Supabase Auth now supports anonymous sign-ins, which can be used to create temporary users who havenāt signed up for your application yet! This lowers the friction for new users to try out your product since they donāt have to provide any signup credentials.
Supabase Storage is now officially an S3-Compatible Storage Provider, and now you can use any S3 client to interact with your buckets and files: upload with TUS, serve them with REST, and manage them with the S3 protocol.
We've added support for data wrappers with Auth0, Cognito, Microsoft SQL Server, and Redis! Connect to these external data sources and query them directly from your database.
An option to submit a request to delete your account#
If comes the day that you'd no longer want to use Supabase anymore (hopefully not!) and want to be removed from our systems entirely, feel free to submit a request to delete your account through the account preferences page.
Weāre making a Special Announcement on April 15th with a few more surprises throughout the week. Claim your ticket today so you donāt miss out and enter for a chance to win a set of AirPods Max.
Weāve increased the Supavisor client connection limits, the number of concurrent clients that can connect to your projectās pooler, for projects on Small, Medium, Large, and XL compute instances while pricing remains unchanged.
Conversational AI assistant now available in SQL Editor#
Introducing a conversational AI assistant in the SQL Editor to help you write and iterate on your queries. This is currently under a feature preview and can be enabled with instructions here.
Supavisor pooler port 6543 is transaction-mode only#
Weāre simplifying Supavisor connection pooler ports and modes so that port 6543 is only transaction mode and port 5432 continues to be only session mode. If you have pool mode set to session we recommend you switch to pooler port 5432 and set the mode to transaction.
You may have noticed improved performance from your database over the last couple of weeks. We made some architectural changes to free up resources for your Postgres instance by removing Storage, Realtime, and Pgbouncer from your instance and each are replaced with an equivalent multi-tenant solution, including our new Supavisor connection pooler.
Implementing semantic image search with Amazon Bedrock and Supabase Vector#
In this post we'll be creating a Python project to implement semantic image search featuring Amazon Bedrock and Amazon Titanās multimodal model to embed images and Supabase Vecs client library for managing embeddings in your Supabase database with the pgvector extension.
This post explains how authorization works for Realtime Broadcast and Realtime Presence.
This allows you (the developer) to control access to Realtime Channels. We use Postgres Row Level Security to manage access. Developers create āPoliciesā which allow or deny access for your users.
Do not forget that RLS policies can use other tables in them so this will give you all the flexibility you need to better fit your use case but be aware of the performance impact of heavy RLS queries or non-indexed fields
We infer the behaviour you desire by checking if the realtime.channels table includes an entry for the given channel name meaning that migrating from an unprotected channel to one that follows this new method you would need to:
Create your RLS rules according to your use case for the realtime.channels, realtime.broadcasts and realtime.presencestables
Create a new entry with the channel name using the client lib or calling the endpoints directly.
Due to this new changes, if you want to use this feature, you will need to preemptively create a channel. For this effect we have added new endpoints for Realtime.
This endpoints will respect RLS rules from the given Bearer token.
This library provides an easy way to manage your channels (CRUD operations). Be aware that for channel creation you need to add either use the service_role key or create the RLS policies to allow channel creation:
_10
CREATE POLICY authenticated_all_channels_write
_10
ON realtime.channels FOR INSERT
_10
TO authenticated
_10
WITH CHECK ( true );
The operations are:
_10
new RealtimeClient('').createChannel(name: string)
_10
new RealtimeClient('').deleteChannel(name: string)
_10
new RealtimeClient('').updateChannel(name: string, new_name: string)
_10
new RealtimeClient('').listChannels()
All this requests will also respect the user doing the RLS call, meaning that the listChannels method will only show the allowed channels based on the calling user policies.
Finally this is still heavily WIP as we want to ensure that we provide a good developer experience hence being in next instead of a new release or a RC.
To achieve RLS checks on your Realtime connection we created new tables in the realtime schema to which you will be able to write RLS rules against it to control your channel features.
Relevant tables that you can use for your RLS checks
The rules will be applied to three elements:
channels - determines if the user is able to connect to the channel created
broadcasts - determines if the user can receive or send broadcast messages
presences - determines if the user can receive and post presence messages
Which means that your RLS rules should be able to comply with the following rules:
Channel
With a channel set in the context, if user select query returns the channel, they have read permissions
With a channel set in the context, if user update query changes the check column, they have write permissions
Without a channel set in the context, if user is able to insert into realtime.channels they have write permissions
Broadcasts - will always require a channel in the context
If user select query returns the row associated with the channel in the context, they have read permissions
If user update query is able to update check column in row associated with the channel in the context, they have write permissions
Presence - will always require a channel in the context
If user select query returns the row associated with the channel in the context, they have read permissions
If user update query is able to update check column in row associated with the channel in the context, they have write permissions
We will explore some examples in the section below named How to use
We still do not have this fully implemented for Postgres Changes but be aware that we use the same Channels concept so this changes can impact the Postgres Changes feature.
Avoid using this method whenever you want to use Postgres Changes meaning that you should avoid creating a Channel for Channels that use Postgres Changes.
Supavisor, Supabase's multi-tenant connection pooler deployed to regional clusters, became production ready back in December 2023. You can read the announcement here.
Since then, we've migrated Supabase projects from PgBouncer, single tenant connection pooler deployed to the project's instance, to Supavisor.
However, we kept the previous client connection limits from PgBouncer during the transition across all compute instances.
Today, we're happy to announce that we've increased this limit for compute instances Small, Medium, Large, and XL so your projects can take advantage of additional client connections while pricing remains unchanged. These new limits have already been applied to all existing projects and any new projects spun up.
Here's a quick breakdown:
Compute Size
Previous Client Limits
New Client Limits
Small
200
400
Medium
200
600
Large
300
800
XL
700
1,000
For a more complete breakdown of your compute instance resources head over to the Compute Add-ons page.
We've been looking into improving the UX for the RLS policy UI after going through feedback of the community's struggles with RLS in general, and this is the next step that we're taking to streamline the UX.
What we're calling as a "hybrid" editor (for now), you'll be able to see the corresponding SQL query for creating or updating your RLS policies while you're editing the policy via the input fields. And if you'd like even greater control, there's always the "Open in SQL Editor" button as an escape hatch where you can edit the SQL query in its entirety.
Templates are now right beside the editor as well, so you no longer have to click back and forth between templates and the editor.
We've always seen the dashboard as more than just a database adminstration tool, but also potentially an educational platform for developers to pick up the SQL language as they build out their database, and we hope that the changes here will help make that even easier.
Connection pooler on port 6543 is set to transaction mode permanently#
Previously, connection pooler's port 6543 can be set to either transaction or session mode under your project's database settings. This change makes it easier to distinguish between pooler modes and ports by only enabling transaction mode on port 6543 while maintaining session mode on port 5432.
If your using port 6543 and your project's pooler mode is transaction then you won't be able to set the mode to session. You can use port 5432 for session mode.
If your using port 6543 and your project's pooler mode is session then we strongly advise that you use port 5432 for session mode and change the mode to transaction. Once this setting is saved you won't be able to set session mode on port 6543.
In our previous platform architecture, our Storage, Realtime, and connection pooler (PgBouncer) services were bundled together, with a single instance of each service per project.
For our v2 architecture, weāve āunbundledā these services, moving to a multi-tenant model, where a single instance of each service serves many projects:
This frees up as much resources as possible for your Postgres databases, while enabling us to offer more resource intensive features for these services, and opens the door to capabilities such as zero-downtime scaling.
With Supavisor replacing PgBouncer, along with some other key optimizations, the final pieces of our v2 architecture are now ready.
Weāve already fully rolled out our v2 architecture to paid plan projects. You now have more resources available, for the same price that youāve been paying.
Free plan gradual rollout (20 March 2024 onwards)#
20 March 2024: Newly created or unpaused projects will use v2 architecture
28 March 2024: Existing projects will start being migrated to v2 architecture
This will be a gradual rollout - we will email you at least one week before your project is scheduled to be migrated.
Your action for projects scheduled to be migrated#
For newly created or unpaused projects on the Free Plan, no action is required.
For existing projects on the Free Plan, up to a few minutes of downtime is expected for the migration. For each of your projects, weāll identify the 30-minute maintenance window where your project had the least database queries over the previous 10 weeks.
You have two choices:
Automatic Migration: If you don't take any action, we plan to do the migration automatically during that maintenance window with the least historical activity.
Manual Migration: Any time before that, you can go to Project Settings > General to see whether/when the maintenance window is scheduled (timings will also be included in the email). There, you may choose to manually restart the project yourself, at a time that is convenient for you. Your project will be restarted on v2 architecture.
Conversational AI assistant now available as part of the SQL Editor#
As part of our ongoing efforts to introduce the AI assistant across the dashboard, we're bringing the AI assistant to the SQL Editor next! Some of you might have already been using the AI assistant in the SQL Editor through the green bar at the top of the editor - we're sprucing it up by extending it further to a conversational UX. Go back and forth with the assistant and apply the code snippets that you deem to be the most appropriate!
This is currently under a feature preview - you may enable this feature by clicking on the user icon while in a project at the bottom of the side navigation bar and selecting "Feature previews". From there just enable the preview under "SQL Editor Conversational Assistant". And as always, we're incredibly open to any feedback for this, so give us a shout right here!
Matryoshka Embeddings: Faster OpenAI Vector Search Using Adaptive Retrieval#
Learn about how OpenAIās newest text embeddings models, text-embedding-3-small and text-embedding-3-large, are able to truncate their dimensions with only a slight loss in accuracy.
Easily Connect to Supabase Projects From Frameworks and ORMs of Your Choice#
Connect to Supabase from any framework or ORM with our new āConnectā panel in Studio. This displays simple setup snippets that you can copy and paste into your application. Weāve started with a selection of popular frameworks and ORMs and you can request more by feature request or pull request.
PostgREST v12 has been released, and with it, comes the release of the highly requested aggregate functions, avg(), count(), sum(), min(), and max(), that is used to summarize data by performing calculations across groups of rows.
Terraform Provider to Manage Resources on Supabase Platform#
Weāve created an official Supabase Provider for Terraform to version-control your project settings in Git. You can use this provider in CI/CD pipelines to automatically provision projects and branches and keep configuration in code.
Support for Composite Foreign Keys in Table Editor#
We've shifted the management of foreign keys into the Table Editorās side panel so you can easily see all foreign keys pertaining to a table as well as referencing columns to composite foreign keys.
Build a Content Recommendation App With Flutter and OpenAI#
Learn about how we built a movie listing app that recommends another movie based on the movie that a user is currently viewing built with Supabase, Flutter, and OpenAI.
Performance testing evaluates a system's compliance with its performance requirements. It reveals your appās ability to handle user load, unexpected spikes, or recover from stressful workloads. In this blog post you will learn about how we automated our performance testing.
If you're not aware yet, we previously created a new RLS UI that comes integrated with the Supabase Assistant to (hopefully) help everyone write RLS policies easier and faster. This is currently still a feature preview which you can enable by clicking on your user profile at the bottom of the side navigation bar. We're continuously trying to see how we can improve this to make it a much better UX than the current existing RLS policy user flow.
The first gap that we're trying to address is the ease of referencing existing templates that just work out of the box from the current RLS policy flow - those proved to be really useful when trying to understand the syntax of writing policies, and so we added that in to the new RLS UI. Not just that but we also added more complex templates that work better in the new UI than the current one!
The next item that we're looking into is to see what minimal guard rails we can add to make writing RLS policies even less intimidating since the new UI expects only SQL input. One of the aims of the dashboard is to guide our users to not be afraid of SQL no matter the level of proficiency and we hope that we'll be able to cook up the ideal UX that will allow everyone to write SQL with confidence.
We received many feedback that the icons alone in the navigation bar are not too intuitive in understanding what page they're navigating too. So finally, we're adding some textual cues that show up on hover to the navigation bar in hopes to make navigating around the dashboard easier!
For the users who leverage on SQL to analyze data, this should be useful for you! You can now plot your data points through the SQL editor after running your query. Choose which columns to be your axes and you're good to go. As always - feel free to drop any feedback for us on this! We're keen to see how else we can make this feature better and stronger š
Foreign Key Management re-introduced into the Column side panel editor#
We previously made an update in the Table Editor to shift the management of foreign keys to the table editor as an effort to properly support composite foreign keys. This understandably caused the UX to suffer as we received many feedback around creating simple 1:1 foreign key relations much more troublesome. We've thus re-introduced being able to manage your foreign keys while editing a column! Thank you so much for everyone's feedback around this - it's something that we genuinely appreciate our community for! š
Intellisense for the SQL editor was always enabled by default for everyone, but we're now making this a toggleable feature - this is more specifically useful for large projects with many tables as we've noticed the amount of data we try to load into intellisense causes the SQL editor to slow down noticeable (likely due to browser memory issues).
Paid organizations can now launch projects on bigger compute immediately#
Paid plan users can now immediately launch projects on larger compute sizes. Previously, paid organizations had to launch projects on the default "Micro" instance and then separately upgrade their instance. You can always up and downgrade your instance in hindsight. Feel free to leave any feedback in our discussions here!
As mentioned in last week's changelog (and also as always š) we see everyone's feedback regarding the changes to the table editor search input and have enacted a slight change to make the search action more prominent and easier to click on! Again, thank you to everyone for sounding your thoughts, we genuinely appreciate them as it helps us guide the dashboard's DX to be optimal - keep em coming!
Separetely - we're also aware of the feedback regarding our change in the way you manage your foreign keys as announced in the changelog discussion 2 weeks ago - fret not! We're actively looking into that as well š
For those who might have tables or SQL queries with long names, this should help alleviate some issues with the names truncating. Hopefully it'll be easier to find your tables / SQL queries! š
Connecting to your project - added Expo React Native guides#
Last week we announced a quicker way to get your project's connection parameters on the project's home page and we're heartened to already see some community contributions to add more content for different frameworks! Shoutout to @Hallidayo for the help on this - we're always keeping an eye out for more of such contributions š
Paid plan users can now immediately launch projects on larger compute sizes. Previously, paid organizations had to launch projects on the default "Micro" instance and then separately upgrade their instance. You can always up- and downgrade your instance in hindsight.
A quicker way to get your project's connection parameters#
We've made retrieving your project's connection parameters more easily accessible by adding a "Connect" button to each projects' homepage. This will show you some quick instructions on how to either connect to your database directly, or connect to your project via some app frameworks and ORMs. Hopefully this will help both new and familiar developers on Supabase to get to building quicker without having to jump around the dashboard to find these information.
We're in the midst of revising the UX around the table editor to ensure that controls aren't sprawled across the page despite us building more and more features - and this is just the first step of more to come. Icons for tables and views have been tweaked to be more minimal, each table has an indicator to whether RLS has been enabled or not, and the search bar has been made a tad sleeker. As an assurance, we definitely hear everyone's feedback about the changes here in particular with the search bar being less visible and are actively looking to improve the experience here! š
We've had some feedback from users that they'd want a convenient way to check on their project's users from the UI rather than having to go through the Table Editor or SQL Editor to query the auth.users table, and so we've gone ahead to ship this one.
We hear you! This has been a very popular request by everyone and we're happy to make the first step to improving the UX around your SQL snippets. You can now delete your queries in bulk - gone are the days of rows full with Untitled queries š Fret not, we're also aware that everyone is also requesting for better organization of snippets (specifically folders) - we're actively figuring out how best to bring that UX into the dashboard for everyone so be sure to watch this space š
Unoptimized queries are a major cause of poor database performance - which is why the query performance report was initially built. We're equipping this page with better tooling, allowing users to:
Search by query or role
Sort results by latency
Expand results to view the full query that was run
As always, if there's anything more we can do for you, feel free to give us a shout in the feedback widget up top š
In an effort to make our UI more consistent + coherent across all products, we've revamped the Logs Explorer to look just like the SQL Editor in hopes that there's less UI for users to learn, and users can just stay focused on doing what they want to do.
Support for composite foreign keys in table editor#
The previous UI for managing foreign keys in the table editor had functional limitations as it assumed single column relations for foreign keys (overly simplified). We've thus shifted the management of foreign keys into the table side panel editor instead. You can manage all foreign keys across all columns on the table in one place, rather than going into each column individually to do so.
Supavisor replaces PgBouncer for database connection pooling#
Weāre deprecating PgBouncer and migrating all projects to our Supavisor connection pooler. Go grab the pooler connection string in your projectās Database Settings.
[ACTION REQUIRED] AWS is deprecating IPv4, so weāve migrating your project to IPv6. If your network supports IPv6 and/or youāre using PostgREST then you donāt need to make any changes. Otherwise, you need to update any connections to Supavisorās connection pooler. Weāve also made IPv4 addresses available to purchase (passing on the cost from AWS).
We value transparency here at Supabase and that includes ensuring our users having clear visibility over what they are paying for. We've added some details in the organization billing breakdown section to show what are the "Current costs", on top of the "Projected costs" for the organization, and also added information regarding both of them in the form of tooltips. Compute credits are also shown here to ensure that those are considered in the costs calculation.
SQL Editor preview snippets by hovering over them in the navigation menu#
In efforts to hopefully to make it easier to find your queries. We're aware that users are facing difficulty in managing their SQL queries, in particular when the number of queries grow really big - we're actively looking into how to make things better š Watch this space!
Table Editor edit text cells with larger real estate#
We've seen some users reaching out to us via feedback that they'd like a larger editor to edit their text-based column cells on the table editor - we hear you! And we've also sprinkled in some Markdown preview for those who might need it š
Many users have been requesting for this, and so has the team internally - you may now preview your HTML email templates right here in the dashboard. Gone are the days having to manually check your templates elsewhere, hopefully this will make your development lives a little easier.
cron schema from the pg-cron extension no longer editable via the GUI#
The schema is nonetheless still editable from the SQL editor by writing queries directly. This is in efforts to prevent directly inserting/updating rows on the pg_cron extension's cron.job table as it bypasses security checks that would've been asserted when jobs are scheduled/modified via pg_cron functions. More information here.
We're stream-lining the connection UI on the database settings page to be more concise and simpler in hopes to improve the UX around connecting to your project's database, and a push to using the connection pooler as a recommended practice. As always, feel free to drop us feedback via the feedback widget in the navigation bar up top - we promise that we look at every single one of the feedback that comes in.
IPv4 add-on now available to allow direct connections to your database via an IPv4 address#
You may consider enabling this add-on via the dashboard if you're not planning on using our connection pooler (which still supports IPv4) and your environment does not support IPv6. More information regarding this add-on here.
Removed deprecated LinkedIn Provider from Auth Providers#
The LinkedIn provider was scheduled to be deprecated in favour of the current LinkedIn OIDC provider with a notice set up since November 2023 and a couple of email notifications sent out to our users. The LinkedIn provider is now removed from our Auth Providers page. Please do reach out to us via support if you might have been affected by this!
Supavisor, our connection pooler, does not support using Network Restrictions at the moment. Support for Network Restrictions will be enabled on the 24th of January 2024.
If you are not using Supavisor, this change does not affect you.
Starting the 24th, projects with existing network restrictions will have their Supavisor configuration automatically updated with the same restrictions. Changes to any projectās network restrictions will also be automatically propagated to Supavisor.
If direct connections to your database resolve to a IPv6 address, you need to add both IPv4 and IPv6 CIDRs to the list of allowed CIDRs. Network Restrictions will be applied to all database connection routes, whether pooled or direct. You will need to add both the IPv4 and IPv6 networks you want to allow. There are two exceptions: if you have been granted an extension on the IPv6 migration OR if you have purchased the IPv4 add-on, you need only add IPv4 CIDRs.
Additionally, we're working on making this even better by offering dedicated IPv4 addresses which help with IP allowlisting and network restrictions. There will be another update once dedicated IPv4 addresses are ready to use.
Manage column-level privileges via the dashboard. This was a long time coming with many users looking forward to the addition of this to the dashboard. Huge shoutout once again to @HTMHell and everyone for their patience while we got this through the gates š
Table editor support for copying cells via keyboard shortcut#
You can now copy cell values in the Table Editor via Cmd+c and Cmd+v (or Ctrl+c or Ctrl+v)! Hopefully this makes managing your data a little more easier.
Table editor prevent deleting all rows in a table through the GUI while impersonating a role#
We're disabling the "Delete rows" action in the Table Editor when you've selected all rows in a table, and are impersonating a role due to an issue which @jacob-8 found (appreciate your report! š) The issue mentioned can be found here.
A rundown of everything we shipped during Launch Week X
Day 1 - Supabase Studio: AI Assistant and User Impersonation#
Supabase Studio received a major update that reflects our commitment to a SQL-first approach and user-centric development. Awesome features like easy RLS policies with an AI assistant, Postgres Roles, User Impersonation, and much more.
Day 2 - Edge Functions: Node and native npm compatibility#
Edge Functions now natively supports npm modules and Node built-in APIs. You can directly import millions of popular, commonly used npm modules into your Edge Functions.
Day 4 - Supabase Auth: Identity Linking, Hooks, and HaveIBeenPwned integration#
We announced several new features for Supabase Auth: Identity Linking, Session Control, Leaked Password Protection, and Auth Hooks with Postgres functions.
This is a huge one for anyone wanting to serve data closer to the users or distribute loads across multiple databases. Learn how we implemented Read Replicas and how to use them in your projects.
Pools now start with only 10 connections and create new ones up to tenant default_pool_size or user pool_size
Logs correct tenant id
API endpoints accept PATCH requests
Previously Supavisor would start a deterministic number of connection depending on the pool size specified on the tenant or tenant user.
Now Supavisor will start 10 connections and then allocate more as needed.
It was pretty easy to over-allocate your database max_connections without fully understanding what your max_connections were and how many were currently being used by other services.
This also makes migration from PgBouncer easier as it's much safer to run multiple connection poolers at the same time as you migrate, as long as they both don't need to allocate their full database connection pools.
Also an implied behavior of Supavisor was that each user connected spins up it's own pool. Without understanding this behavior it's easy to over-allocate database connections by connecting different Posgres users to the pooler.
allow_list field on the tenant to support network restrictions
More docs
client_heartbeat_interval on the tenant to detect zombie client connections
Bug fixes
Observability improvements
The client_heartbeat_interval helps us detect client connections from behind a load balancer which are dead but did not close the TCP connection correctly. This interval defaults to one minute but is configurable per tenant.
The allow_list field on the tenant takes a list of CIDR ranges and validates incoming connection addresses against this list. The incoming client address must be in one of these ranges to be accepted.
Further to https://github.com/orgs/supabase/discussions/18654 , the threshold for transitioning large databases to use physical backups for their daily backups is being lowered to 40GB over the next few days.
Physical backups are more performant, have lower impact on the db, and avoid holding locks for long periods of time. Restores continue to work as expected, but backups taken using this method can no longer be downloaded from the dashboard.
Over the next few months, we'll be introducing functionality to restore to a separate, new database, allowing for the perusal of the backed up data without disruption to the original project.
Launch Week X is just over, but the fun doesn't stop! This changelog summarizes what has been released for Studio over last week as well as other improvements that we shipped behind the scenes while Launch Week X was ongoing.
We've got a new RLS Editor that brings SQL front-and-center, giving developers access to the full potential of Postgres rather than abstracting it away. Accompanying it is an AI assistant that has been tuned to produce SQL for Row Level Security policies, making it fast and easy to get your policies setup the way you need them.
If you're keen to give this a spin, you may enable this feature from the Feature Previews section (which we'll cover more in the last section of this changelog) while you're in a project. This will replace the current UI for creating RLS policies with this new AI assisted RLS Editor UI.
Run queries in Studio using different roles - this is potentially a powerful tool for testing your Row Level Security policies and determining which data each role can access. You may also impersonate a specific user in Studio by "minting" a JWT with their ID and then running the queries using that JWT.
This feature is available not just in the Table Editor, but also in the SQL Editor, GraphiQL interface, and Realtime Inspector (which we'll talk about more right in the next section below)
An easy way to prototype, inspect, and debug Realtime directly in the Studio. You can use the Realtime Inspector to view messages being sent and received in channels, and also filter messages by type: presence, broadcast, and database changes.
Our new tool for unveiling new features - we'll release beta features as previews before making them generally available. This will help us to get features out to you faster, make it easier for you to give us feedback, and also shorten the iteration loop.
Auth Settings added option to support manual identity linking#
Supabase Auth allows a user to initiate identity linking with a different email address when they are logged in. More information can be found in our documentation here.
Table Editor support selecting types from the extensions schema when creating/editing columns#
Database extensions that are installed through the dashboard on the database/extensions page are, most of the time, installed by default in the extensions schema (as it's the default dropdown option) unless the extension has a schema that it's required to be in, or the user changes it to be installed in another schema.
If the installed extension (e.g vector) has enumerated types, the Table Editor then can access those types for users to assign them to columns, without having the user to install them in another schema.
We previously had a slightly hidden usage summary in the "Upcoming Invoice" section. This section has been revamped and moved to the organization's usage page.
The improved usage summary features:
Per-project breakdown for usage
Displays costs for over-usage on usage-based plans (pro with spend cap off, team, enterprise)
Displays usage in percent for usage-capped plans (free/pro with spend cap on)
Metrics with higher usage/costs will be sorted to the top
Insights into compute usage in summary
Usage can now be retrieved for a custom period and not just the current billing cycle
Usage summary can be filtered by project
Indicators if you're exceeding/approaching limits which could lead to restrictions
The new usage summary section (usage-capped plan):
New usage summary with a usage-based plan (Pro with spend cap off, Team, Enterprise):
When hovering over the circular progress bars, you get per-project breakdowns of usage and some further information:
We now also allow you to filter the total usage by a single project or a different period than the current billing cycle. Simply change the timeframe at the top of the usage page.
Usage filtered with a custom timeframe (not relative to billing cycle):
The organization's usage page shows daily stats for all sorts of usage-based metrics and was still missing insights for compute hours. Compute Usage insights have been added to the usage page.
New section on the usage page:
Sample usage with a single project:
When running multiple projects or projects on different compute sizes:
The "Upcoming invoice" section on the organization billing page has been vastly improved and now offers per-project breakdown of metrics and project add-ons. Additionally, there is a simple projection of your cost at the end of the month.
Here's an overview of the new section with all project breakdowns collapsed:
You can expand any usage-based item or project add-on to get a per-project breakdown:
The line items have also been improved to show included quotas and costs for over-usage:
On usage-capped plans (Free Plan or Pro Plan with Spend Cap toggled on), you will now also see a warning on the top of the subscription page, in case you're exceeding your plan's limits. A more detailed breakdown is available on the organization's usage page.
When you are about to upgrade your organization's subscription plan from free to paid or between paid plans, we show you a confirmation screen. That confirmation screen has been improved to show a per-project breakdown for compute costs. Additionally, some useful information about usage-billing for compute and links to related docs have been added.
New confirmation modal:
Break down add-ons on a per-project basis:
Education about usage-billing for compute, mixing paid/non-paid plans and links to related docs:
Table Editor row edit side panel fix boolean fields rendering stale value#
There was issue in the Table Editor when you're editing rows in the side panel, specifically for column types that are rendering the Listbox component, whereby the data rendered in that input field is stale (from the previous row that you opened). This was caused by the Listbox component not re-rendering correctly when the value passed to it has changed and is now fixed.
Added recommendation to enable PITR when enabling branching#
We strongly recommend enabling point in time recovery for your project if you're planning to enable branching. This is to ensure that you can always recover data if you make a "bad migration". For example, if you accidentally delete a column or some of your production data.
Previously, it was possible to directly insert/update rows on the pg_cron extension's cron.job table. This bypasses security checks that would've been asserted when jobs are scheduled/modified via pg_cron functions.
You can see how to schedule/modify cron jobs using the examples in our docs.
We've released @supabase/ssr, which makes it super easy to use cookies for storing user sessions. Weāve updated npx create-next-app -e with-supabase to use @supabase/ssr and made it compatible with Next.js 14.
pgvector is becoming the vector store of choice for developers. Weāve put it to the test against Pinecone and found that it performs better on cost and query throughput, without sacrificing accuracy.
You can now manage Storage buckets with the Supabase CLI:
supabase storage ls -r: show all buckets and objects
supabase cp -r readme.md ss:///bucket: upload local files to bucket
supabase cp -r ss:///bucket: download objects from bucket
supabase rm -r ss:///bucket: delete files from bucket
Managing Storage buckets with CLI works best if there are less than 100k objects in your bucket and each of them is smaller than 20MB. Reference docs are here.
Secure your Supabase account with Multi-Factor Authentication. You can now add a time-based one-time password (TOTP), managed by apps such as 1Password, Authy, Google Authenticator or Apple's Keychain.
You can now broadcast Realtime messages to all your connected users by simply using a REST API call, removing the need to connect to a WebSocket. This will be especially useful with our Edge Functions!
Supavisor is now used for connection pooling in all new projects#
Less than two months ago, we announced Supavisor, our own Postgres connection pooler that handles millions of connections. Itās now available in all new projects. You can continue using pgbouncer alongside Supavisor, however, it will be deprecated effective January 15th, 2024.
With IPv4 addresses becoming increasingly scarce and cloud providers starting to charge for it, we wonāt be assigning IPv4 addresses to Supabase projects from January 15th, 2024. [db.projectref.supabase.co](http://db.projectref.supabase.co) will start resolving to a IPv6 address instead. If you plan on connecting to your database directly, you must ensure that your network can communicate over IPv6. Supavisor will continue to return IPv4 addresses, so you can update your applications to connect to Supavisor instead.
Introducing the latest addition to our Wrappers lineup: Airtable! You can use it to query data from your Airtable bases and tables directly from Postgres:
Added HNSW support inside Vecs, our Python library for pgvector. Vecs automatically creates schemas and collections inside your database, making it one of the easiest ways to get started with pgvector.
[PostgREST] JWT caching just landed. API requests are about to get 100ms faster. [PR]
[Auth] Added a default in-memory storage mechanism to allow using supabase-js in these environments to fall back to use this default storage mechanism now. Upgrade to supabase-js v2.36.0 or gotrue-js v2.54.0 for the latest changes. [PR]
[Edge Functions] Supports much simpler API for creating functions Deno.serve(req => new Response("ok")). No http standard library dependency needed. (Thanks eifr for contributing with updated CLI templates. [PR]
[Edge Functions] You can manage the secrets for your project's Edge Functions via the dashboard. [Try it now]
pgvector v0.5.0: Faster semantic search with HNSW indexes#
pgvector v0.5.0 adds Hierarchical Navigable Small World (HNSW), a new type of index that ensures lightning-fast vector searches, especially in high-dimensional spaces and embeddings.
Day 1 - Hugging Face is now supported in Supabase#
We are all about open source collaboration, and Hugging Face is one of the open source communities we admire most. Thatās why we've added Hugging Face support in our Python Vector Client and Edge Functions (Javascript).
Day 2 - Supabase Local Dev: migrations, branching, and observability#
The CLI received some serious upgrades including observability tools, streamlined backups, and enhanced migrations. But that's not all ā the big game-changer is the introduction of Supabase branching which weāre rolling out to selected customers.
Day 4 - Vercel Integration 2.0 and Next.js App Router Support#
The New Supabase x Vercel integration streamlines the process of creating, deploying, and maintaining web applications with several enhancements. Plus, it fully supports the App Router in Next.js ā²
Day 5 - Supavisor: Scaling Postgres to 1 Million Connections#
Supavisor is a scalable, cloud-native Postgres connection pooler written in Elixir. It has been developed with multi-tenancy in mind, handling millions of connections without significant overhead or latency. Weāre rolling it out to every database on our platform.
Supabase is officially SOC2 Type 2 and HIPAA compliant! In this write-up, we offer insights into what you can expect if youāre planning to go through the same process.
Shipping doesnāt stop here at Supabase! We are back in full shipping mode and already thinking about the next LW. These are some of the things weāve been working on:
Native Mobile Auth Support for Google and Apple Sign in#
Supabase Auth now has full native support for Sign in with Apple and Google, which means it can now be used with one-tap sign in methods like Sign in with Apple JS, Sign in with Google for Web, or even in Chrome extensions.
Added the popular social platform Kakao as new social provider. Allow your users to effortlessly sign in using their Kakao accounts and make authentication a breeze while expanding your app's reach to a wider audience.
Supabase Vector: the open source Vector Toolkit for Postgres#
Storing vector embeddings in Postgres with 'pgvector' is becoming increasingly popular for AI applications, so we're building out a collection of tools to store, index, and query embeddings at scale.
Auth Helpers now include server-side Auth and full support for the Next.js App Router#
We have updated the Next.js Auth Helpers package to make it available across the client and server of the App Router. They also now implement server-side auth by default with PKCE - meaning the entire auth flow is now possible server-side.
As we plan the next few months of Dashboard development, we're reaching out to users to see all the different ways people use the Dashboard in their work.
Last month, we opened up a public RFC for the Dashboard SQL Editor. It's been amazing to see how people use this tool to build their projects. If you're a heavy user of the SQL Editor, we'd love to get your feedback.
We also started doing user interviews to understand how users use the Dashboard. Our goal is to build the best possible Dashboard for all of our users, and you can help! Reach out to Terry you would like to share your experience.
Day 2 - Supabase Edge Runtime: Self-hosted Deno Functions#
You can now self-host Edge Functions and run them in local development using our new Edge Runtime. We published a guide showing how to self-host Edge Functions with Fly and what more is coming ā”
Supabase Studio got a major upgrade that goes from redesigns to improved developer experience, and new tools. We have the features people have been asking for and new capabilities that will change the way you work.
database.devĀ fills the same role for PostgreSQL asĀ npmĀ for JavaScript orĀ pipĀ for Python, it enables publishing libraries and applications for repeatable deployment. Our goal is to create an open ecosystem for packaging and discovering SQL.
We've updated our Docs search functionality to use pgvector + OpenAI. Still no cease and desist from Microsoft, so you can continue to ask Clippy any Supabase-specific questions šš
We rewrote the Postgres Dockerfile with multi-stage builds so that each extension is compiled in its own separate stage. This reduces the size of the image from 1.3GB to 250MB, enabling a much faster boot time.
We've improved database role management. You can create, update, and delete database roles through the dashboard. Just one small step towards column-level security
Postgres Extensions: We're rolling out some fixes for several Postgres extensions. Check your Dashboard notifications to see if you need to take any actions.
Auth: Added full OpenAPI 3.0 spec which provides a comprehensive overview of the API with documentation on each request. PR
Database: supabase-js now infers the response type from your query. If the inferred type is incorrect, you can use .returns<MyType>() to override it. Doc
Dashboard: Improved database roles management, you can now create, update and delete database roles through the dashboard. Dashboard
Dashboard: We've provided a reference panel showing all available paths that can be queried from each respective source that improves the Logs Explorer experience. Dashboard
-Ā Edge Functions: upgraded to Deno 1.30.3, that supports TypeScript 4.9.x and introduces satisfies. Thanks to Benjamin Dobell š. PR
Realtime: Broadcast only primary key(s) for deleting records when RLS is enabled and replica identity is full. PR
The first month of the year was very productive here at Supabase. Here is a highlight of what we shipped during January:
Storing OpenAI embeddings in Postgres with pgvector#
pgvector is a popular PostgreSQL extension for storing embeddings and performing vector similarity search. It was one of the most requested extensions by the AI/ML community and is now available thanks toĀ gregnr.
Greg wasted no time and tookĀ pgvectorĀ for a spin, he combined it with OpenAI to build Supabase Clippy, a next-generation doc search. The first implementation is a 1-week MVP and fully open source, so you can build on top of it.
pg_graphql now supports Views, Materialized Views, and Foreign Tables#
Views, Materialized Views, and Foreign Tables are three database objects that provide a powerful way to access and organize and transform data without duplication.
Automatic WebP detection for Image Transformation#
WebP is a modern image format that provides superior lossless and lossy compression for images on the web. We are enabling format conversion by default for anyone who has Image Transformations. You can opt out by including format: origin in the transformation parameters.
-Ā Ā Postgres Extension: Another powerful and time-tested extension, pg_repack, is added to Supabase.Ā [PR]
-Ā Auth: Multi-tab session supportĀ using the new browser BroadcastChannel API. If a user logs out on one tab, they will now be logged out on all tabs.Ā [PR]
-Ā Postgres: Superior speed with lz4 database compression.Ā [PR]
-Ā Postgres: Use ICU locales and collations for text attribute ordering in database queries.Ā [PR]
-Ā Docs: New guide on scheduling functions with pg_cron. [Guide]
-Ā Edge Functions: You can now download source codes of deployed edge functions from the CLI. [Doc]
Launch Week 6 is just around the corner! Weāre saving most of Novemberās updated as a surprise for Launch Week, but we still had time to ship some goodies this month.
Next week, we go all out for LW6. Itās 5 days of shipping, including major features requested by the community. You donāt want to miss a thing, so make sure to claim your free ticket (and you might win some very special SupaSwag).
Itās here! The much-awaited Remix Auth Helpers make server-side auth even easier and with a better experience. Up to date with supabase-js V2 and can be used with Typescript.
NextAuth Supabase Adapter. Docs. This allows you to run NextAuth as your authentication server while storing user and session data in a dedicated next_auth schema in your Supabase Database. Complete with support for RLS. Do note that NextAuth is a standalone Authentication server that does not interface with Supabase Auth and therefore provides a different feature set.
The new versions of our two most popular SDKs have been fully released. It couldnāt have happened without our amazing community, thanks to everyone involved. Now, itās time to build š
Next.js Conf raised the bar for dev conferences. We had the honor of being a Gold Sponsor, so we revamped ourĀ Next.js Quickstart guideĀ to include our pre-built Auth UI andĀ Auth Helpers.
And Next.js 13 was announced! Making it extremely easy to fetch and cache data from ourĀ Serverless API. So we put together anĀ example to try it out.
The Auth team published an in-depth doc explaining how Supabase Auth supports server-side rendering. Includes an explanation of the authentication flow and answers to some of the more common questions.
Do you have 100% code coverage? Probably not, because thatās usually the last thing you think of, but definitely not if you donāt have database tests. We just shipped a framework for Database Tests which makes it incredibly easy to test your database using pgTAP an pg_prove.
You can now detect usersā location from Edge Functions easily by using X-Forwarded-For header. Example
Return provider_refresh_token along with provider_access_token. PR
Added a refreshSession method to allow users to forcefully refresh a session instead of waiting for it to autorefresh upon expiry. Thanks to @j4w8n for the PR šš»āāļø
Logging: realtime, storage, postgrest, and pgbouncer released.
Trigger a file download by adding the download query parameter to your storage objects. storage-api. PR
We did something a bit strange during September - weĀ didn'tĀ work on features. Quite the opposite. After Launch Week we did three subsequent weeks ofĀ Kaizen, a term we use internally to deliver constant and incremental improvement. Each week had a different focus:
Week 1: QA and testing
Week 2: Documentation
Week 3: Issue Backlog and Automation
It's pretty rare for a company to stop feature development altogether, but luckily we're just a bunch of developers so we all know the pain of technical debt. After 5 Launch Weeks, working on testing and backlogs feels like a bit of a relief.
We saw a lot of progress across our Open Issues - closing over 250 issues and 50 Pull Requests.
We launched the new Auth UI on Product Hunt! Auth UI is a pre-built React component for authenticating users with Supabase Auth. It supports custom themes and extensible styles to match your brand and aesthetic.
If you've ever wondered, "can I run Postgres inside a browser, using an embeddable Linux Virtual Machine?", wonder no longer. With our friends atĀ Snaplet, we've released an open source Postgres WASM.
We're making some changes to the way the Dashboard interacts with your database. These changes simplify the database permissions so that it's easier for you to migrate in and out of Supabase, and they reduce the security surface area considerably. The change will be applied automatically in November, or you can run it today via the Dashboard.
The PostgREST release notes document some changes to the way GUC variables are handled here.
Supabase has created a config flag in the Dashboard to ensure that this will not be a breaking change. These changes are required before you can upgrade to PostgreSQL 14+, or use Realtime RLS.
Supabase has already updated all the default auth functions (auth.uid(), auth.role() and auth.email()), however we have no way of updating functions which we have not written ourselves.
Any project that have custom auth functions or generally any function that use legacy GUC naming convention to access JWT claims (eg current_setting('request.jwt.claims.XXX', true).
This change is required for PostgreSQL 14+.
This change is required for Realtime row level security
You need to update all functions that are using the legacy GUC naming convention (current_setting('request.jwt.claims.XXX', true)) to use the new convention (current_setting('request.jwt.claims', true)::json->>'XXX').
Three new Auth providers, multi-schema support, and we're gearing up for another Launch Week.
Let's dive into what's been happening at Supabase during the month of October.
We're warming up for another Launch Week! Last time was "Launch Week II: the SQL". We're going to need another month to come up with a good pun again, so we'll aim for November.
We raised our Series A.
We'll use the funds to do more of the same - ship features and hire open source developers.
We'll release more details soon. Read more on TechCrunch.
If you've been waiting for Row Level Security to land in Postgres subscriptions,
then you're going to love our new repo:
Write Ahead Log Realtime Unified Security (WALRUS).
The name might be a bit forced, but the security design is deliberate.
It's not in production yet, but we're making the repo public for comments using an
RFC process.
RLS can be a bit foreign for developers getting started with Postgres.
This video by @_dijonmusters demystifies it. If you find the video a useful medium for learning, consider subscribing to our channel.
Last December we moved from Alpha to Beta, with a focus on Security, Performance, and Reliability. After a couple of Launch Weeks pushing out new and sexy features, we have decided it's time to focus on these again.
By the time we're done, Supabase will be production-ready for all use cases.
Following the success of our first Launch Week in March, we finished the July with "Launch Week II: The SQL".
The community has been sieving through a slew of bad puns and retro memes to discover the new feature announcements.
Your users can now log in with SMS based mobile auth! We have a Twilio integration (Guide Here) and will be adding more providers soon.
Other Auth updating include, Twitch logins, and the ability to generate invite, recovery, confirmation, and magic links via the API,
for people who want more control over the email templating flow. Read the blog post here.
We made some major new additions to the dashboard including usage statistics, a new project home, and tons of database insights.
Check the post here on what you get and how we built it.
You'll find us hanging out regularly in the #hangout channel.
We even "live-fixed" some production errors in there on Monday night (which occurred literally 1 hour before our first announcement of the week! Typical!).
We're fast approaching 1,500 members so come and join the action! discord.supabase.com
All new Supabase projects will be launched with PostgreSQL 13.3, and we're working on a migration path for old projects.
This gives you looooaads of new stuff out the box.
We worked with our friends at PostgREST to make some huge improvements.
For those of you who don't know, every Supabase instance comes with a dedicated PostgREST server by default,
which provides the auto-generated CRUD API that we wrap with supabase-js.
We're running a week long hackathon starting NOW. There are some legit prizes, and you can win in a bunch of different categories.
Check the full instructions here on how to participate. Submissions close next Friday at midnight PST.
We made an announcement on the progress of functions, and even shipped a few preliminary components, try them out and give us feedback as we continue to move towards this next major milestone.
Read the latest updates here.
Vercel just released their new integrations, which means you can now deploy a Postgres database on Supabase directly from your Vercel account.
Check it out! vercel.com/integrations/supabase
Building a community? There's almost no better tool than Discord (we're even trialling it ourselves).
If you're building a community product, Discord logins are the perfect option.
Want to share all your favourite memes? Now it's even easier with Public Storage Buckets. Simply mark a bucket as
"Public" and the content will be accessible without a login.
When things go wrong, sometime the best thing you can do is reboot. We released a restart button in the Dashboard,
the first of many debugging tools we'll be releasing over the next few months.
This month was a "gardening" month for Supabase. The team focused on stability, security, and community support.
Check out what we were working on below, as well as some incredible Community contributions.
We're a developer tool, which means that Dark Mode is extremely popular.
While Dark mode is great, for some people it's not an option. Dark Mode is difficult to use for developers with astigmatisms,
or even just working in brightly-lit environments.
So today we're shipping Light Mode. Access it in the settings of your Dashboard.
We open-sourced a server which keeps any Postgres database in sync with Stripe.
This is experimental only. We're evaluating other tools such as Singer,
which provide a more general solution (but are less "realtime"), and we're opening it up here to gather feedback.
It looks like @burggraf2 got tired of waiting for us to ship Functions, and decided to
build a whole JS ecosystem within his Supabase database. If you want to write PG functions in JS, import remote libraries
from the web, and console log to your browser, check out this SupaScript repo.
You might have noticed our Dashboard slowly changing (improving), as we migrate the components out to our open source UI Library. This progression is an important step towards offering a UI for Local Development and Self Hosting.
We're also working on our Workflows engine. This is quite a large task, but we're making progress and aiming to ship sometime in July.
Need to store images, audio, and video clips? Well now you can do it onĀ SupabaseĀ Storage. It's backed by S3 and our newĀ OSS storage APIĀ written in Fastify and Typescript. Read the full blog post.
TheĀ SupabaseĀ API already handles Connection Pooling, but if you're connecting to your database directly (for example, with Prisma) we nowĀ bundle PgBouncer. Read the full blog post.
We open sourced our internal UI component library, so that anyone can use and contribute to theĀ SupabaseĀ aesthetic. It lives atĀ ui.supabase.ioĀ . It was also the #1 Product of the Day on Product Hunt.
Now you can runĀ SupabaseĀ locally in the terminal with supabaseĀ start. We have done some preliminary work on diff-based schema migrations, and added some new tooling for self-hostingĀ SupabaseĀ with Docker.Ā Blog post here.
Thanks to a comunity contribution (@_mateomorris and @Beamanator), Supabase Auth now includes OAuth scopes. These allow you to request elevated access during login. For example, you may want to request access to a list of Repositories when users log in with GitHub. Check out theĀ Documentation.
New year, new features. We've been busy at Supabase during January and our community has been even busier. Here's a few things you'll find interesting.
Anyone who has worked with Firebase long enough has become frustrated over the lack of count functionality. This isn't a problem with PostgreSQL! Our libraries now have support for PostgREST's exact, planned, and estimated counts. A massive thanks to @dshukertjr for this adding support to our client library.
We enabled 2 new Auth providers - Facebook and Azure. Thanks to @Levet for the Azure plugin, and once again to Netlify's amazing work with GoTrue to implement Facebook.
In case our Auth endpoints aren't easy enough already, we've built a React Auth Widget for you to drop into your app and to get up-and-running in minutes.
Performance: We migrated all of our subdomains to Route53, implementing custom Let's Encrypt certs for your APIs. As a result, our read benchmarks are measuring up 12% faster.
Performance: We upgrade your databases to the new GP3 storage for faster and more consistent throughput.
Last month we announced an improved SQL Editor, and this month we've taken it even further. The SQL Editor is now a full Monaco editor, like you'd find in VS Code. Build your database directly from the browser.
We're now 8 months into building Supabase. We're focused on performance, stability, and reliability but that hasn't prevented us from shipping some great features.
In the lead-up to our Beta launch, we've releasedsupabase-js version 1.0 and it comes with some major Developer Experience improvements. We received a lot of feedback from the community and we've incorporated it into our client libraries for our 1.0 release.
Although it was only intended to be a temporary feature, the SQL Editor has become one of the most useful features of Supabase. This month we decided to make give it some attention, adding Tabs and making it full-screen. This is the first of many updates, we've got some exciting things planned for the SQL Editor.
For the heavy table editor users, we've gone ahead and added a bunch of key commands and keyboard shortcuts so you can zip around and manipulate your tables faster than ever.
One of the most requested Auth features was the ability to send magic links that your users can use to log in. You can use this with new or existing users, and alongside passwords or stand alone.
