PostgREST: disable direct access to everything but functions

I wonder if it's possible to deny access to all tables/views and only allow to functions? I just want to control the data I pass.

I can't disable access with pg roles for the tables, cause the functions use the same tables.

I can put on NGINX before PostgREST and disable anything that doesn't start with /rpc, but that the only way?

Solution

You can create and expose a dedicated schema(using the db-schema config) that only contains functions. This way no table will have direct access through the REST API.

The above follows the schema isolation guide on the postgrest docs.

Problems using ‘eq’ in a postgrest request
Tooljet on Docker - Public Schema Error after upgrade
PostgREST / PostgreSQL Cannot enlarge string buffer message
Function overloading vs No Function Matches problem
Can we use PostgREST API with Azure
How to escape string characters in supabase js OR query?
How to access a Supabase Vault Secret from my app?
How can protect PostgREST from sql injection and other security issues?
Create view with join depending on table of another join
How do I chain multiple filters on Postgres database using Golang with supabase?
Postgrest filter does not seem work with fields from related table
Can we use PostgREST with CockroachDB
How do I transform query string parameters in nginx?
supabase python - i'm trying to update an entry in a supabase table but postgrest returns 'Failed to parse [("id","Filters.EQ.1")]'
Does PostREST have a null-safe not-equal operator, like IS DISTINCT FROM?
PostgRest: fetch by column(id) returns PGRST104 "Failed to parse" error
Docker-compose swagger-ui setup which doesn't depend on a particular URL
Postgrest query. Select * from table when id = id or (user id = id and boolean = true)
postgREST - Select query from two columns with one IN condition
PostgREST select with joined table where key in joined table
How to select and order rows based on number of matched elements in array from foreign table in postgREST
PostgreSQL does not find function
column-level security with policies in PostgreSQL 14 / PostgREST?
PostgreSQL RPCs : allow required array parameters that will be processed in ANY/IN keywords to be null/empty
How to limit max return rows of PostGRest?
Supabase: get table count in rest mode
Is it possible to copy an enum type from one schema to another
Return result of three SQL queries in one SQL view
How to model PostgREST database to achieve social-network-like behaviour
PostGIS: Could not choose the best candidate function between: public.st_geomfromgeojson( => json), public.st_geomfromgeojson( => jsonb)