiently with the Hasql library by keeping a pool of db connections, using the PostgreSQL binary protocol, and being stateless to allow horizontal scaling.
PostgREST handles authentication via JSON Web Tokens and delegates authorization to the role information defined in the database. This avoids problems of having multiple version of what roles can access what information. When dealing with the database the server assumes the identity of the currently authenticated user, and for the duration of the connection can't do anything the user themselves couldn't. Other forms of authentication can be built on top of the JWT primitive. Because PostgREST uses PostgreSQL you get row-level security. If you're running PostgREST against PostgreSQL 9.5, it supports true row-level security. Earlier versions simulate it with triggers and security-barrier views.
The developers say PostgREST offers a good alternative to manual CRUD programming, you can use PostgreSQL to join data and let its query planner figure out the details rather than to loop through rows yourself. They also say PostgREST offers leak-proof abstraction as there's no ORM involved. Creating new views happens in SQL with known performance implications.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Thursday, 21 November 2019 )|