How is data security handled?

In order to read, append or import data, you’ll need an Auth Token with the right permissions. You can define tokens with any scope, and even make it granular enough to handle row-level security (e.g. client 123 can only see data where “client_id = 123”). Read more about Auth Tokens in this guide.

Do Auth Tokens expire?

Auth Tokens do not expire. You have the ability to refresh a token; any application using that token will need to be updated.

Can Tinybird API Endpoints push data?

No, you must make a request to the API to query data.

Should I use the Query API or API Endpoints in my application?

The Query API is similar to running SQL statements against a normal database instead of using it as your backend. It can be useful for ad-hoc queries, but it’s not a fully productized API like the Endpoints.

We recommend building pipes and publishing Endpoints for several reasons:

  • You can build and maintain all of your logic in Tinybird, and simply call the Endpoint to get the result. With the Query API, you must write a full SELECT statement in your code.

  • You can use incremental nodes in your Pipes to simplify the development and maintenance of your queries. With the Query API, you could end up writing a complex nested query.

  • Endpoints support query parameters and more complex logic with the Tinybird templating language.

  • Endpoints automatically incorporate any changes from your query, which means little downstream impact.