Every SaaS needs the same unglamorous foundation before feature work can start: somewhere to store data, an API to reach it, and rules about who can touch which rows. Assemble that by hand and you lose a week. WattleDB gives you the first three as one managed unit, so you spend your time on the product instead of the plumbing. This is a practical walkthrough — and an honest one about what's ready today versus what's on the way.

What you can build today

  • Managed PostgreSQL — your schema, provisioned in a couple of minutes.
  • Auto-generated REST API — full CRUD over your tables via PostgREST, no backend code.
  • JWT + Row-Level Security — multi-tenant isolation enforced by the database.
  • Pooled + direct connection stringsDATABASE_URL for your app, DIRECT_URL for migrations.
  • Backups + point-in-time recovery, encrypted, cross-state — from day one, on every tier.

1. Start with the data model

A SaaS lives or dies on its schema, so start there. Create a database in the console, open the built-in SQL editor, and define your tables in plain Postgres. For a multi-tenant app, put a tenant key on every row you'll isolate:

create table projects (
  id         uuid primary key default gen_random_uuid(),
  tenant_id  uuid not null,
  name       text not null,
  created_at timestamptz not null default now()
);

It's just PostgreSQL — indexes, foreign keys, JSONB columns, constraints and all. Nothing proprietary to learn, and nothing to unlearn if you ever move.

2. Get an instant REST API

Enable the REST API on your database and WattleDB generates a full CRUD interface over your schema with PostgREST — filtering, ordering, pagination and OpenAPI docs, straight from your tables. There's no API server to write or deploy. From your frontend it's an ordinary fetch:

// list this tenant's projects, newest first
const res = await fetch(
  `${API_URL}/projects?select=id,name,created_at&order=created_at.desc`,
  { headers: { Authorization: `Bearer ${jwt}` } }
);
const projects = await res.json();

Insert, update and delete work the same way. Your schema is your API — change a table and the endpoints change with it.

3. Secure it with JWT + Row-Level Security

An instant API is only useful if it's safe, and this is where WattleDB does the heavy lifting for you. The API authenticates requests with a JWT, and access is enforced by Postgres Row-Level Security (RLS) — a policy attached to the table itself, applied to every query. Turn RLS on for a table and write a policy that ties rows to the caller's tenant:

alter table projects enable row level security;

create policy tenant_isolation on projects
  for all to authenticated
  using  (tenant_id = (auth.jwt() ->> 'tenant_id')::uuid)
  with check (tenant_id = (auth.jwt() ->> 'tenant_id')::uuid);

Now a request can only ever see or change its own tenant's rows — even a query you forgot to guard in application code. This is the backbone of safe multi-tenant SaaS, and because it lives in the database, it can't be bypassed by a bug in your API layer.

4. Connect your app

You have two ways in, and they're for different jobs. The REST API (above) is perfect for a browser or mobile frontend. For server-side code, or anything that speaks Postgres directly, use the connection strings from the console:

Both are TLS-encrypted — keep sslmode=require. Point your ORM (Prisma, Drizzle) or driver at DATABASE_URL and you're live.

5. What you bring yourself — for now

Being straight with you: WattleDB today is the data layer plus the API and access control. A few pieces of a full backend are on the roadmap, not shipped:

We'd rather tell you exactly where the edges are than have you discover them mid-build.

6. Ship it — sovereign and backed up

Everything above runs on 100% Australian-owned infrastructure in Sydney, with automated backups and point-in-time recovery held cross-state in Melbourne — encrypted at rest, and never outside Australian jurisdiction. You get the fast path and a production-grade foundation, without a US CLOUD Act exposure to explain in your next procurement round.