API DB Gateway
A secure gateway for multiple PostgreSQL instances. Token-authenticated, query-controlled, centrally managed.
Why Gateway
No application ever touches the database directly. Everything flows through the gateway.
Each application authenticates with credentials to receive a session token. Requests without a valid token are rejected before reaching any database.
Only pre-authorized SQL queries can be executed. Arbitrary queries are blocked, eliminating injection vectors and unauthorized data access entirely.
Route requests to multiple PostgreSQL instances running on separate local servers — all through a single, unified API endpoint.
Each project operates in a fully isolated context. One application cannot access another's data under any circumstances.
Hosted via dynamic DNS for a consistent public URL, regardless of underlying IP changes.
Built on Django REST Framework — a mature, well-documented standard with full serialization, validation, and permission handling built in.
Integrations
Applications currently routed through the gateway.
Architecture
Every request passes through authentication and validation before touching any data.
The client application posts username and password to the token endpoint.
On success, the gateway returns a session token to be used in subsequent requests.
The incoming SQL query is checked against the whitelist. Unauthorized queries are rejected with a 403.
The request is forwarded to the correct PostgreSQL instance and the result is returned to the client.