Audit Log + Compliance Reporting
Append-only audit log and compliance reporting API. Record every significant action in your system — logins, data access, mutations, exports, config changes — search them flexibly, generate compliance summaries, and manage retention. No extra services needed: it's all Postgres.
Event Tracking
Lightweight product analytics backend. Track any named event with arbitrary properties, then query counts and user histories. No third-party analytics service required — your data stays in your database.
FCM Push Notifications
Send Firebase Cloud Messaging (FCM) push notifications straight from your database — register device tokens, send to one device, or fan out to every device a user owns. No app server, no Firebase Admin SDK. A drop-in replacement for a Supabase + FCM setup.
Feature Flags
Postgres-backed feature flag API. Create, toggle, and check flags from any service.
GDPR Data Export + Deletion
Two endpoints to satisfy GDPR Article 15 (right of access) and Article 17 (right to erasure). Every request is logged to an audit table. Data is kept on your own infrastructure — nothing leaves your database.
JWT Verification Starter
Verify JWTs three ways - against a provider's JWKS (Auth0, Clerk, Cognito, Firebase), a static PEM public key, or an HS256 shared secret - then protect a real per-user Postgres resource scoped to the token's sub claim. Reference endpoints for every is_valid_jwt mode plus a working, owner-scoped notes API and a one-call multi:true migration.
Lead Capture
Capture leads from any form, landing page, or webhook. Every submission is validated, stored in Postgres, and fires an instant Slack notification. Your data stays on your infrastructure.
MCP Postgres Starter
Turn your Postgres data into secure MCP tools any AI client (Claude Desktop, Claude Code, Cursor) can call. Two-tier auth: one shared token for yourself, or per-user tenant-scoped tokens for your customers - minted via an HS256 exchange or verified directly against your OIDC provider's JWKS (Auth0, Clerk, Cognito). Every tool reuses the same in-config token checks as a normal Air Pipe route.
Multi-Tenant SaaS Starter
A production-shaped multi-tenant backend over Postgres: API-key authentication (sha256-hashed, generated server-side, revocable), strict per-tenant data isolation, plan-based limits, and usage metering. Every request resolves its API key to exactly one tenant and every query is scoped to it — cross-tenant access is structurally impossible. The 'Air Pipe is a real backend, not a workflow tool' pack.
Observability Showcase
Deploy this config and three things appear immediately with zero extra work; Prometheus Metrics, Open Telemetry Tracing, OpenAPI Spec documentation.
Every request becomes a trace you can inspect end-to-end: method, path, status code, latency, and which actions ran inside it.
No annotations beyond the config. No code. No separate instrumentation setup.
RAG Chatbot
Retrieval-Augmented Generation chatbot backed by Postgres + pgvector. Ingest your own documents, store OpenAI embeddings alongside them, and answer questions using only your data — no third-party vector DB, no proprietary cloud, nothing leaves your infrastructure. Includes seed, ingest, chat, history, and delete endpoints.
REST API Starter
A production-shaped CRUD API over Postgres with three resource types (users, posts, comments) and optional JWT validation. No external services required — just a Postgres database. Deploy and start making requests in under 10 minutes.
Stripe Webhooks → DB → Slack
Receives Stripe webhook events, verifies the signature, stores every event in Postgres with idempotency, and posts a Slack notification. One endpoint handles all event types.
Twilio SMS Bot
A Twilio SMS bot served straight from your database. Receives inbound SMS via a Twilio webhook, replies instantly with TwiML, routes keyword commands to canned replies, handles STOP/START opt-out, and logs every message. No app server.
Webhook Logger / Inspector
A zero-dependency webhook capture tool. Point any webhook sender at `/webhooks/log` and the full request — body, headers, and query params — is stored in your Postgres database. Replay stored events to your local dev server without re-triggering the original source.
Useful for debugging Stripe, GitHub, Shopify, or any other webhook-based integration. Captures headers like `X-Stripe-Signature`, `X-GitHub-Event`, and `X-Hub-Signature-256` alongside the body so you have everything needed to replay or verify the original request.