Apizzer. Build secure, standards-compliant APIs on SQL Server.

image of teacher using a smartboard for edtech

Metadata-driven mapping

Map tables, views and stored procedures to API endpoints.

Mappings between database objects and the API are stored in the objects’ metadata, so the API definitions follow the database objects even when their names or structures change. When creating endpoints and data models, you can fully customize paths, resource names, columns, and parameters.

Granular API control

Customize every API parameter.

Configure authentication, documentation, rate limits, logging, telemetry, headers, CORS, compression, pagination, caching, security, request types, and more.
Adapt every aspect to your API needs.

[interface] image of a laptop displaying product interface (for an ai saas company)

OPEN API DOCUMENTATION

Auto-create beautiful API documentation.

The server automatically generates detailed documentation compliant with the OpenAPI specification.
Swagger UI automatically renders the documentation at the selected API endpoint. You can define the descriptions of every API element yourself, thereby shaping the final documentation.

Automate APIs. Eliminate manual coding.

Build secure, standards-compliant APIs – self-hosted.
Publish internally or on the public internet with full customization, robust authentication, and seamless mapping.

Self-hosted deployment

Deploy securely on your own infrastructure. Your database is never exposed directly. Maintain full control and compliance at all times.

Change-resistant mappings

Mappings between database objects and the API are stored in the objects’ metadata, so the API definitions follow the database objects even when their names or structures change.

Auto-create documentation

The server automatically generates detailed documentation compliant with the OpenAPI specification. Swagger UI automatically renders the documentation at the selected API endpoint.You can define the descriptions of every API element yourself, thereby shaping the final documentation.

JWT Authentication

SQL Server - with its defined users and roles - acts as the identity source, while secure, encrypted authentication is handled through JWT tokens.

Tables, Views, Stored Procedures

You can expose tables and views through the API, and for more complex scenarios you can also expose stored procedures.

Expose Folders

Expose file folders through the API so users can seamlessly upload and download files.

CORS

You can define CORS policies and apply them to specific API endpoints.

Rate Limiters

You can define rate limiters that restrict how many requests can be sent to the API. Limiters can be configured for different time windows and according to various criteria (e.g., IP address, user login, or authentication level).

Logging and Telemetry

Enable full request-and-response logging, either to a database or to popular services like Treblle or Sentry. You can also enable OpenTelemetry (OTLP-compliant) telemetry.

Headers

Define response headers that are added to every API call - especially helpful for enforcing security headers and browser policies.

Compression

Enable compression for API responses with Brotli or Gzip to minimize payload size and improve performance.

Preview & Run

Instantly preview your generated API in a Swagger UI-rendered OpenAPI view. Create as many API projects as you need, plug into multiple databases, and spin up multiple production instances with ease.

Caching

For each API endpoint, you can configure caching mechanisms on both the server and client sides.

Pagination

Enable pagination for large datasets to reduce resource usage on both server and client.

Security

Define which roles have access to each endpoint and which HTTP methods they may use.

HTTP Methods

Define the list of supported HTTP methods for each endpoint.

Primary Key

Define table primary keys flexibly so they are respected in GET methods.

Filtering & Sorting

Extend GET methods with parameters for column-level filtering, sorting, and selective field projection.

$0
No-cost
Trial
For Testing Purposes
Download
- Features
- Max 3 Tables
- Max 3 Views
- Max 3 Stored Procedures
- Max 3 File Folders
$799
Per year
Professional
Single Machine License
Buy
- Features
- Unlimited Tables
- Unlimited Views
- Unlimited Stored Procedures
- Unlimited File Folders
Enterprise
Tailored deployments, dedicated support, custom integrations.
Inquire

FAQ: automation, deployment, security

FAQ

Which database engines are supported, and why only SQL Server?

Apizzer targets Microsoft SQL Server 2012 and newer, including Azure SQL. By focusing on a single engine, it can fully use SQL Server-specific features - without the compromises you usually face with tools that try to support many databases.

What security mechanisms protect my APIs?

Authentication is based on JWT tokens issued for native SQL Server logins; authorization re-uses existing database roles. Designer lets you configure per-endpoint role matrices, fine-grained CORS, and rate limits.

Which operating systems can run Apizzer components?

Windows 10 / 11 (64-bit)

Windows Server 2019, 2022, 2025

How do I scale Apizzer for high availability?

The Web API is stateless, so horizontal scaling is straightforward: start multiple instances and place them behind a reverse proxy or load balancer.

How is API versioning handled?

You can publish v1 of the API, keep it running, then clone the project in Designer, bump the version (e.g., 2.0.0), and publish to a different base URL such as /api/v2. Both versions can coexist until consumers migrate.

Can I expose stored procedures as endpoints?

Yes. Any stored procedure can be surfaced as a single endpoint and bound to any HTTP verb you choose. You control which parameters are public, how they’re named, where they appear (route, query, or body), and you can design a typed response model so Swagger / OpenAPI documents the result set precisely.