Hasura

Open-source GraphQL engine, honestly reviewed. What you get when you self-host it, what gets locked behind sales calls, and who this is actually for.

TL;DR

• What it is: Open-source (Apache-2.0) GraphQL and REST API engine that auto-generates a complete API layer on top of your databases — PostgreSQL, MongoDB, ClickHouse, MSSQL — without writing backend code [README].
• Who it’s for: Developers and engineering teams who want to skip the boilerplate of building CRUD APIs. Not a tool for non-technical founders to run solo — this requires a developer at minimum [README][4].
• Cost savings: Eliminates weeks of backend API development that would otherwise go to writing resolvers, auth middleware, and subscription logic from scratch. Real savings are engineering hours, not SaaS subscription lines.
• Key strength: The Community Edition genuinely delivers — connect a Postgres database, get a full GraphQL API with relationships, permissions, and subscriptions in minutes [README][2].
• Key weakness: The new V3 architecture (called DDN, or Data Delivery Network) is a meaningful architectural pivot, and self-hosting DDN requires an enterprise license and a sales conversation. The “free self-hosted” label applies to V2, not V3 [1][2].

---

What is Hasura

Hasura is a GraphQL engine that sits between your databases and your applications. You point it at a PostgreSQL database (or MongoDB, ClickHouse, MSSQL), and it introspects the schema and generates a fully functional GraphQL API — queries, mutations, subscriptions, and relationships — without you writing a single resolver [README].

The GitHub README calls it “an open source project which supercharges the building of modern applications by providing access to data via a single, composable, secure API endpoint” [README]. That’s technically accurate but undersells the practical value: you can go from an empty Postgres schema to a production-capable API in an afternoon, including role-based access control.

As of this review, Hasura sits at 31,920 GitHub stars — a strong signal that a lot of engineering teams have voted with their time.

There are currently two meaningful versions:

Hasura V2 is the battle-tested, stable release. This is the version most tutorials cover, most production deployments run, and the one with the most ecosystem support. The V2 Community Edition is free, Docker-deployable, and fully open-source under Apache-2.0 [README][2].

Hasura V3 / DDN (Data Delivery Network) is the new architecture, GA as of early 2025. It introduces a “supergraph” concept with modular data connectors (PostgreSQL, MongoDB, ClickHouse, MSSQL), a new metadata format, and TypeScript/Python/Go connector SDKs [README]. The marketing around DDN is now front-and-center on hasura.io, and the product is rebranding around “PromptQL” — a natural language data query layer aimed at AI use cases [homepage].

The distinction matters because DDN self-hosting is not free. It requires an enterprise license and a call with Hasura sales [1]. The free, self-hostable product is V2. If you arrive at hasura.io expecting to download and run the latest version on your own server for zero cost, you’ll be surprised.

---

Why people choose it

Hasura solves a specific, well-defined pain: writing repetitive CRUD API code is expensive. For any reasonably sized application, a developer can spend weeks writing GraphQL resolvers, REST endpoints, authentication middleware, and subscription logic before a single business-specific feature gets built. Hasura eliminates that layer.

The compelling reasons teams reach for it:

Speed to first working API. The V2 quickstart is measured in minutes, not days. Connect a database URL, define a few permissions, and you have a functional API. The Hasura Cloud free tier gets you there even faster [2][4].

Real-time subscriptions out of the box. Postgres-backed live queries (via subscriptions) work without additional infrastructure. This is non-trivial to build from scratch and Hasura gives it to you for free [README].

Fine-grained access control. Hasura V2’s permission system lets you define row-level and column-level access rules per role, including dynamic variables from your JWT claims [4]. The production checklist recommends reviewing permissions carefully before go-live — particularly the anonymous role, which defaults to unauthenticated access [4].

Event triggers and webhooks. Database events can fire webhooks automatically, letting you build event-driven pipelines without polling [README].

The community numbers support the product quality: 400 million Docker pulls as of end of 2021 [3], and a Discord with 10,000+ users as of that same year [3] — both figures considerably larger now given the subsequent four years of growth.

---

Features: what it actually does

Based on the README, documentation, and deployment guides:

Core API generation (V2):

• Auto-generates GraphQL queries, mutations, and subscriptions from database schema [README]
• Supports PostgreSQL, MSSQL, and other databases in V2; PostgreSQL flavors, MongoDB, ClickHouse, MSSQL in V3 [README]
• REST API endpoints via “REST-ified” GraphQL queries [features]
• Database relationships tracked across tables, including cross-database joins [README]
• Role-based access control with row-level and column-level rules [4]
• Event triggers — fire webhooks on INSERT/UPDATE/DELETE [README]
• Scheduled triggers — cron-based webhooks [README]
• Remote schemas — stitch external GraphQL APIs into Hasura’s unified API [README]

V3 / DDN additions:

• Supergraph architecture — federate multiple data sources and services into one API [README]
• Connector Hub — modular, open-source data connectors for each database [README]
• Custom business logic connectors in TypeScript, Python, Go [README]
• PromptQL — natural language querying layer for AI-powered data access [homepage]

Production operations (V2):

• Admin secret protection, JWT authentication, webhook authentication [4]
• Allow lists for query whitelisting in production [4]
• Console (UI) can and should be disabled in production [4]
• Dev mode should be disabled in production to avoid leaking internal errors [4]
• Connection pooling for Postgres and MSSQL [4]
• End-to-end caching (Enterprise/Cloud) [2]
• Read replicas (Enterprise/Cloud) [2]

---

Pricing: SaaS vs self-hosted math

This is where Hasura gets complicated, and the complication is worth spelling out plainly.

Community Edition (V2):

• License: Apache-2.0, free forever [README]
• Cost: $0 software + cost of a VPS to run it on
• Includes: Core GraphQL engine, all database connectors, event triggers, scheduled triggers, remote schemas, basic auth
• Excludes: Enterprise features (caching, read replicas, premium connectors like Snowflake/BigQuery/Oracle, observability integrations, SSO) [2]

Hasura Cloud (managed):

• Free tier: available, sufficient for development and low-traffic apps
• Paid tiers: pricing not publicly listed per-plan on the main site — “contact us” or the cloud console for current rates
• Includes: all Enterprise features, managed infra, automatic scaling, VPC peering, compliance certifications [2]

Hasura Enterprise Edition (V2, self-hosted):

• Requires a sales conversation [2]
• Adds: Snowflake, SQL Server, BigQuery, Oracle, MySQL connectors; end-to-end caching; horizontal scaling; SSO; observability integrations [2]

Hasura DDN Self-Hosted (V3):

• Described as “a premium offering where the Hasura team will be helping you with setting up the entire DDN Platform” [1]
• Requires enterprise license [1]
• Requires Kubernetes [1]
• Start with: contact sales [1]

The math that matters for founders:

If you’re running a startup on Postgres and want to avoid building a backend API from scratch, the Community Edition (V2) is a legitimate free option. A $6–10/mo Hetzner VPS running the Docker image covers a significant production workload.

If you need Snowflake connectivity, multi-region reads, or SSO, you’re in enterprise pricing territory — data not publicly available, but expect meaningful monthly costs.

If you want the latest DDN/V3 architecture self-hosted, you’re also in enterprise pricing territory regardless of workload size.

The “self-hosted is free” headline is true for V2 Community Edition. It is not true for the product Hasura is actively marketing and building toward (DDN/V3).

---

Deployment reality check

V2 Community Edition (Docker):

Deploying V2 is genuinely straightforward for anyone comfortable with Docker. The Hasura team publishes a Docker image; you supply a DATABASE_URL environment variable and an admin secret, and it starts [4]. The production checklist [4] outlines the hardening steps:

• Set HASURA_GRAPHQL_ADMIN_SECRET — non-negotiable for production [4]
• Disable the Console in production (HASURA_GRAPHQL_ENABLE_CONSOLE=false) [4]
• Disable dev mode (HASURA_GRAPHQL_DEV_MODE=false) [4]
• Restrict enabled APIs to GraphQL only (HASURA_GRAPHQL_ENABLED_APIS=graphql) [4]
• Set connection pool limits [4]
• Review permissions on every table, paying attention to the anonymous role [4]

What you need: a VPS with Docker, a Postgres database (managed or self-hosted), a reverse proxy for HTTPS. Time estimate: 1–2 hours for a developer, longer if you’re configuring Postgres from scratch alongside it.

V3 DDN (Docker containers, self-hosted):

The DDN self-host guide [5] reveals considerably more complexity. The modular connector architecture means you’re building and running Docker images for the engine plus separate images for each data connector. The process involves:

• Creating project metadata via the DDN CLI [5]
• Building engine Docker images from project metadata [5]
• Building separate connector Docker images per data source [5]
• Configuring environment variables, OTLP endpoints, auth config paths [5]
• Managing networking between all containers [5]

And that’s before the enterprise license requirement [1] and Kubernetes dependency [1] come into play. For production DDN deployments, Hasura explicitly says the Hasura team will be helping with setup [1]. This is not a “spin up on a $10 VPS” situation.

---

Pros and cons

Pros

• Apache-2.0 license on Community Edition. No usage restrictions, no commercial gotchas for the V2 core [README]. Genuinely permissive.
• Fastest path from Postgres schema to working GraphQL API. Minutes, not days. For any project that needs CRUD over relational data, the productivity gain is real.
• Real-time subscriptions without infrastructure. Postgres-native live queries included out of the box [README]. Most API frameworks require Redis pub/sub or similar to achieve this.
• Row-level and column-level access control. The permission system is sophisticated enough for production multi-tenant apps [4].
• Event triggers. Database-native event triggers that fire webhooks without polling [README] — removes a common backend maintenance burden.
• Strong community. 31,920 GitHub stars, 400M+ Docker pulls historically [3], active Discord [3].
• Connector Hub in V3. Open-source connectors for all major databases, extensible via TypeScript/Python/Go SDKs [README].

Cons

• V2 vs V3 transition creates real confusion. The product Hasura is investing in (DDN) is not freely self-hostable. If you build on V2 Community Edition, you’re building on a version the company is moving away from [README][1].
• DDN self-hosting requires an enterprise license and Kubernetes. The DDN docs say explicitly: “An enterprise license is required for this offering” and “A Kubernetes cluster is required for installing DDN” [1]. This is buried in the docs, not prominent on the marketing site.
• Enterprise features — caching, read replicas, premium connectors — are paywalled. Snowflake, BigQuery, Oracle, MySQL, end-to-end caching: none of these are in the Community Edition [2]. If your stack includes anything beyond Postgres, you’re in sales territory.
• Production hardening is manual and non-obvious. The production checklist [4] lists roughly a dozen steps that are not enabled by default. A developer deploying Hasura for the first time will have a development-configured instance if they don’t follow the checklist.
• PromptQL pivot adds noise. The homepage now leads with “PromptQL for AI” and secondary messaging about APIs [homepage]. If you came for a GraphQL engine, the current homepage doesn’t clearly tell you what the product does for your use case without scrolling.
• Not for non-technical founders flying solo. Despite the “blazing fast” and “instant” marketing, Hasura requires a developer to define schemas, manage migrations, set permissions, and handle the operational side. This is not a no-code tool.
• Licensing trajectory uncertainty. V2 is stable and open. V3 (the future) has enterprise licensing on self-hosted. The direction of travel is toward gating more capability behind enterprise contracts.

---

Who should use this / who shouldn’t

Use Hasura V2 Community Edition if:

• You’re a developer or have a developer on your team who can manage Postgres and Docker.
• You need a GraphQL API over a relational database and don’t want to write boilerplate resolvers.
• Your stack is Postgres-primary and you don’t need Snowflake, BigQuery, or Oracle connectors.
• You’re building a multi-tenant app that needs row-level access control without building it from scratch.
• Real-time data subscriptions are a requirement and you don’t want to build pub/sub infrastructure.

Use Hasura Cloud (managed) if:

• You want the full feature set (caching, read replicas, observability) without managing infrastructure.
• Your team doesn’t have DevOps bandwidth.
• You need compliance certifications (SOC 2, etc.) without building the infrastructure yourself [2].

Contact Hasura sales if:

• You need the latest V3/DDN architecture self-hosted.
• Your data sources include Snowflake, BigQuery, Oracle, or MySQL.
• Your organization requires SSO and enterprise access controls.

Skip it entirely if:

• You’re a non-technical founder without a developer — there’s no meaningful way to configure and maintain Hasura without technical skills.
• Your API needs are primarily custom business logic rather than database CRUD — Hasura excels at data access patterns, not custom computation.
• You need a REST API with complex custom endpoints — Hasura can “REST-ify” GraphQL queries, but it’s not a general REST framework.
• You’re already happy with a BaaS like Supabase — Supabase bundles Postgres + PostgREST + Auth + Storage in one package and may be simpler for straightforward use cases.

---

Alternatives worth considering

• Supabase — bundles Postgres, auto-generated REST (via PostgREST) and GraphQL APIs, auth, storage, and edge functions in one product. Easier to get started for non-technical founders; less flexible for complex schema setups. Self-hosted Community Edition is genuinely free. Closest head-to-head to Hasura for new projects.
• PostgREST — the underlying REST-from-Postgres engine that Supabase uses. Minimal, composable, purely REST (no GraphQL), zero magic. Good if you want maximum control with minimum surface area.
• Prisma — ORM layer rather than a server. Gives you type-safe database access in TypeScript but still requires you to write API handlers. Not a replacement — a complement.
• StepZen (IBM) — GraphQL-as-a-service with a connector model similar to Hasura DDN. Cloud-only, no self-hosted option.
• WunderGraph — similar federated GraphQL concept, open-source, developer-focused. Less mature ecosystem but a more permissive self-hosting model than Hasura DDN.
• Directus — headless CMS with auto-generated REST and GraphQL APIs. Closer to a content management use case; better fit if your data model is content-heavy rather than application-data-heavy.
• Appwrite — full backend-as-a-service (auth, database, storage, functions). Less powerful for complex relational data queries, but requires less configuration for standard CRUD.

For a developer team evaluating backend API automation, the realistic shortlist is Hasura V2 vs Supabase. Hasura wins on GraphQL sophistication and permission granularity; Supabase wins on bundled features and onboarding simplicity.

---

Bottom line

Hasura V2 Community Edition is a legitimate, production-grade tool for developers who want to skip the GraphQL resolver boilerplate. The Apache-2.0 license is clean, the Docker deployment is straightforward for anyone comfortable with containers, and the permission system is sophisticated enough for real multi-tenant apps. At 31,920 GitHub stars, this isn’t an experiment — it’s a tool that a large number of engineering teams have bet real production workloads on.

The catch is the trajectory. The version Hasura is actively developing — V3/DDN — is enterprise-licensed when self-hosted and requires Kubernetes [1]. The free, self-hostable product is V2, which the company is in maintenance mode on while it pushes DDN. If you build on V2 Community Edition today, factor in that you’re building on the older architecture and will eventually face a decision about migrating to DDN or moving to an alternative.

If you’re a developer who needs a GraphQL API over Postgres right now and don’t want to write a hundred resolvers, the Community Edition is an excellent choice. If you’re evaluating where Hasura is heading and whether to invest deeply in the stack, read the DDN self-hosted docs [1] and the deployment options page [2] before committing — the licensing picture is more complicated than the homepage implies.

If the deployment and configuration is the blocker, that’s exactly what upready.dev handles for clients — one-time setup, you own the infrastructure.

---

Sources

1. Hasura — Self-Hosted DDN Architecture (Hasura DDN Docs). https://hasura.io/docs/3.0/private-ddn/architecture/self-hosted/
2. Hasura — Deployment Options: Fully Managed, Self-Hosted, or On-Prem (hasura.io). https://hasura.io/products/deployment
3. Hasura Community Year in Review — 2021 (hasura.io blog). https://hasura.io/blog/community-year-in-review-2021
4. Production Checklist — Hasura GraphQL Docs v2.x (hasura.io). https://hasura.io/docs/2.0/deployment/production-checklist/
5. Self-Host: Standalone Docker Containers — Hasura DDN Docs (hasura.io). https://hasura.io/docs/3.0/deployment/self-hosted/docker-containers/

Primary sources:

• GitHub repository and README: https://github.com/hasura/graphql-engine (31,920 stars, Apache-2.0 license)
• Official website: https://hasura.io
• Hasura V2 documentation: https://hasura.io/docs/
• Hasura DDN (V3) documentation: https://hasura.io/docs/3.0/