Expose Your Database as a REST API Safely and Without Code

One of the complex parts of application development is to first write code to connect to your database and then try to leverage an Object Relational Mapping (ORM) framework to help write your data access layer.

But what would things look like if you did not need an ORM? Or did not need to write a data access code to access your database? How would you then expose the data AND access it safely for your front-end application development?

REST APIs provide a standardized interface to use HTTP requests to return data to users or applications in the form of JSON, HTML, XML, etc.

We can use some middleware to sit between our database and our application. We can then use RESTful queries in our application to ask the middleware to give us the specific data filtered to our liking as needed for our applications' operations. But which middleware? And wouldn't something in the middle slow things down?

Simple

DB2Rest is open-source middleware that offers a no-code way to safely expose data from your database for your applications to consume. It runs as a service that you can host locally or in the cloud. It even has an easy-to-use Docker deployment.

Let's see a simple example of a query with DB2Rest that shows how to filter on our database table of "movies".

QUERY

http GET 'http://example.com/movies?filter=title=="Titanic";year=gt=1950' 
User-Agent:insomnia/8.6.1

RESULT

HTTP/1.1 200 Content-Type: application/json Transfer-Encoding: chunked 
[  {    "title": "Titanic",    "year": 1953,    "distributor": "20th Century Fox",    "budget": "$1,805,000",    "director": "Jean Negulesco"  },  {    "title": "Titanic",    "year": 1997,    "distributor": "Paramount Pictures",    "budget": "$200,000,000",    "director": "James Cameron"  } ]

Notice the QUERY where we didn't even need to use a full SQL query!?!

We simply asked to filter by a title and the year greater than 1950.

year=gt=1950

And it easily returned results!

DB2Rest uses simple syntax (based on RQL — those keywords within = equal signs) for querying and even updating, deleting, and joining tables.

Fast

DB2Rest is blazing fast even as middleware and is reported by users since it doesn't need to use an ORM, but instead uses industry-proven data access libraries and drivers for the most common databases. The queries are even cached for greater speed. DB2Rest translates your queries without code generation! into SQL so you don't have to, forward to the database, and return paginated results in JSON. If you already know SQL, DB2Rest can also just forward any custom SQL expressions to your database.

This is really great because with DB2Rest you can even expose legacy databases to your applications without all the pain of coding, and quickly take advantage of that older data, or even skip database migrations and just use DB2Rest to give data access to your legacy data!

Secure

What is even better, I think, is that DB2Rest can serve as a gateway of sorts by being middleware and not directly exposing your database to your users or application, but instead only the data it needs. There's not even a possibility of SQL Injection attacks because of this. Security concerns are further minimized by configuring DB2Rest to use a DB user account that only has access to the schema and tables you wish to give access to. All data access security is thus handled directly by your database user access roles (and not DB2Rest) to conform with best practices and allow database administrators (DBAs) to continue to maintain security access roles as they need, even in an enterprise setting. Or your own movie or bread recipe database. :-)