data-api-builder
Data API builder is a Microsoft open-source tool that automatically generates REST and GraphQL APIs from databases without custom code. It supports multiple database types (SQL Server, Azure SQL, PostgreSQL, MySQL, Cosmos DB) and runs as a containerized service on any cloud or on-premises.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | Azure/data-api-builder |
| Owner | Azure |
| Primary language | C# |
| License | MIT — OSI-approved |
| Stars | 1.5k |
| Forks | 348 |
| Open issues | 527 |
| Latest release | v2.0.9 (2026-06-29) |
| Last updated | 2026-07-08 |
| Source | https://github.com/Azure/data-api-builder |
What data-api-builder is
DAB is a C# .NET 8+ application that reads database metadata, translates HTTP/GraphQL requests to parameterized SQL, and returns JSON responses. It provides role-based permission controls, environment variable support for secrets, and development-mode Swagger/Nitro UI. Configuration is declarative JSON.
Get the data-api-builder source
Clone the repository and explore it locally.
git clone https://github.com/Azure/data-api-builder.gitcd data-api-builder# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires .NET 8+ runtime for CLI usage; Docker for production deployment. Team must have container orchestration knowledge.
- Configuration is declarative JSON; no UI builder evident. Teams must manually define entity mappings, permissions, and GraphQL type naming.
- Secrets managed via .env files or environment variables. Ensure .gitignore inclusion and use of deployment-time secret injection (e.g., Azure Key Vault).
- Role-based permissions defined per entity/action. Fine-grained field-level or row-level access control strategy must be designed upfront.
- Database metadata is queried at startup. Schema changes require container restart or configuration file updates.
When to avoid it — and what to weigh
- Complex business logic required — DAB is a CRUD data API engine only. Applications requiring transaction orchestration, workflow logic, or computed fields need custom backend code.
- High-cardinality real-time subscriptions — GraphQL subscriptions not mentioned in README. For applications requiring WebSocket-based real-time push (e.g., collaborative editing), requirements need validation.
- Sensitive data with strict audit trails — No mention of query logging, field-level encryption, or compliance audit features. Requires security review before handling regulated data.
- Non-relational schema evolution — DAB assumes stable, inspectable database schemas. Highly dynamic or document-oriented data models may require manual entity configuration.
License & commercial use
MIT License (permissive, OSI-approved). Permits commercial use, modification, and distribution with attribution and inclusion of license text.
MIT license permits commercial use without restriction. However, ensure your organization's legal/compliance review confirms no conflicts with Microsoft trademark usage or Azure-specific terms. No warranty or liability disclaimer review needed beyond standard MIT terms.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Strong |
| Assessment confidence | High |
Role-based permission model enforced at entity/action level. Configuration supports environment variable references for secrets. No mention of query parameterization/prepared statements, but dynamic query translation to SQL is stated. CORS and authentication provider configuration exposed in config. Audit logging, field encryption, and row-level security capabilities are not mentioned; requires documentation review. .env file handling carries risk if misconfigured; best practices must be reinforced.
Alternatives to consider
PostgREST / Hasura
PostgreSQL-first declarative API generators; offer GraphQL with subscriptions and row-level security. Hasura adds caching and data federation; more opinionated schema.
AWS Amplify DataStore / Firebase Realtime
Cloud-native, fully managed, include real-time subscriptions and offline sync. Trade-off: vendor lock-in and higher cost at scale.
Custom Node.js/Python API (Express, FastAPI)
Maximum flexibility for business logic, custom validation, and integrations. Trade-off: longer development time and higher maintenance burden.
Build on data-api-builder with DEV.co software developers
Evaluate Data API Builder for your next project. MIT-licensed, Microsoft-backed, and production-ready. Contact us to discuss fit with your architecture.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
data-api-builder FAQ
Can I use DAB with existing databases without schema changes?
How does DAB handle authentication and authorization?
Is DAB suitable for production use?
What databases does DAB support?
Software developers & web developers for hire
DEV.co helps companies turn open-source tools like data-api-builder into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your mcp servers stack.
Ready to accelerate API development?
Evaluate Data API Builder for your next project. MIT-licensed, Microsoft-backed, and production-ready. Contact us to discuss fit with your architecture.