pg_graphql
pg_graphql is a PostgreSQL extension that automatically exposes your database schema as a GraphQL API without requiring separate servers or middleware. It translates SQL table definitions into GraphQL types and resolvers, allowing any client that speaks GraphQL to query PostgreSQL directly.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | supabase/pg_graphql |
| Owner | supabase |
| Primary language | Rust |
| License | Apache-2.0 — OSI-approved |
| Stars | 3.3k |
| Forks | 134 |
| Open issues | 49 |
| Latest release | v1.6.1 (2026-05-07) |
| Last updated | 2026-06-03 |
| Source | https://github.com/supabase/pg_graphql |
What pg_graphql is
Written in Rust, pg_graphql reflects PostgreSQL schemas into GraphQL by introspecting table structure, foreign keys, and custom types. It runs as a PostgreSQL extension, executing GraphQL queries server-side and mapping them to SQL, eliminating the need for a separate GraphQL layer.
Get the pg_graphql source
Clone the repository and explore it locally.
git clone https://github.com/supabase/pg_graphql.gitcd pg_graphql# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- PostgreSQL version 14+ required; verify your production database meets this minimum before installation.
- Schema design directly impacts GraphQL usability—naming conventions, foreign keys, and type definitions must be carefully planned; use inflection configuration to map snake_case SQL to camelCase GraphQL.
- Introspection-based schema means schema changes in SQL are automatically reflected in GraphQL; test this behavior carefully in staging to avoid unexpected client breakage.
- GraphQL query complexity and N+1 risks depend on SQL query translation; profile generated queries to ensure performance under load.
- Authentication, authorization, and field-level access control must be implemented via PostgreSQL roles, RLS policies, or external middleware; no built-in GraphQL-level permission system apparent.
When to avoid it — and what to weigh
- Complex Business Logic Required — If your API needs significant transformation, authentication per-request, caching strategies, rate limiting, or custom resolvers, pg_graphql's schema-first approach may force workarounds. A dedicated GraphQL server offers more flexibility.
- Non-PostgreSQL Primary Datastore — pg_graphql only works with PostgreSQL. If your primary data lives in MongoDB, DynamoDB, or other databases, you will need an alternative GraphQL solution.
- Subscription or Real-Time Requirements — The provided documentation excerpt does not mention WebSocket subscriptions or real-time query support. Verify capability before adopting for live-update features.
- Multi-Tenant Isolation at Query Level — pg_graphql reflects the entire public schema by default. Fine-grained per-tenant field masking or row-level filtering requires careful Row-Level Security (RLS) policy design and may be complex to reason about.
License & commercial use
Licensed under Apache License 2.0 (Apache-2.0), a permissive OSI-approved license.
Apache-2.0 permits commercial use, modification, and distribution with conditions: include a copy of the license, state significant changes, and provide a license notice. No patent grant or liability indemnity. Suitable for commercial products, but review with legal counsel for specific use cases.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Strong |
| Assessment confidence | High |
No claims made here. Security posture depends on: (1) PostgreSQL version patching; (2) RLS policy correctness for row filtering; (3) role/authentication mapping at the application level; (4) GraphQL query complexity limits (not mentioned, verify). Rust implementation reduces memory-safety risks. External security audits not mentioned; assume standard OSS scrutiny applies.
Alternatives to consider
PostgREST
Similar schema-driven REST API from PostgreSQL; mature and widely used. Choose if REST is preferred over GraphQL, or if deployment flexibility (e.g., containerization) is required.
Hasura
GraphQL engine supporting PostgreSQL, MySQL, and others; offers advanced features (caching, subscriptions, custom resolvers, fine-grained permissions). Choose if multi-database or richer business logic is needed.
Custom GraphQL Server (Apollo, Express + graphql-js)
Full control over schema, resolvers, authentication, and optimization. Choose if pg_graphql's schema-first constraints are too limiting or if multiple data sources must be unified.
Build on pg_graphql with DEV.co software developers
Explore pg_graphql documentation, test schema reflection in your environment, and evaluate RLS policies for your auth model. Contact us to plan integration with your data stack.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
pg_graphql FAQ
Does pg_graphql require a separate GraphQL server?
Can I use pg_graphql with managed PostgreSQL (RDS, Cloud SQL, Supabase)?
How do I handle authentication and authorization?
Is pg_graphql suitable for production?
Custom software development services
Adopting pg_graphql is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source databases software in production.
Ready to add GraphQL to PostgreSQL?
Explore pg_graphql documentation, test schema reflection in your environment, and evaluate RLS policies for your auth model. Contact us to plan integration with your data stack.