Frequently Asked Questions

Common questions about @dreamfactory/create and using DreamFactory with AI agents.

General Questions

What is DreamFactory?

DreamFactory is an open-source REST API platform that automatically generates secure APIs for databases. It adds governance, authentication, and field-level access control between your applications (including AI agents) and your data.

Why use DreamFactory instead of connecting AI directly to my database?

Direct database access is dangerous:

AI sees ALL data including PII, passwords, financial information
Credentials are exposed to the LLM context (can be extracted via prompt injection)
No protection against SQL injection from malicious prompts
No audit trail of what the AI accessed
Can't restrict which fields the AI queries

DreamFactory provides:

API keys instead of database credentials
Field-level RBAC (block specific columns like SSN, credit cards)
Parameterized queries (prevents SQL injection)
Complete audit logs for compliance
Identity passthrough to track which user triggered each AI query

How long does setup take?

3-5 minutes. Just run npx @dreamfactory/create my-project and everything is configured automatically:

DreamFactory in Docker
Demo database with sample data
Claude Desktop MCP integration
Pre-configured security rules

Do I need coding experience?

No! The setup is automated. You'll need:

Basic command line knowledge (running npx command)
Docker installed on your machine
That's it!

For advanced customization (connecting your own databases, writing custom APIs), some technical knowledge helps.

Is this free?

Yes! DreamFactory OSS is Apache 2.0 licensed and free forever. It supports PostgreSQL, MySQL, and MongoDB.

Commercial version adds 20+ database connectors (Oracle, SQL Server, Snowflake, SAP HANA) plus enterprise features.

AI & Claude Integration

What is MCP (Model Context Protocol)?

MCP is a standard protocol created by Anthropic for connecting AI agents to external data sources and tools. It allows Claude Desktop to:

Query databases via natural language
Execute functions and retrieve data
Maintain context across multiple operations

DreamFactory implements an MCP server so Claude can securely query your databases.

Does this work with ChatGPT or other LLMs?

Yes! While this package auto-configures Claude Desktop (which uses MCP), DreamFactory's REST API works with any LLM:

ChatGPT: Use DreamFactory API in custom GPT actions
Custom agents: Call DreamFactory REST API from Python, Node.js, etc.
LangChain: Use DreamFactory as a tool in your chains
AutoGPT/BabyAGI: Connect via REST API calls

The MCP integration is specific to Claude Desktop, but the underlying API is universal.

Can Claude see all my database data?

No! You control exactly what Claude can access via RBAC (Role-Based Access Control):

Table-level: Restrict to specific tables only
Field-level: Block sensitive columns (emails, SSN, passwords)
Row-level: Filter data per user (multi-tenant SaaS)
Operation-level: Read-only, or allow specific writes

Example: Block customer.email and payment.amount fields so Claude can analyze patterns without seeing PII.

How do I block PII from AI queries?

In the DreamFactory Admin UI:

Navigate to Roles → Create role
Set Service Access to your database

Under Advanced → Deny Fields, list:

customers.email
customers.phone
customers.ssn
users.password_hash
payment.credit_card_number

Assign this role to your API key

Now when AI queries those tables, blocked fields return null automatically.

Can AI modify or delete my data?

Only if you explicitly allow it. By default, the demo setup is read-only (GET requests only).

To allow writes:

Edit role in Admin UI
Add POST (create), PUT (update), or DELETE permissions
Consider restricting to specific tables (e.g., AI can create support tickets but not modify users)

Best practice: Start read-only, add write permissions incrementally as needed.

Technical Questions

What databases are supported?

OSS (Free):

PostgreSQL
MySQL
MongoDB
MariaDB
SQLite

Commercial:

Oracle
SQL Server
SAP HANA
Snowflake
IBM DB2
Cassandra
Salesforce, ServiceNow, and 20+ others

Can I use my existing database?

Yes! Two ways:

Via Admin UI: Navigate to Services → Create → Select database type → Enter credentials
Connection Wizard (v0.2.0): npx @dreamfactory/connect - Interactive setup

Your existing database stays untouched. DreamFactory just creates a REST API layer on top.

Is my data secure?

Yes:

In transit: Use HTTPS (add reverse proxy like nginx/Caddy)
At rest: Your database's encryption handles this
Access control: Field-level RBAC, IP whitelisting, rate limiting
Audit logs: Track every API call for compliance

DreamFactory doesn't store your data - it's a pass-through API layer.

What about SQL injection from prompt injection attacks?

Protected by default. DreamFactory never executes raw SQL from API requests. All queries use parameterized statements:

# Even if AI is tricked into saying:
user_input = "Seattle' OR 1=1; DROP TABLE customers; --"

# DreamFactory safely binds as parameter:
# SELECT * FROM customers WHERE city = ?
# Parameter value: "Seattle' OR 1=1; DROP TABLE customers; --"
# SQL injection becomes harmless literal string

How do I update DreamFactory?

cd my-project
docker compose pull  # Get latest images
docker compose up -d # Restart

Updates include:

DreamFactory core
MCP server
Security patches

See README - Updating Section for details.

Can I use this in production?

Yes! Recommendations:

Pin Docker versions for stability:

image: dreamfactorysoftware/df-docker:5.0.0  # Not :latest

Add HTTPS via reverse proxy (nginx, Caddy, Traefik)
Configure RBAC for all services (don't use demo role)
Enable audit logging for compliance
Backup regularly - standard Docker volume backups
Monitor - Set up health checks and alerts

Does this work on Windows?

Yes! Via WSL2 (Windows Subsystem for Linux):

Install WSL2: wsl --install
Install Docker Desktop (with WSL2 backend)
Run commands in WSL2 terminal

Native Windows (without WSL2) is not officially supported.

What if Docker isn't installed?

The setup will detect this and show:

Error: Docker is not installed or not running
Install Docker: https://docs.docker.com/get-docker/

You must have Docker + Docker Compose installed before running the package.

Troubleshooting

Port 8080 is already in use

The CLI auto-detects port conflicts and suggests alternatives. Or specify manually:

npx @dreamfactory/create my-project --port 3000

DreamFactory won't start

# Check logs
cd my-project
docker compose logs -f web

# Common fix: Rebuild
docker compose down -v
docker compose up --build

Claude Desktop says "MCP server failed to start"

Verify DreamFactory is running: docker compose ps
Check API key in Claude config matches .env file
Restart Claude Desktop completely
Check MCP config location:
- Mac: ~/Library/Application Support/Claude/claude_desktop_config.json
- Linux: ~/.config/Claude/claude_desktop_config.json
- Windows: %APPDATA%/Claude/claude_desktop_config.json

API returns empty results

Possible causes:

RBAC filter too restrictive - Check role configuration in Admin UI
Wrong table name - Verify with curl http://localhost:8080/api/v2/demo_db/_table
Database actually empty - Confirm with direct SQL query

Comparison Questions

How is this different from Supabase?

Feature	DreamFactory	Supabase
Field-level RBAC	✅ Yes	❌ Row-level only
Oracle/SQL Server	✅ Yes (Commercial)	❌ No
Self-hosted	✅ Yes	✅ Yes
AI/MCP Integration	✅ Built-in	❌ No
Pricing	Free (OSS) + Commercial	Free tier + Cloud pricing
Setup Time	3 minutes	~10 minutes

Use Supabase if: You want hosted PostgreSQL with real-time subscriptions Use DreamFactory if: You need field-level security, support for Oracle/SQL Server, or AI integration

How is this different from building a custom REST API?

Aspect	DreamFactory	Custom API
Time to build	3 minutes	Weeks
Maintenance	Auto-updates via Docker	You maintain code
RBAC	Built-in, GUI-configured	Code from scratch
Audit logs	Built-in	Code from scratch
Multi-database	25+ connectors	One at a time
OpenAPI docs	Auto-generated	Write manually

Build custom API if: You need complex business logic, custom authentication, or very specific workflows Use DreamFactory if: You need a standard REST API with governance, quickly

How is this different from direct database access?

Direct database access exposes credentials to AI and lacks governance. See Why use DreamFactory? above.

Commercial vs OSS

When should I upgrade to Commercial?

Upgrade if you need:

Oracle, SQL Server, SAP HANA, Snowflake connectors
Active Directory / LDAP authentication
SAML 2.0 SSO
Field-level encryption
Advanced audit logging (immutable logs, compliance reports)
Professional support with SLA
API usage analytics and rate limiting

Can I try Commercial before buying?

Yes. We provide free access to community developers.

If you're using this NPX package and need enterprise connectors, email dspsupport@dreamfactory.com with:

Mention you're using @dreamfactory/create
Which connectors you need (Oracle, SQL Server, Snowflake, SAP HANA, etc.)
Your use case

You'll get commercial Docker images and setup guidance at no cost. We're looking for feedback from developers building AI applications.

Standard trial:

Enterprise trial signup - no credit card required.

What if I outgrow OSS?

Upgrading is seamless - same Docker architecture, just different image. Your data, APIs, and configurations transfer directly. Contact dspsupport@dreamfactory.com for migration assistance.

Contributing & Support

How do I report bugs?

File an issue on GitHub: https://github.com/dreamfactorysoftware/create-dreamfactory/issues

Include:

Operating system
Docker version: docker --version
Error logs: docker compose logs web
Steps to reproduce

Can I contribute?

Yes! See CONTRIBUTING.md for guidelines.

Where can I get help?

Documentation: docs/ folder
Community Forum: https://community.dreamfactory.com
GitHub Issues: https://github.com/dreamfactorysoftware/create-dreamfactory/issues
Commercial Support: https://www.dreamfactory.com/support (paid)

FilesExpand file tree

FAQ.md

Latest commit

History