Show HN: Secure SQL queries from web/mobile clients

2 points

5 years ago

Summation is an open source database/API gateway that lets you get the data you need, without having to wait for your backend team to write APIs for you.

You can: - query your SQL databases directly from web/mobile apps without risk of SQL injection - make API requests to third-party APIs (stripe, twillio, etc.) directly from web/mobile apps without exposing your credentials

Benefits: - you get the full power of SQL, which most developers already know (instead of having to learn graphQL) - supports all major SQL databases/warehouses, and any JSON REST API - Client libraries exist for Javascript, iOS, and Android

How it works: - the gateway authenticates your users via JWT tokens you pass it (supports Firebase/Auth0/Okta/Cognito) - only specific queries/API requests that have been approved can be executed in production - any parameters you pass in get bound to the query/API request (so you can filter queries to the logged-in user's JWT user ID, etc.) - credentials are encrypted in PostgreSQL (open source version) or your company's cloud secrets manager (cloud version, currently in alpha) - you can chain together multiple queries/API requests, with parameters securely passed from one to the other server-side

https://github.com/summation-app/docker

looking forward to your questions & feedback, thanks!