Getting Started

Serverless APIs

Client Library Reference

PythonCommunity

Tools

getting-started

Getting Started

Framework Quickstarts

Web app tutorials

Mobile tutorials

AI & ML

Vector Search with OpenAI

database

Database Connections

Tables and Data

Database Functions

Database Webhooks

Full Text Search

Database Testing

Postgres resources

Managing Indexes

Drop All Tables in Schema

Select First Row per Group

Print PostgreSQL Version

Configuration

reference

Serverless APIs

Guides

Creating API routes

How API Keys work

Securing your API

Querying joins and nested tables

REST & REALTIME

Auto-generated Docs

Client Libraries

Generating Types

GRAPHQL

GraphiQL Documentation

realtime

Features

Postgres Changes

Guides

Subscribing to Database Changes

Bring Your Own Database

Using Realtime with Next.js

Deep dive

storage

Image Transformations

reference-cli

Local Development

Managing Environments

Reference

platform

Add-ons

Compute Add-ons

Database Backups

Platform Management

HTTP Status Codes

Migrating and Upgrading

Network Restrictions

Performance Tuning

SSL Enforcement

Billing

Single sign-on

Enable SSO for your organization

SSO with Azure AD

SSO with Google Workspace

Go-live Checklist

Production Readiness

Troubleshooting

HTTP and Project Issues

resources

Migrate to Supabase

Firebase Storage

resources

Self-Hosting with Docker

Auth Server

Storage Server

Realtime Server

Analytics Server

Functions Server

integrations

Auth

Caching / Offline-first

Developer Tools

Low-code

Messaging

reference

Client libraries

supabase-csharp

Other tools

Back to Main Menu

reference-javascript

JavaScript

Typescript Support

Database

Call a Postgres function

Using Modifiers

Auth

Create a new user

Sign in a user through OTP

Sign in a user through OAuth

Sign in a user through SSO

Sign out a user

Verify and log in through OTP

Retrieve a session

Retrieve a new session

Retrieve a user

Set the session data

Listen to auth events

Send a password reset request

Enroll a factor

Create a challenge

Verify a challenge

Create and verify a challenge

Unenroll a factor

Get Authenticator Assurance Level

Functions

Invoke a function

Realtime

Subscribe to channel

Unsubscribe from a channel

Unsubscribe from all channels

Retrieve all channels

Storage

Create a bucket

Retrieve a bucket

List all buckets

Update a bucket

Delete a bucket

Download a file

List all files in a bucket

Replace an existing file

Move an existing file

Copy an existing file

Delete files in a bucket

Create a signed URL

Create signed URLs

Create signed upload URL

Upload to a signed URL

Retrieve public URL

Misc

Back to Main Menu

reference-cli

Supabase CLI

General

Initialize a local project

Log in to a Supabase account

Link to a Supabase project

Start a container

Stop all containers

Retrieve container status

Testing

Run tests (pgTAP)

Generate Types

Run code generation tools

Generate types (Postgres schema)

Generate types (TypeScript)

Database

Manage local databases

Dump schema from remote database

Push migration to remote database

Reset local database

Diff local database

Lint local database

Manage remote databases

Commit remote database changes

Migrations

Manage database migrations

Create a migration

List all migrations

Repair migration history table

Projects

Manage projects

Create a project

List all projects

Organizations

Manage organizations

List all organizations

Edge Functions

Manage edge functions

Create a function

Download a function

Serve functions locally

Deploy a function

Delete a function

Secrets

List all secrets

Authentication

Manage SSO on your project

List all identity providers

Show information for an identity providers

Add an identity provider

Update an identity provider

Remove an identity provider

See your project's SSO information

Custom Domains

Manage custom domains

Activate custom hostname

Create a custom hostname

Retrieve custom hostname config

Re-verify custom hostname config

Delete custom hostname config

Vanity Subdomains

Manage vanity subdomains

Activate a vanity subdomain

Retrieve vanity subdomain

Check subdomain availability

Delete vanity subdomain

Network Bans

Manage network bans

Retrieve network bans

Remove a network ban

Network Restrictions

Manage network restrictions

Retrieve network restrictions

Update network restrictions

SSL Enforcement

Manage SSL enforcement configuration

Get the current SSL enforcement configuration

Update SSL enforcement configuration

Autocompletion Scripts

Generate autocompletion scripts

Generate zsh script

Generate powershell script

Generate fish script

Generate bash script

Back to Main Menu

reference-auth

Self-Hosting Auth

Usage

Generates an email action link

Returns the created user

Redirects the user to the 3rd party oauth provider to start the oauth1 0 or oauth2 0 authentication process

Receives the redirect from an external provider during the oauth authentication process starts the process of creating an access and refresh token

The healthcheck endpoint for gotrue returns the current gotrue version

Sends an invite link to the user

Logs out the user

Passwordless sign in method for email or phone

Sends a password recovery email link to the users email

Returns the configuration settings for the gotrue server

Password based signup with either email or phone

Signs in a user with a password

Refreshes a users refresh token

Get information for the logged in user

Returns the updated user

Verifies a sign up

Back to Main Menu

reference-realtime

Self-Hosting Realtime

Back to Main Menu

reference-analytics

Self-Hosting Analytics

Management API

Create endpoint

Delete endpoint

Update endpoint

Back to Main Menu

reference-functions

Self-Hosting Functions

Home

Understanding API Keys

Supabase provides two default keys when you create a project: an anon key, and a service_role key. You can find both keys in the API Settings.

The Serverless APIs are designed to work with Postgres Row Level Security (RLS). These keys both map to Postgres roles. You can find an anon user and a service_role user in the Roles section of the dashboard.

The keys are both long-lived JWTs. If you decode these keys, you will see that they contain the "role", an "issued date", and an "expiry date" ~10 years in the future.

{
  "role": "anon",
  "iat": 1625137684,
  "exp": 1940713684
}

The `anon` key#

The anon key has very few privileges. You can use it in your RLS policies for "anonymous" access. For example, this policy will allow access to the profiles table:

create policy "Allow anonymous access" on profiles to anon for
select
  using (true);

And similarity for disallowing access:

create policy "Disallow anonymous access" on profiles to anon for
select
  using (false);

If you are using Supabase Auth, then the anon role will automatically update to authenticated once a user is logged in:

create policy "Allow access to authenticated users" on profiles to authenticated for
select
  using (true);

The `service_role` key#

The "service_role" is a predefined Postgres role with elevated privileges, designed to perform various administrative and service-related tasks. It can bypass Row Level Security, so it should only be used on a private server.

caution

Never expose the service_role key in a browser or anywhere where a user can see it.

A common use case for the service_role key is running data analytics jobs on the backend. To support joins on user id, it is often useful to grant the service role read access to auth.users table.

grant
select
  on table auth.users to service_role;

We have partnered with GitHub to scan for Supabase service_role keys pushed to public repositories. If they detect any keys with service_role privileges being pushed to GitHub, they will forward the API key to us, so that we can automatically revoke the detected secrets and notify you, protecting your data against malicious actors.

Edit this page on GitHub

Need some help?

Not to worry, our specialist engineers are here to help. Submit a support ticket through the Dashboard.

Supabase 2022—Contributing Changelog Author Styleguide Open Source SupaSquad