A Poor Man's API

I miss aspects of those days, because I made a good bit of money from people who used MyISAM because "it's more performant" (or just because it was the default, yes, I'm dating myself here), and then corrupted their data because MyISAM didn't enforce constraints.

Other than the easy money, nah, don't miss the old days that much.

Having to use Reflector to decompile a core .NET library to figure out wtf it was doing because MSDN was inadequate, and the source was very much not open.

PHP 4 code bases that heavily leaned on dangerous globals.

J2EE.

Ah, the "good" ol days.

Grafana and Prometheus aren't necessary, and Docker is at this point pretty close to a Linux platform feature. APISIX is a reasonable complaint --- the "poor man's API" is "using a big open source project that provides generic APIs", sure, that's not all that clever.

Absolutely. It is shameful how much stuff needs to be run before you can even get started.

Or use https://github.com/mevdschee/php-crud-api and skip writing queries (for basic CRUD).

> Howto: Upload "api.php" to your webserver, configure it to connect to your database, have an instant full-featured REST API.

hostgator.com still exists. install some wordpress, edit the PHP files, add some tables in MySQL, have fun!

You might like Directus.

It is nominally a "headless CMS", but it's so close to the SQL that I think of it more like API in a box.

If you're talking about HATEOAS (which many zealots equate one to one with REST) you may be pleased to know there is no reference to it whatsoever in this article.

What is the acronym for when something needs to be done, so you create an endpoint to do that thing, maybe return HTML if convenient (if it is a page request) or JSON if it is XHR, and then move on to the next user story?

Big problems with the design of the response here, too. Example: https://fivethirtyeight.datasettes.com/polls/president_prima...

The schema is ad-hoc and requires a human to interpret it. Link relations (at the bottom) are expressed the wrong way: a machine could understand the "next" or "license" relations, but not an arbitrary "next_url" or "license_url" JSON key.

Recommendation: adopt relevant IETF/IANA standards and reformulate the response to take advantage of them.

Postgres is amazing, but there are some issues you quickly hit with systems like this:

1. Side effects: Want to send an email when something happens

2. conditional permissions: Need access to data under certain circumstances not modelled by the security language?

3. Subset access: Access to parts of the row / document.

4. Aggregate access: Access to eg. a count of rows you can not access.

These are usually solved using serverless functions – or an API written in code.

Personally I err to the side of just writing some code, maybe because I enjoy that part of the project. Then I might be more inclined to use no-code solutions for the frontend, where others want the freedom and flexibility.

I would go the other way around.

Why start with an SQL database? When I start something new, I don't want to fiddle around with tables every time I change my model.

Business logic in your preferred language paradigm, rather than sprocs/triggers

Agree. I've used PostgREST for production and it works great. No need to rewrite the API.

Hasn't DDoS protection always been a small misnomer?

You can't really protect against it, you can only have enough bandwidth to handle everything.

Did you know that databases can read from disk?

Databases are huge security vulnerabilities and should always have some kind of shim over them. Never expose your relational DB publicly if you want any control over it.

At that point you might as well just let them download the .sqlite file ;)

Or (as is the fashion recently) compile sqlite to wasm and run it in browser.

API Bakery requires a user to tediously and manually replicate the DB schema. In my eyes, that makes it worse than the solution under discussion.

Do I have to generate my API from scratch if the schema changes? If so, this solution is a no-go

Stick it on the Render free or cheap tier. Or Supabase for free in just a single click:

https://supabase.com/pricing

You're better off starting with Postgres than having to migrate from some kind of no-sql setup later.

Supabase has a free tier with all this included, plus more. It's the best install of postgres I've seen and I'm obsessed with how it makes triggers, auth, etc., all included.

NKOTB: https://neon.tech/

Free Tier includes:

compute up to 1 vCPU / 256 MB

storage up to 10 GiB

3 projects per user

Render is a fantastic replacement

Bunch of providers have free tiers.

Many projects grow to the point that the limitations of writing everything in views and stored procedures becomes more painful than writing the CRUD code in Python, Node, Ruby, PHP, or whatever.

Personally, I’d give a shout for https://api-platform.com/.

Just to clear things up a bit (as I remember not knowing about this side of "RESTfulness" a while ago myself): an important part of REST is relying on hypertext, that is pointing to other resources by using URLs. Just returning an ID of a referenced object/resource as a plain number isn't very RESTful, but returning an URL of that object/resource is.

If you already have relationships between tables, then it shouldn't be that hard to add right?

Haskell (performant functional language) > JavaScript (soggy wet noodles)

It's third-party software.

Depends on your needs of API Gateway, Ingress Controller, and Service Mesh.

According to Apache APISIX Slack[1] channel discussions and GitHub Issues/Discussions, most people focus on Security, Feature Rich, and Performance.

1. Security: As an Apache project, there have a lot of users and maintainers who are watching project activities, and the Security Team follows up very quickly.

2. Feature Rich: Just join the Slack channel and you will find that lots of questions are related to "features".

3. Performance: https://api7.ai/blog/apisix-kong-3-0-performance-comparison

[1] https://apisix.apache.org/slack