Data APIs

A secure API over every database.

One GraphQL + SQL endpoint over Postgres, MySQL, SQL Server, AWS Athena, Apache Iceberg and more — with row-level access rules, column masking & encryption, query caching and read-replica routing. Configured, not coded.

Try eru-ql → See features
Bring your database: PostgresMySQL SQL ServerIceberg
AUTH RULES CRYPTO CACHE Postgres MySQL SQL Server Athena Iceberg
Why eru-ql

Instant APIs that enforce your security model.

eru-ql provides a secure and configurable data API layer designed for modern enterprise applications. Define row-level access policies, column masking, encryption rules, query caching, and replica routing through configuration, while exposing both GraphQL and raw SQL APIs through a unified endpoint.

Security and governance are enforced at the API layer itself, ensuring that every query follows the rules defined for your platform, users, and data. Built to work consistently across platforms, eru-ql enables teams to create scalable and governed data services.

5+
database backends
2
query languages
AES
column encryption
4
cache backends
Core features

Made for production data layers

GraphQL + raw SQL, one endpoint

Pick the right tool per query. The same auth, caching, replicas and rules apply to both.

Row-level access rules

Declarative AND/OR custom rules with operators (eq, in, btw, like, …), variables and templates.

Column-level masking

Per-column policy — none, hash or encrypt — applied transparently at read time.

Column encryption (AES)

Per-project AES keys. Encrypted on write, decrypted on read — never in your application code.

Read replica routing

Multiple replicas per datasource with automatic failover and load distribution.

Query result caching

Datasource-level cache backed by Redis, Redis Cluster, etcd or in-memory — by config.

ACID batched mutations

The @singleTxn directive wraps multiple operations in one transaction with full rollback.

Multi-DB routing

The @dbalias directive routes a query to a specific datasource — no client-side fan-out.

{ }

JSON / JSONB queries

First-class JSON path queries on Postgres. CTEs, window functions and UPSERT all supported.

Architecture

From query to protected result

Security rules and column policies apply before the query touches your data — then the result is decrypted and cached on the way back, across any supported database.

Client query GraphQL / SQL Auth + rules row + column Cache Redis · etcd SQL engine planner + replicas Column crypto AES · hash · mask Databases filtered + decrypted Postgres MySQL SQL Server Athena IcebergS3 Tables
Data sources & backends

Five backends, one model

PostgreSQL 15+ MySQL 8.0+ SQL Server AWS Athena Apache Iceberg (S3 Tables) Redis cache etcd cache Read replicas
Configure, don't code

A protected query in GraphQL

Row rules and column policies are evaluated server-side. The client just asks for fields.

query.graphql
# row rule + column encryption applied transparently
query Customers @dbalias(name: "warehouse") {
  customers(where: { region: { _eq: "APAC" } }) {
    id
    name
    # pan is encrypted at rest, decrypted here
    pan
    # ssn is masked with hash policy → always shows hash
    ssn
    # row rule auto-injects: region = $user.region
    orders(where: { status: { _eq: "shipped" } }) {
      id
      total
    }
  }
}
Explore the platform

Pair eru-ql with the rest

eru-ai
Agentic AI
eru-functions
Run workflows
eru-auth
Identity
eru-files
Storage
eru-gateway
Ingress