NpgsqlRest

Appearance

Comments
Written with Claude
IMPORTANT

As you may notice, this page and pretty much the entire website were obviously created with the help of AI. I wonder how you could tell? Was it a big "Written With Claude" badge on every page? I moved it to the top now (with the help of AI of course) to make it even more obvious. There are a few blogposts that were written by me manually, the old-fashioned way, I hope there will be more in the future, and those have a similar "Human Written" badge. This project (not the website), on the other hand, is a very, very different story. It took me more than two years of painstaking and unpaid work in my own free time. A story that, hopefully, I will tell someday. But meanwhile, what would you like me to do? To create a complex documentation website with a bunch of highly technical articles with the help of AI and fake it, to give you an illusion that I also did that manually? Like the half of itnernet is doing at this point? How does that makes any sense? Is that even fair to you? Or maybe to create this website manually, the old-fashioned way, just for you? While working a paid job for a salary, most of you wouldn't even get up in the morning. Would you like me to sing you a song while we're at it? For your personal entertainment? Seriously, get a grip. Do you find this information less valuable because of the way this website was created? I give my best to fix it to keep the information as accurate as possible, and I think it is very accurate at this point. If you find some mistakes, inaccurancies or problems, there is a comment section at the bottom of every page, which I also made with the help of the AI. And I woould very much appreciate if you leave your feedback there. Look, I'm just a guy who likes SQL, that's all. If you don't approve of how this website was constructed and the use of AI tools, I suggest closing this page and never wever coming back. And good riddance. And I would ban your access if I could know how. Thank you for your attention to this matter.

PostgreSQL Stats

New in 3.6.0

PostgreSQL Stats endpoints were added in version 3.6.0.

Exposes PostgreSQL statistics through HTTP endpoints for monitoring and debugging. Provides access to pg_stat_user_functions, pg_stat_user_tables, pg_stat_user_indexes, and pg_stat_activity.

Overview

json
{
  "Stats": {
    "Enabled": false,
    "CacheDuration": "5 seconds",
    "RateLimiterPolicy": null,
    "ConnectionName": null,
    "RequireAuthorization": false,
    "AuthorizedRoles": [],
    "OutputFormat": "html",
    "SchemaSimilarTo": null,
    "RoutinesStatsPath": "/stats/routines",
    "TablesStatsPath": "/stats/tables",
    "IndexesStatsPath": "/stats/indexes",
    "ActivityPath": "/stats/activity"
  }
}

Settings Reference

SettingTypeDefaultDescription
EnabledboolfalseEnable PostgreSQL statistics endpoints.
CacheDurationstring"5 seconds"Cache stats responses for the specified duration. PostgreSQL interval format. Set to null to disable caching.
RateLimiterPolicystringnullApply a rate limiter policy to stats endpoints. Specify a policy name from RateLimiterOptions.Policies.
ConnectionNamestringnullUse a specific named connection for stats queries. When null, uses the default connection.
RequireAuthorizationboolfalseRequire authentication for stats endpoints.
AuthorizedRolesarray[]Restrict access to specific roles. Empty array allows any authenticated user (if RequireAuthorization is true).
OutputFormatstring"html"Output format: "json" or "html". HTML format is Excel-compatible for easy copy-paste.
SchemaSimilarTostringnullFilter schemas using PostgreSQL SIMILAR TO pattern.
RoutinesStatsPathstring"/stats/routines"Path for routine (function/procedure) statistics.
TablesStatsPathstring"/stats/tables"Path for table statistics.
IndexesStatsPathstring"/stats/indexes"Path for index statistics.
ActivityPathstring"/stats/activity"Path for current database activity.

Available Endpoints

Routines Stats (/stats/routines)

Returns data from pg_stat_user_functions including:

  • Call counts
  • Total execution time
  • Self execution time

PostgreSQL Configuration Required

Routine statistics require track_functions to be enabled in PostgreSQL:

sql
ALTER SYSTEM SET track_functions = 'all';
SELECT pg_reload_conf();

Or set track_functions = 'all' in postgresql.conf and restart/reload.

Tables Stats (/stats/tables)

Returns data from pg_stat_user_tables including:

  • Tuple counts (live, dead, inserted, updated, deleted)
  • Table sizes
  • Sequential and index scan counts
  • Last vacuum and analyze timestamps

Indexes Stats (/stats/indexes)

Returns data from pg_stat_user_indexes including:

  • Index scan counts
  • Tuples read and fetched
  • Index definitions
  • Index sizes

Activity (/stats/activity)

Returns data from pg_stat_activity showing:

  • Active sessions
  • Currently running queries
  • Wait events
  • Session state and duration

Security Warning

The activity endpoint shows currently running queries which may contain sensitive data (passwords in plaintext queries, personal information, etc.). Always enable RequireAuthorization in production.

Output Formats

HTML Format (Default)

json
{
  "Stats": {
    "Enabled": true,
    "OutputFormat": "html"
  }
}

Returns an HTML table that is Excel-compatible for direct browser copy-paste. Ideal for quick debugging and analysis.

JSON Format

json
{
  "Stats": {
    "Enabled": true,
    "OutputFormat": "json"
  }
}

Returns a JSON array suitable for programmatic access and integration with monitoring tools.

Security

Require Authentication

json
{
  "Stats": {
    "Enabled": true,
    "RequireAuthorization": true
  }
}

Any authenticated user can access stats endpoints.

Role-Based Access

json
{
  "Stats": {
    "Enabled": true,
    "RequireAuthorization": true,
    "AuthorizedRoles": ["admin", "dba"]
  }
}

Only users with admin or dba roles can access stats endpoints.

TIP

Stats endpoints can reveal sensitive information about your database including table sizes, query patterns, and active sessions. Always enable RequireAuthorization in production environments.

Caching

Cache responses to reduce database load:

json
{
  "Stats": {
    "Enabled": true,
    "CacheDuration": "10 seconds"
  }
}

The value uses PostgreSQL interval format:

  • "5 seconds" or "5s"
  • "1 minute" or "1min"
  • "30s"

Set to null to disable caching (queries the database on every request).

Query strings are ignored to prevent cache-busting.

Rate Limiting

Apply a rate limiter policy to prevent abuse:

json
{
  "RateLimiterOptions": {
    "Enabled": true,
    "Policies": {
      "stats-limit": {
        "PermitLimit": 10,
        "Window": "1 minute"
      }
    }
  },
  "Stats": {
    "Enabled": true,
    "RateLimiterPolicy": "stats-limit"
  }
}

Schema Filtering

Filter statistics by schema using PostgreSQL SIMILAR TO pattern:

json
{
  "Stats": {
    "Enabled": true,
    "SchemaSimilarTo": "public|myapp%"
  }
}

This example includes:

  • The public schema
  • Schemas starting with myapp (e.g., myapp, myapp_v1, myapp_archive)

When null, all schemas are included.

Using a Different Connection

Query stats from a specific database or with different credentials:

json
{
  "ConnectionStrings": {
    "Default": "Host=primary;Database=myapp;Username=app;...",
    "Stats": "Host=replica;Database=myapp;Username=readonly;..."
  },
  "Stats": {
    "Enabled": true,
    "ConnectionName": "Stats"
  }
}

Useful for:

  • Using read-only credentials
  • Querying a read replica
  • Separating stats queries from application traffic

Custom Paths

json
{
  "Stats": {
    "Enabled": true,
    "RoutinesStatsPath": "/api/stats/functions",
    "TablesStatsPath": "/api/stats/tables",
    "IndexesStatsPath": "/api/stats/indexes",
    "ActivityPath": "/api/stats/sessions"
  }
}

Example Configurations

Development (Open Access)

json
{
  "Stats": {
    "Enabled": true,
    "OutputFormat": "html"
  }
}

Production (Secured)

json
{
  "Stats": {
    "Enabled": true,
    "RequireAuthorization": true,
    "AuthorizedRoles": ["admin"],
    "CacheDuration": "30 seconds",
    "OutputFormat": "json"
  }
}

Monitoring Integration

json
{
  "Stats": {
    "Enabled": true,
    "RequireAuthorization": true,
    "AuthorizedRoles": ["monitoring"],
    "OutputFormat": "json",
    "CacheDuration": "10 seconds",
    "RateLimiterPolicy": "monitoring"
  }
}

Limited Schema Access

json
{
  "Stats": {
    "Enabled": true,
    "RequireAuthorization": true,
    "SchemaSimilarTo": "public|api%",
    "OutputFormat": "html"
  }
}

Next Steps

Comments

Released under the MIT License.

Copyright © 2024-2026 VB Consulting