# SQL Proxy (SCC Migration) — Finradar API
> Version: 3.61.0 | Generated: 2026-06-20 | Content Hash: a9af796f
> Fetch this file at: https://uat.finradarapi.com/llms/sql-proxy-scc-migration.txt

## Authentication
All endpoints require an API key. Pass it via query parameter `?apiKey=YOUR_KEY` or header `X-API-Key: YOUR_KEY`. WebSocket endpoints accept the key in the `token` auth payload or query parameter.

---

## SQL Proxy (SCC Migration)

Raw SQL SELECT proxy for WordPress Social Command Center migration. Executes read-only queries against a whitelist of tables. Authenticated via api_key.

### POST /api/v1/sql-proxy

Execute a read-only SELECT query against whitelisted PostgreSQL tables. Returns rows as array of objects with column names as keys. **Error responses are sanitized** (issue #273): raw SQL / psycopg2 / SQLAlchemy traces are NEVER echoed to the caller — the response body is always a short generic message. **Status codes:** 200 success; 401 `Invalid api_key`; 403 `Forbidden keyword: <X>` or `Table not allowed: <X>` (policy violations); 400 `query parameter is required`; 500 `Query execution failed.` (DB-runtime error — full detail is logged server-side with the request_id). **All 4xx and 5xx responses AUTO-REFUND the 25-token charge** (paired `debit` + `4xx_refund`/`5xx_refund` rows in `/account/transactions`; net zero on the ledger; see also issue #254).

**Token cost:** 25 tokens per call

**Utility:** Drop-in replacement for DigitalOcean dbQuery() — WordPress pgQuery() POSTs here with SQL and api_key.

**Use case:** SCC pages that need stock prices, signals, earnings calendar, or AI summaries from PostgreSQL.

**Parameters:**
- `query` (body, required): SQL SELECT statement to execute. Only SELECT allowed; INSERT/UPDATE/DELETE/DROP rejected. Tables restricted to: all_stocks_strategies_yf_daily, all_stocks_list, all_stocks_signals_daily, all_stocks_signals_weekly, all_stocks_signals_monthly, all_etfs_signals_daily, all_etfs_signals_weekly, all_etfs_signals_monthly, market_calendar, ai_daily_summaries.
- `api_key` (body, required): API key for authentication. Also accepted via X-API-Key header, Authorization: Bearer header, or api_Token/apiKey query params.

**Sample response:**
```json
{
  "success": true,
  "data": [
    {
      "symbol": "AAPL",
      "close": 198.15
    }
  ]
}
```