DEV.co
MCP Servers · Azure

data-api-builder

Data API builder is a Microsoft open-source tool that automatically generates REST and GraphQL APIs from databases without custom code. It supports multiple database types (SQL Server, Azure SQL, PostgreSQL, MySQL, Cosmos DB) and runs as a containerized service on any cloud or on-premises.

Source: GitHub — github.com/Azure/data-api-builder
1.5k
GitHub stars
348
Forks
C#
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryAzure/data-api-builder
OwnerAzure
Primary languageC#
LicenseMIT — OSI-approved
Stars1.5k
Forks348
Open issues527
Latest releasev2.0.9 (2026-06-29)
Last updated2026-07-08
Sourcehttps://github.com/Azure/data-api-builder

What data-api-builder is

DAB is a C# .NET 8+ application that reads database metadata, translates HTTP/GraphQL requests to parameterized SQL, and returns JSON responses. It provides role-based permission controls, environment variable support for secrets, and development-mode Swagger/Nitro UI. Configuration is declarative JSON.

Quickstart

Get the data-api-builder source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Azure/data-api-builder.gitcd data-api-builder# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Rapid CRUD API prototyping

Generate functional REST/GraphQL endpoints from existing database schema in minutes without writing endpoint code, ideal for proof-of-concepts and MVPs.

Multi-database abstraction layer

Expose SQL Server, PostgreSQL, MySQL, and Cosmos DB through consistent REST/GraphQL interfaces, reducing client-side database coupling.

Internal data service microservice

Deploy as a lightweight containerized API for internal teams to query shared databases with built-in role-based access control and no custom business logic.

Implementation considerations

  • Requires .NET 8+ runtime for CLI usage; Docker for production deployment. Team must have container orchestration knowledge.
  • Configuration is declarative JSON; no UI builder evident. Teams must manually define entity mappings, permissions, and GraphQL type naming.
  • Secrets managed via .env files or environment variables. Ensure .gitignore inclusion and use of deployment-time secret injection (e.g., Azure Key Vault).
  • Role-based permissions defined per entity/action. Fine-grained field-level or row-level access control strategy must be designed upfront.
  • Database metadata is queried at startup. Schema changes require container restart or configuration file updates.

When to avoid it — and what to weigh

  • Complex business logic required — DAB is a CRUD data API engine only. Applications requiring transaction orchestration, workflow logic, or computed fields need custom backend code.
  • High-cardinality real-time subscriptions — GraphQL subscriptions not mentioned in README. For applications requiring WebSocket-based real-time push (e.g., collaborative editing), requirements need validation.
  • Sensitive data with strict audit trails — No mention of query logging, field-level encryption, or compliance audit features. Requires security review before handling regulated data.
  • Non-relational schema evolution — DAB assumes stable, inspectable database schemas. Highly dynamic or document-oriented data models may require manual entity configuration.

License & commercial use

MIT License (permissive, OSI-approved). Permits commercial use, modification, and distribution with attribution and inclusion of license text.

MIT license permits commercial use without restriction. However, ensure your organization's legal/compliance review confirms no conflicts with Microsoft trademark usage or Azure-specific terms. No warranty or liability disclaimer review needed beyond standard MIT terms.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityLow
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

Role-based permission model enforced at entity/action level. Configuration supports environment variable references for secrets. No mention of query parameterization/prepared statements, but dynamic query translation to SQL is stated. CORS and authentication provider configuration exposed in config. Audit logging, field encryption, and row-level security capabilities are not mentioned; requires documentation review. .env file handling carries risk if misconfigured; best practices must be reinforced.

Alternatives to consider

PostgREST / Hasura

PostgreSQL-first declarative API generators; offer GraphQL with subscriptions and row-level security. Hasura adds caching and data federation; more opinionated schema.

AWS Amplify DataStore / Firebase Realtime

Cloud-native, fully managed, include real-time subscriptions and offline sync. Trade-off: vendor lock-in and higher cost at scale.

Custom Node.js/Python API (Express, FastAPI)

Maximum flexibility for business logic, custom validation, and integrations. Trade-off: longer development time and higher maintenance burden.

Software development agency

Build on data-api-builder with DEV.co software developers

Evaluate Data API Builder for your next project. MIT-licensed, Microsoft-backed, and production-ready. Contact us to discuss fit with your architecture.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

data-api-builder FAQ

Can I use DAB with existing databases without schema changes?
Yes. DAB reads metadata at startup and exposes tables, views, and stored procedures as-is. No schema modifications required; configuration is additive.
How does DAB handle authentication and authorization?
Role-based permissions are declared per entity/action in JSON config. Default provider is 'AppService' (Azure App Service). Custom identity provider integration requires documentation review.
Is DAB suitable for production use?
Yes, designed for container deployment. 527 open issues and active maintenance suggest stability, but security/audit capabilities and compliance coverage must be validated for regulated workloads.
What databases does DAB support?
Azure SQL, SQL Server, SQLDW, Cosmos DB, PostgreSQL, and MySQL. All supported across on-prem, Azure, AWS, GCP, and other environments.

Software developers & web developers for hire

DEV.co helps companies turn open-source tools like data-api-builder into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your mcp servers stack.

Ready to accelerate API development?

Evaluate Data API Builder for your next project. MIT-licensed, Microsoft-backed, and production-ready. Contact us to discuss fit with your architecture.