PostgreSQL
Connect Querri to your PostgreSQL database to analyze data using natural language. Once connected, simply ask questions—Querri handles all the SQL for you.
Overview
Section titled “Overview”The PostgreSQL connector supports:
- PostgreSQL 9.6+: All modern PostgreSQL versions
- AWS RDS PostgreSQL: Managed PostgreSQL on AWS
- Azure Database for PostgreSQL: Managed PostgreSQL on Azure
- Google Cloud SQL for PostgreSQL: Managed PostgreSQL on GCP
- Heroku Postgres: Heroku’s managed PostgreSQL
Prerequisites
Section titled “Prerequisites”- PostgreSQL database server
- Database credentials with appropriate permissions
- Network access to the database
IP Whitelisting
Section titled “IP Whitelisting”Important: For cloud-hosted databases or databases behind firewalls, whitelist the following IP address:
18.189.33.77This is Querri’s outbound IP address. Add this to your database firewall rules or security group.
Creating the Connector
Section titled “Creating the Connector”-
Navigate to Connectors
- Go to Settings → Connectors
- Click “Add Connector”
-
Select PostgreSQL
- Choose “PostgreSQL” from the database connectors
-
Configure Connection
Host: your-database-host.comPort: 5432 (default PostgreSQL port)Database: your_database_nameUsername: your_usernamePassword: your_passwordOptional Settings:
- SSL Mode:
require- Always use SSL (recommended)prefer- Use SSL if availabledisable- Don’t use SSL
- Schema: Default is
public - Connection Timeout: Default is 30 seconds
-
Test Connection
- Click “Test Connection” to verify
- If successful, click “Save”
-
Start Analyzing
- Tables appear in your Library
- Create a project from any table
- Ask questions in natural language
Network Configuration
Section titled “Network Configuration”AWS RDS Security Groups
Section titled “AWS RDS Security Groups”Add inbound rule:
Type: PostgreSQLProtocol: TCPPort: 5432Source: 18.189.33.77/32Description: Querri AccessAzure PostgreSQL Firewall
Section titled “Azure PostgreSQL Firewall”Add firewall rule:
Rule Name: QuerriStart IP: 18.189.33.77End IP: 18.189.33.77Google Cloud SQL
Section titled “Google Cloud SQL”Add authorized network:
Name: QuerriNetwork: 18.189.33.77/32Heroku Postgres
Section titled “Heroku Postgres”Heroku Postgres allows connections from any IP by default. No configuration needed.
Database User Setup
Section titled “Database User Setup”Read-Only User (Recommended)
Section titled “Read-Only User (Recommended)”Create a dedicated read-only user for Querri:
-- Create userCREATE USER querri_readonly WITH PASSWORD 'secure_password_here';
-- Grant connect permissionGRANT CONNECT ON DATABASE your_database TO querri_readonly;
-- Grant schema usageGRANT USAGE ON SCHEMA public TO querri_readonly;
-- Grant select on all tablesGRANT SELECT ON ALL TABLES IN SCHEMA public TO querri_readonly;
-- Grant select on future tablesALTER DEFAULT PRIVILEGES IN SCHEMA publicGRANT SELECT ON TABLES TO querri_readonly;Restricting Access to Specific Tables
Section titled “Restricting Access to Specific Tables”For tighter security, grant access only to specific tables or views:
-- Grant access to specific tables onlyGRANT SELECT ON orders, customers, products TO querri_readonly;
-- Or grant access only to an analytics schemaGRANT USAGE ON SCHEMA analytics TO querri_readonly;GRANT SELECT ON ALL TABLES IN SCHEMA analytics TO querri_readonly;See Database Best Practices for detailed guidance on creating analytics views and restricting access.
Sync Scheduling
Section titled “Sync Scheduling”PostgreSQL data can be kept up to date with scheduled syncs. Go to Settings → Connectors, select your PostgreSQL connector, and open the Schedule tab.
Full Sync
Section titled “Full Sync”A full sync re-reads every table from your PostgreSQL database. Use this as a periodic baseline, especially if your schema changes or if records are deleted.
Incremental Sync
Section titled “Incremental Sync”Incremental sync fetches only rows that have changed since the last sync. Unlike business application connectors (QuickBooks, HubSpot), PostgreSQL requires you to specify which column to use as the cursor.
Good cursor columns:
| Column | Best For | Example |
|---|---|---|
updated_at | Tables that track modification time | Best choice — catches inserts and updates |
created_at | Append-only tables | Only catches new rows |
Sequential id | Append-only tables | Only catches new rows |
Tables that don’t support incremental sync:
- Tables without a timestamp or sequential column
- Lookup/reference tables (rarely change)
- Tables populated by ETL processes that truncate and reload
For these tables, use full sync.
Recommended Schedule
Section titled “Recommended Schedule”| Schedule | Type | Cron | Purpose |
|---|---|---|---|
| Frequent | Incremental | 0 */2 * * * (every 2 hours) | Fresh data for tables with updated_at columns |
| Daily | Full | 0 4 * * * (daily 4 AM) | Catches deletes, schema changes, and tables without cursors |
Enable Skip sources with active incremental sync on the full schedule to avoid re-syncing tables that are already covered by the incremental schedule.
See the Sync Scheduling guide for full setup instructions.
Troubleshooting
Section titled “Troubleshooting”Connection Timeout
Section titled “Connection Timeout”Problem: Cannot connect to database
Solutions:
- Verify IP
18.189.33.77is whitelisted - Check database host and port are correct
- Verify database is running and accessible
- Check SSL mode settings
- Verify network connectivity
Authentication Failed
Section titled “Authentication Failed”Problem: Invalid credentials error
Solutions:
- Double-check username and password
- Verify user exists:
SELECT * FROM pg_user WHERE usename = 'your_username'; - Check user has connect permission
- Verify database name is correct
Permission Denied
Section titled “Permission Denied”Problem: Permission denied on table/schema
Solutions:
- Grant necessary permissions (see Database User Setup)
- Verify schema name is correct
- Check table ownership
- Run:
\dp table_nameto see table permissions
SSL Connection Error
Section titled “SSL Connection Error”Problem: SSL connection failed
Solutions:
- Try different SSL modes (prefer, require, disable)
- Verify server SSL certificate is valid
- Check PostgreSQL SSL configuration
- For RDS, ensure SSL is enabled
Security Best Practices
Section titled “Security Best Practices”Use Read-Only Credentials
Section titled “Use Read-Only Credentials”Create dedicated read-only users for analytics:
- Prevents accidental data modification
- Limits potential security impact
- Easier to audit and monitor
Enable SSL
Section titled “Enable SSL”Always use SSL for production databases:
SSL Mode: requireRestrict Permissions
Section titled “Restrict Permissions”Grant only necessary permissions:
-- Only SELECT on specific tablesGRANT SELECT ON TABLE orders, customers TO querri_readonly;
-- Only specific columns (if needed)GRANT SELECT (customer_id, email, created_at) ON customers TO querri_readonly;Regular Audits
Section titled “Regular Audits”Monitor database access:
-- View active connectionsSELECT * FROM pg_stat_activityWHERE usename = 'querri_readonly';PostgreSQL Versions
Section titled “PostgreSQL Versions”Tested and supported versions:
- PostgreSQL 16.x ✓
- PostgreSQL 15.x ✓
- PostgreSQL 14.x ✓
- PostgreSQL 13.x ✓
- PostgreSQL 12.x ✓
- PostgreSQL 11.x ✓ (limited support)
- PostgreSQL 10.x ✓ (limited support)
- PostgreSQL 9.6.x ✓ (limited support)
Next Steps
Section titled “Next Steps”- Database Best Practices — Create analytics views and optimize for natural language queries
- Data Connectors Overview — See all available connectors
- Managing Connections — Edit and monitor your connectors