Check out this simple, easy API replacement: just set up Docker, APISIX, Grafana, Prometheus, etc.<p>Does anyone else miss the old days of just editing your site's code and adding new columns to your MYSQL database while people were surfing your website? That was fun.<p>Tip: Another way to turn your DB into an API is to just connect to it and then write SQL queries.
> Creating a full-fledged API [...]. You need to think about [...] the REST principles<p>I can assure you you don't need to do that. And most people don't.<p>It's perfectly possible to create a useful API without adhering to the REST principles.<p>[Edit, having read the rest of the article]: Case in point, this very PostgREST tool promoted in the article appears very useful, while not thinking about the REST principles.
Reminds me of datasette, which does similar things for SQLite (and much more, too). Docs at <a href="https://docs.datasette.io/en/stable/json_api.html" rel="nofollow">https://docs.datasette.io/en/stable/json_api.html</a><p>Example: Retrieve JSON for <a href="https://fivethirtyeight.datasettes.com/polls/president_primary_polls" rel="nofollow">https://fivethirtyeight.datasettes.com/polls/president_prima...</a> simply with <a href="https://covid-19.datasettes.com/covid/ny_times_us_counties.json?state__exact=Texas&_sort_desc=date" rel="nofollow">https://covid-19.datasettes.com/covid/ny_times_us_counties.j...</a> (I added a filter for Texas)
> when you’ve validated the requirements, you can keep the existing façade and replace PostgREST with your custom-developed API.<p>Why? What is it about postgrest which makes it unsuitable for "real" usage? The author doesn't mention it.
Hm, using Apache APISIX for DDoS protection on a single node? That won't really stop a real DDoS. Not much you can do on a single server, if a botnet is saturating the network links to your server(s), without help from your infra provider.<p>This setup can be used to prevent the backends from being overloaded, which one can probably already do from a single host, and depending on the speed/amount of work by the backends done, not a lot of bandwidth is required to overload most systems that have a limited amount of request processing capacity.<p>I would argue that this is load management/shedding though, and not DDoS protection.
Maybe I am biased, but at this point I would find simpler to just give access to the DB.<p>Let user write their own SQL queries and meter how much time they use for billing or abuse prevention.
That's what I actually admire about Supabase [0].<p>The folks created an almost full fledged Firebase replacement by clipping pieces together (similar to the article, replacing APISIX with Kong) and it allows them to iterate super fast.<p>Pragmatic, and nice if you're on the receiving end of it .<p>[0] <a href="https://github.com/supabase/supabase#how-it-works" rel="nofollow">https://github.com/supabase/supabase#how-it-works</a>
Here's a page that talks a bit more about Apache APISIX: <a href="https://apisix.apache.org/docs/apisix/getting-started/" rel="nofollow">https://apisix.apache.org/docs/apisix/getting-started/</a><p>I find it a bit ironic that they don't support Apache2 as the web server, you know, it being an Apache project and all, instead going for Nginx or OpenResty (though admittedly they're great projects).<p>Even nowadays Apache2 is pretty okay: <a href="https://blog.kronis.dev/tutorials/how-and-why-to-use-apache-httpd-in-2022" rel="nofollow">https://blog.kronis.dev/tutorials/how-and-why-to-use-apache-...</a> (especially if you disable .htaccess for less disk I/O and use it with a single file based config)
Or just use an API generator like <a href="https://apibakery.com" rel="nofollow">https://apibakery.com</a> , <a href="https://amplication.com" rel="nofollow">https://amplication.com</a> or another with your favorite framework and call it a day.
This is far from what I'd call "poor man's" thing.<p>I'd want to host it for free, so Vercel and Netlify comes to my mind. But to go real poor man style, I'd use Google sheets as a backend and throw some caching layer on top of it. Firebase or one of its competitors is also a good idea to get some API up and running for free.