Skip to content
Reeflow
Start Building

Connections

Connections link Reeflow to your external data sources: databases like PostgreSQL and APIs like Tinybird. Each connection stores the credentials and configuration needed to query a specific data source.

When users view analytics (charts, workbooks, etc.), Reeflow uses connections to fetch data in real time. The query engine compiles JSONQL into native SQL or API calls, executes them against the connected data source, and returns results for charts to consume.

Supported data sources

Section titled “Supported data sources”

Reeflow supports the following data source types:

TypeDescription
PostgreSQLConnect to PostgreSQL databases, including managed services like Neon, Supabase, and Amazon RDS
TinybirdConnect to Tinybird’s real-time analytics API

How connections work

Section titled “How connections work”

When a query runs against a connection, Reeflow follows this process:

  1. Compile query: The JSONQL query is compiled into the native query format for the data source type (SQL for PostgreSQL, API calls for Tinybird).
  2. Apply security: Table-level, column-level, and row-level security rules are applied to the compiled query based on the user’s role.
  3. Execute: Reeflow connects to the data source using the stored credentials and runs the query.
  4. Return results: Query results are transformed into a standard format for charts to consume.
flowchart LR
    subgraph Clients
        Console[Console]
        SDK[Embed SDK]
    end

    subgraph Reeflow
        API[Query API] --> Compiler[JSONQL Compiler]
        Compiler --> Security[Security Layer]
        Security --> Executor[Query Executor]
    end

    subgraph Sources [Data Sources]
        PG[(PostgreSQL)]
        TB[Tinybird API]
    end

    Console --> API
    SDK --> API
    Executor --> PG
    Executor --> TB

Connection security

Section titled “Connection security”

Access to connections is controlled through roles with granular permissions for connections and tables, columns, and rows.

Sensitive fields (passwords, API tokens, etc.) are encrypted with AES-256 both at rest and in transit. Credentials are never returned in API responses or displayed in the Console after creation. For additional security, create read-only database credentials specifically for Reeflow.

Section titled “Related”