Skip to main content

Public Query API

Any query you publish in Kvery becomes a callable HTTP endpoint. Your application, a script, or another service can hit that endpoint and receive the query's result as JSON — no database credentials on the client side, just a URL.

The endpoint

Each shared query is addressed by its hash:

https://app.kvery.io/query/api/{hash}

The {hash} is the share identifier generated when you share the query. Treat it like a secret: anyone with the URL (and password, if you set one) can call the endpoint.

Methods map to your SQL

Kvery decides what a request does based on the HTTP method, and a query only answers the methods that match the kind of SQL it contains:

MethodServes queries that…Typical use
GETread (SELECT, EXEC, WITH … SELECT)fetch data
POSTwrite (INSERT, UPDATE, DELETE, REPLACE, ALTER, CREATE)create / submit
PUTwritereplace
PATCHwritepartial update
DELETEwriteremove

So a SELECT query is reachable with GET, while an INSERT/UPDATE/DELETE query is reachable with POST/PUT/PATCH/DELETE.

Passing parameters

Form variables in your SQL (for example :status) become request inputs. Supply them as query-string parameters on GET or in the request body on write methods:

# GET with a parameter
curl "https://app.kvery.io/query/api/{hash}?status=open"
# POST a write query
curl -X POST "https://app.kvery.io/query/api/{hash}" \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]"}'

Caching

GET responses are served with an HTTP Cache-Control header so repeat reads can be served from cache. Queries can also enable Kvery's own result cache, which short-circuits identical reads for speed. Write requests are never cached. See Export & cache for how caching behaves.

Securing the endpoint

  • Set a password on the share so callers must authenticate.
  • Set an expiry so the hash stops working after a date.
  • Restrict the group with an IP whitelist.
  • Apply rate limits so the endpoint can't be hammered.

Shaping the response

Use directives to control status codes and error messages (SET HTTPCODE, ON ERROR RETURN), and column modifiers to shape the JSON (for example ::hidden to drop internal columns, ::json to embed parsed JSON).

Next steps

  • Send many operations in one call with batch requests.
  • Generate interactive docs for a whole group with Swagger.