Developers · SQL → API

Your SQL is already an API. Apinizer just publishes it.

DB-2-API turns a parameterized query or stored procedure into a governed REST endpoint. The runtime handles auth, rate limits, validation, audit, and the OpenAPI spec.

Five-minute quickstart Open API Creator

DB-2-API — For developers use case overview from Apinizer. — For developers · DB-2-API

The problem

Half the 'service layer' in the world is one stored procedure with a Spring wrapper.

Engineers spend whole sprints writing thin services in front of legacy databases — controllers, DTOs, validators — just to expose a query. Apinizer's DB-2-API skips the service: bind a SQL query (or stored procedure), declare parameters and types, and the gateway publishes it as a REST endpoint with full governance.

Capabilities

What Apinizer does here

SQL or stored procedure

Bind a parameterized SQL query or a stored procedure name. The gateway handles binding, paging, type coercion, and result shaping.

Governed from day zero

Auth, rate limits, audit, encryption — all the API-Gateway controls apply automatically. DB-2-API is not a bypass; it's a governed shortcut.

OpenAPI generated

Parameters, response shape, status codes — OpenAPI spec generated from the binding. Partner portal lists it like any other API.

Credential vault

DB credentials live in the encrypted vault. The query references them by name; the platform never logs them, never exposes them.

Multiple database engines

PostgreSQL, MySQL, MSSQL, Oracle, Db2 — the same binding pattern works across engines.

Full audit trail

Every request captured — caller, parameters, latency, row count. The DB call shows up in audit the way every other endpoint does.

Use cases

In production, this looks like…

Government
Ankara ministry exposes 40 legacy stored procedures as a citizen-services API
Each procedure became a governed REST endpoint in a day. The mainframe doesn't know anything changed; the developer portal lists the new APIs the same morning.
40 procs, 1 sprint
Manufacturing
Stuttgart OEM exposes MES queries to partner factories
Production-line queries published with rate-limit and partner-scoped auth. Suppliers self-onboard via the portal; no thin services to maintain.
Healthcare
Stockholm hospital exposes patient-summary queries on an internal API
FHIR-shaped responses from underlying relational tables. Audit covers every read; consent enforced at the binding layer.
Retail
Madrid retailer publishes inventory queries to 230 stores
Each store calls an inventory lookup; cache keeps DB load flat. New endpoints ship without writing service code.
Public sector
Amsterdam transit authority exposes timetable lookups as REST
What used to be a SOAP service from 2008 is now a paged REST endpoint with OpenAPI. Cache hit-rate at 98% during peak.
Insurance
Milan insurer exposes a 25-year-old claim-status procedure
Procedure unchanged; the gateway publishes it as REST with auth, rate-limit, and audit. Claims chatbot integrates without touching the legacy team.
Energy
Prague utility exposes meter-reading queries to ESCOs
ESCOs subscribe via the portal; the gateway throttles per ESCO. The database team stops fielding ad-hoc requests for exports.
Banking
Baku bank exposes statement queries to mobile + branch + partner
One binding, three consumer groups, three rate limits. Audit covers every call; the legacy DB stays where it is.