Well, then maybe this is a good opportunity to share some experience I've had creating a REST API with postgREST, in case any of it is useful. Here are some endpoints for Hive Open Polls:

• Get all polls: https://polls.hivehub.dev/rpc/polls
• Get all polls but limit to last 100: https://polls.hivehub.dev/rpc/polls?limit=100&offset=0
• Get only active polls: https://polls.hivehub.dev/rpc/polls?status=eq.Active
• Get a particular poll (equivalent to getting a post via author & permlink): https://polls.hivehub.dev/rpc/polls?author=eq.borislavzlatanov&permlink=eq.testing-colony-poll
• Get polls created by an account: https://polls.hivehub.dev/rpc/polls?author=eq.borislavzlatanov
• Get polls that an account has voted on and order by last created: https://polls.hivehub.dev/rpc/poll?poll_voters=cs.[{%22name%22:%22borislavzlatanov%22}]&order=created.desc

And so on. None of this needed to be manually coded in the WHERE or ORDER BY.

If you look at the response, you will see there are nested fields. Objects and arrays can be nested however one wishes - you can look at the polls repo if you want to see how I've built them as json.

Polls are just regular posts/comments with some json metadata, so hopefully this is all pretty generic.

This approach should also really enhance security since you don't need to handle any arguments yourself, you can let postgREST do all of it for you. (Of course, if for any reason you go for dynamic SQL, then that's a different matter - I follow this post's recommendations). If for any reason what is offered by the postgREST filtering is not sufficient, you can also have manual arguments. The two can be combined for the same endpoint, no problem. So a single API call can pass your manual argument(s) and on top of it add any of the other filters provided natively by postgREST.