Skip to main content
The Query API provides REST endpoints for querying PostgreSQL and MongoDB databases. These endpoints mirror the query_postgres and query_mongodb MCP tools, making the same retrieval capabilities available to developers and applications via HTTP.

Query PostgreSQL

Execute a read-only SQL SELECT query against PostgreSQL. 
POST /api/v1/query/postgres

Request

FieldTypeRequiredDefaultDescription
sqlstringYesSQL SELECT query to execute
databasestringNodatrisPostgreSQL database name to connect to
limitintegerNo100Maximum rows to return (max 1000)

Example

curl -X POST http://localhost:8080/api/v1/query/postgres \
  -H "Content-Type: application/json" \
  -d '{
    "sql": "SELECT symbol, date, close FROM test.stock_price WHERE volume > 1000000",
    "database": "datris",
    "limit": 10
  }'

Response

{
  "results": [
    {
      "symbol": "AAPL",
      "date": "2024-01-15",
      "close": 185.92
    }
  ],
  "count": 1
}

Safety

The endpoint enforces multiple layers of protection:
  • SELECT-only — only queries starting with SELECT are allowed
  • Read-only connection — the JDBC connection is set to read-only mode
  • Statement blocklist — queries containing INSERT, UPDATE, DELETE, DROP, ALTER, CREATE, TRUNCATE, GRANT, REVOKE, COPY, CALL, EXECUTE, or EXEC are rejected
  • No stacked queries — semicolons are not allowed
  • No SQL comments-- and /* */ are rejected to prevent obfuscation
  • LIMIT enforcement — if no LIMIT is present, one is appended automatically (max 1000)

Query MongoDB

Query a MongoDB collection with optional filter and projection. 
POST /api/v1/query/mongodb

Request

FieldTypeRequiredDefaultDescription
collectionstringYesMongoDB collection name
filterobjectNo{}MongoDB query filter
projectionobjectNoall fieldsFields to include/exclude
limitintegerNo20Maximum documents to return (max 1000)

Example

curl -X POST http://localhost:8080/api/v1/query/mongodb \
  -H "Content-Type: application/json" \
  -d '{
    "collection": "orders",
    "filter": {"status": "active"},
    "projection": {"name": 1, "_id": 0},
    "limit": 10
  }'

Response

{
  "results": [
    {
      "name": "Order-001"
    }
  ],
  "count": 1
}

Safety

  • Blocked operators — filters containing $where, $function, or $accumulator are rejected, as these allow arbitrary JavaScript execution
  • Standard MongoDB query operators ($eq, $gt, $in, $regex, etc.) are safe and fully supported

Kill Job

Kill a running pipeline job by its pipeline token. The job thread is interrupted and the job is marked as cancelled. 
POST /api/v1/job/kill

Request

FieldTypeRequiredDescription
pipelineTokenstringYesPipeline token of the running job to kill

Example

curl -X POST http://localhost:8080/api/v1/job/kill \
  -H "Content-Type: application/json" \
  -d '{
    "pipelineToken": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
  }'

Response

{
  "status": "cancelled",
  "pipelineToken": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

Error Cases

  • Job not found for the given pipeline token
  • Job is not in PROCESSING state (already completed or cancelled)
  • Job thread is no longer alive