Appearance
PostgreSQL integration
PostgreSQL is a relational database. This integration lets your WeWeb backend run SQL queries against a PostgreSQL database securely from API Endpoints and backend workflows.
Use cases
- Read and write data from backend workflows (e.g. list users, update a record)
- Run parameterized queries to avoid SQL injection
- Power API Endpoints that expose your database logic
- Execute reports or bulk operations from scheduled or triggered workflows
Setup
- Have a PostgreSQL database (host, port, database name, user, password). Ensure the database accepts connections from where WeWeb runs (network/firewall and SSL if required).
- In WeWeb, go to the Settings tab → Integrations → PostgreSQL → Add connection.
- For each environment (Editor, Staging, Production), set:
- Host — IP address or hostname of the database server.
- Port — Port number (default
5432). - Database — Database name.
- User — Database user name.
- Password — Database password.
- SSL — SSL mode:
DISABLED,PREFERRED, orREQUIREDas required by your provider.
- Save the connection and test with the Execute SQL action using a simple query (e.g.
SELECT 1).
Common pitfalls (setup & usage)
Connection refused or timeout
The database must be reachable from WeWeb’s backend. Check firewall rules, security groups, and that the host/port are correct. For managed Postgres (e.g. AWS RDS, Supabase), use the host and port from the provider and enable SSL if required.
SSL required by provider
If the server requires SSL, set SSL to PREFERRED or REQUIRED in the connection. Use REQUIRED with rejectUnauthorized: true when you must verify the server certificate.
Missing parameter error
Queries use $paramName placeholders (e.g. $userId). Each placeholder must have a matching Query Parameters entry. Remove or add parameters so every $name in the query is supplied.
All Actions
| Action | Description |
|---|---|
| Execute SQL | Run a parameterized SQL query and return rows |
Action details
Execute SQL
Run a SQL query against the connected PostgreSQL database. Use $paramName in the query for parameters; pass values via Query Parameters.
Inputs
| Display Key | Example Input | Description | Restrictions |
|---|---|---|---|
SQL Query | SELECT * FROM users WHERE id = $userId | The SQL query to run. Use $paramName for parameters (e.g. $userId, $email) | Required; parameters must be supplied |
Query Parameters | — | Key-value pairs for each $paramName in the query. Keys are auto-derived from the query | One entry per $paramName; required when query has parameters |
Example output
json
{
"rows": [
{ "id": 1, "email": "user@example.com", "name": "Jane" },
{ "id": 2, "email": "other@example.com", "name": "John" }
]
}- The action returns an object with a rows array. For
SELECT, each element is a row (keys = column names). ForINSERT/UPDATE/DELETE, rows may be empty or contain result metadata depending on the driver. - Parameters are passed as bound values to avoid SQL injection; never concatenate user input into the query string.
Error handling
| Error code and type | Reason |
|---|---|
| Connection error | Invalid host/port, network unreachable, or SSL misconfiguration. |
| Authentication failed | Wrong user or password. |
| Missing parameter | A $paramName in the query has no value in Query Parameters. |
| Syntax / execution error | Invalid SQL or runtime error (e.g. constraint violation); check the error message from the database. |
FAQs
How do I avoid SQL injection?
Use Query Parameters. Put placeholders like $userId in the query and pass the real values in Query Parameters. Do not build the query string by concatenating user input.
Can I run multiple statements?
Behavior depends on the driver and query. Prefer one logical operation per action (e.g. one SELECT or one INSERT). For transactions or multiple steps, use multiple actions or a single query that the database supports (e.g. a function).