/api/database/* endpoints are a thin auth-required proxy over PostgREST, scoped to your project’s public schema. They use the same operators and conventions as PostgREST under the hood, but every call requires a valid Powabase auth token (no anon-key access).
System schemas (ai, auth, storage, pg_catalog, information_schema, etc.) are blocked at this layer — those are managed via dedicated routes (/api/agents, /api/knowledge-bases, …).
When you need the full PostgREST query language (filter operators, embedded relations, ordering, RPC calls), use the PostgREST endpoints instead. Use this proxy when you want one auth model across all platform calls and don’t need the full PostgREST surface.
Common Patterns
Discover tables withGET /tables, then read or mutate rows by primary key. The /openapi endpoint returns the project’s full PostgREST OpenAPI spec — useful for UIs that render an API reference for user-defined tables.
GET /api/database/tables
List tables in the schema (onlypublic is currently allowed). Returns { "tables": ["users", "orders", ...] }.
Defaults to
public. Any other value returns 400.GET /api/database/tables/
List rows from a table via PostgREST. Supportslimit (default 50) and offset query parameters.
Table name in the public schema. Must match
^[A-Za-z_][A-Za-z0-9_]*$.Defaults to 50.
Defaults to 0.
Defaults to
public.GET /api/database/tables//
Fetch a single row byid. Returns the row as a JSON object (uses PostgREST’s Accept: application/vnd.pgrst.object+json).
Table name
Row primary key
Defaults to
public.POST /api/database/tables/
Insert a row. The body is forwarded to PostgREST withPrefer: return=representation, so the response contains the inserted row.
Table name
PATCH /api/database/tables//
Update a row byid. Returns the updated row.
Table name
Row primary key
DELETE /api/database/tables//
Delete a row byid.
Table name
Row primary key
GET /api/database/openapi
Return the project’s full PostgREST OpenAPI/Swagger spec. The frontend uses this to render an API reference for user-defined tables; you can use it to drive a settings UI or to introspect the schema programmatically.Error Responses
Errors from this proxy return{"error": "<message>"}. Errors from the upstream PostgREST/Postgres are forwarded verbatim with their original status code.
| Status | Description |
|---|---|
| 400 | Table name failed validation (must match ^[A-Za-z_][A-Za-z0-9_]*$) |
| 400 | Schema is not public (only public is exposed via this proxy) |
| 401 | Missing or invalid auth headers |
| 500 | GET /tables failed against information_schema |
| 502 | PostgREST connection failed (network error, gateway unreachable) |
| 4xx/5xx | Forwarded from PostgREST (e.g. constraint violation, RLS denial) |