API Builder
DYPAI's API Builder combines auto-generated CRUD endpoints for every database table with a visual Flow Editor for building custom business logic β no server code required.
Overview
The API Builder provides two complementary ways to expose your data over HTTP:
- Auto-generated endpoints β instant REST endpoints for every table in your database, with support for filtering, pagination, ordering, and field selection.
- Custom endpoints β define your own routes using the visual Flow Editor, where you connect logic nodes to handle requests, query the database, transform data, and return responses.
All endpoints support JWT authentication, respect Row Level Security policies, and are rate-limited based on your project plan.
Auto-generated Endpoints
For each table in your database, DYPAI automatically generates the following CRUD endpoints:
| Method | Path | Description |
|---|---|---|
GET | /api/table_name | List records (with filtering, pagination, ordering) |
GET | /api/table_name/:id | Retrieve a single record by primary key |
POST | /api/table_name | Create one or more records |
PUT | /api/table_name/:id | Replace an entire record |
PATCH | /api/table_name/:id | Partially update a record |
DELETE | /api/table_name/:id | Delete a record by primary key |
Here is an example of listing records from a products table with field selection, ordering, and a limit:
const response = await fetch(
'https://my-project.dypai.ai/api/products?select=id,name,price&order=price.asc&limit=10',
{
method: 'GET',
headers: {
'Authorization': 'Bearer YOUR_ACCESS_TOKEN',
'Content-Type': 'application/json',
},
}
)
const { data, count } = await response.json()
// data: [{ id: "...", name: "Widget", price: 9.99 }, ...]
// count: total number of matching rows (when count header is requested)Custom Endpoints
When auto-generated CRUD is not enough, use the Flow Editor to build custom endpoints visually. The Flow Editor is a node-based canvas where you define the request-handling pipeline by connecting nodes:
| Node Type | Description |
|---|---|
| Trigger | The entry point that defines the HTTP method and path (e.g. POST /api/checkout) |
| Database Query | Execute a SQL query or call an auto-generated endpoint internally |
| Transform | Map, filter, or reshape data using JavaScript expressions |
| Condition | Branch the flow based on a boolean expression |
| HTTP Request | Call an external API and pass the response downstream |
| Response | Return a JSON response with a status code to the caller |
Connect nodes by dragging from an output port to an input port. The Flow Editor validates connections in real time and warns you about unreachable nodes or missing required inputs.
Request & Response
Every DYPAI endpoint accepts and returns JSON. Below is an example of a complete request to create a new record and the corresponding response:
// Request
const response = await fetch('https://my-project.dypai.ai/api/orders', {
method: 'POST',
headers: {
'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIs...',
'Content-Type': 'application/json',
'X-Request-Id': 'req_abc123',
},
body: JSON.stringify({
product_id: '550e8400-e29b-41d4-a716-446655440000',
quantity: 2,
notes: 'Gift wrap please',
}),
})
const result = await response.json()
// Response (201 Created)
// {
// "data": {
// "id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
// "product_id": "550e8400-e29b-41d4-a716-446655440000",
// "quantity": 2,
// "notes": "Gift wrap please",
// "created_at": "2026-02-15T10:30:00.000Z"
// }
// }Error responses follow a consistent shape with a message field and an HTTP status code:
// Error Response (400 Bad Request)
// {
// "error": "validation_error",
// "message": ""quantity" must be a positive integer",
// "status": 400
// }Query Parameters
Auto-generated GET endpoints support a rich set of query parameters for selecting fields, filtering, ordering, and paginating:
| Parameter | Example | Description |
|---|---|---|
select | select=id,name,price | Return only the specified columns |
limit | limit=25 | Maximum number of rows to return (default 100, max 1000) |
offset | offset=50 | Number of rows to skip before returning results |
order | order=created_at.desc | Sort by column, direction is asc or desc |
Filter Operators
Append filters as query parameters using the format column=operator.value:
| Operator | Example | Description |
|---|---|---|
eq | status=eq.active | Equal to |
neq | status=neq.archived | Not equal to |
gt | price=gt.100 | Greater than |
gte | price=gte.100 | Greater than or equal to |
lt | price=lt.50 | Less than |
lte | price=lte.50 | Less than or equal to |
like | name=like.*widget* | Pattern match (case-sensitive, * is wildcard) |
ilike | name=ilike.*widget* | Pattern match (case-insensitive) |
in | status=in.(active,pending) | Value is in the given list |
is | deleted_at=is.null | Check for null, true, or false |
Authentication
All auto-generated and custom endpoints require authentication by default. Pass a valid JWT token in the Authorization header:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...DYPAI extracts the user's identity and role from the token and applies the corresponding RLS policies. For public endpoints, you can disable authentication on a per-endpoint basis from the API Builder settings, or use the anon key which grants anonymous access limited by the anon role policies.
Rate Limiting
Every DYPAI project enforces rate limits to ensure fair usage and protect against abuse. Limits are applied per IP address:
| Plan | Requests per Minute | Burst Limit |
|---|---|---|
| Free | 100 | 20 |
| Pro | 1,000 | 200 |
| Enterprise | Custom | Custom |
429 Too Many Requests response with a Retry-After header indicating how many seconds to wait before sending the next request.API Keys
Each project has two default API keys that determine the access level of requests:
anonkey β intended for client-side use. Requests made with this key are subject to theanonrole's RLS policies.service_rolekey β bypasses RLS entirely and has full access to all data. Never expose this key in client-side code.
You can also create additional API keys with custom roles and expiration dates. See the API Keys guide for details.