Changelog

New updates and product improvements

We improved the information architecture on our docs site.

Why?

We’d outgrown the IA! As we added more features and guides, some sections grew to contain a miscellaneous collection of things that don’t belong together. They just had no better place to go.

With the new IA, it should be easier to find what you’re looking for.

Summary of changes

  • Two top-level menus, Build and Manage, to replace the old Build menu
  • Build menu:
    • Local development / CLI is now primarily about local dev, CI/CD information has been moved to Deployment
    • Information on both Vercel and Supabase integrations now moved to Integrations section
    • New Deployment section covers everything needed to get your changes onto hosted Supabase (including branching, Terraform, CI/CD, and production checklists)
  • Manage menu:
    • Platform management (formerly “Platform”) trimmed down to contain information about configuring your Supabase platform (including account management, project permissions, and billing)
    • New Monitoring and troubleshooting section contains troubleshooting guides and information on logging and telemetry

Improved users management UI

One of our oldest pages on the dashboard has finally gotten an upgrade! 😄 We're taking the first steps towards a pattern of visualizing table data with a data grid, with the Auth users page being our first contender. Couple of stuff that we'd love to highlight that were improved and introduced:

Click on users to grab more details about them in a side panel (PR)

Added a ban functionality within the danger zone at the bottom of the panel

Search now also supports filtering for providers (PR)

Columns can be sorted based on your preference (and will be persisted in local storage)

https://github.com/user-attachments/assets/3f7890ca-04cf-4cb9-8046-63b3db9b6eb9

You can also now toggle column visibility, as well as apply sorts on columns

View authentication logs of the user right from the panel (PR)

These tooling should now allow you to customize the auth users view that best fits your workflow, and we definitely hope to keep making this better so as always, feel free to drop us any feedback good or bad, any bugs via the widget at the top right corner of the dashboard 🙂 We say this all the time and its a promise that we've kept - we look at every feedback that comes in 🤙

PR: https://github.com/supabase/supabase/pull/29105

Link: https://supabase.com/dashboard/project/_/auth/users

Timestamp helper for Logs Collections

https://github.com/user-attachments/assets/80541e0a-4571-4193-ab9e-8d9af4b63d55

Hovering over the date/time string in the left most column of a row in any logs collection will now show a helper tooltip that will depict the time in 4 different formats: UTC, Local TZ, Relative time, and raw numerical timestamp. This will hopefully help with interpreting timestamps much easier and faster and alleviate any confusion around timezones! 🙂🕰️ We're also planning to use this pattern across the whole dashboard too wherever time data is involved 💪🏻

PR: https://github.com/supabase/supabase/pull/29530

Link: https://supabase.com/dashboard/project/_/logs/edge-logs

Other bug fixes and improvements

General

  • Added breakdown of security issues dropdown on project home page (PR)

Organization Settings

  • Fixed tooltip not showing up for users with project scoped roles, to show which projects they have roles for (PR)

Table Editor

  • Autofocus on search input when navigating to table editor (PR)
  • Improved column type dropdown with searching for types (PR)
  • Improved datetime editing in table editor grid + support for setting these column values to NULL (PR)

Edge Functions

  • Added validations for adding/removing secrets on SUPABASE_ prefixed secrets (PR)

Reports

  • Added database connections charts to database reports (PR)

Summary

Returning XHTML responses from the Data APIs and Edge Functions is now only allowed if a Custom Domain is being used.

Additionally, you can now serve HTML and XHTML responses from the Storage service as well, if a Custom Domain is being used.

If your use-case requires serving these content types, you can continue to do so by using a Custom Domain add-on.

Affected projects have been notified in advance.

Background

HTML responses (i.e. content-types that can be directly rendered by browsers) were historically disallowed for projects not using a custom domain, in order to prevent abuse on the shared domains used for provisioning Supabase projects. This change updates this behavior to process XHTML responses in the same manner, due to the same rationale.

These breaking changes are rolling out on October 15, 2024 and affects only organizations on the Enterprise plan that have implemented project permissions with members assigned either the Developer or Read-Only roles.

Supabase launched new granular access control for Enterprise organizations so that its members are given access to specific projects instead of the entire organization. You can check out our Launch Week 12 announcement to learn more.

We recently re-evaluated the access that the Developer and Read-Only roles have and decided to implement changes to restrict them on a couple of resources to improve your project's security.

On October 15, 2024, we will turn off certain access that the Developer and Read-Only roles currently have to your project's resources. The following table is to illustrate all of the breaking changes that will be going into effect:

ResourceActionDeveloperRead-Only
API Configuration
JWT SecretGenerate new✅ → ❌1
API SettingsUpdate✅ → ❌1
Auth Configuration
Auth SettingsUpdate✅ → ❌1
SMTP SettingsView1✅ → ❌
Update✅ → ❌1
Advanced SettingsUpdate✅ → ❌1
Storage Configuration
Upload LimitUpdate✅ → ❌1
S3 access keysCreate✅ → ❌1
Delete✅ → ❌1
Edge Functions Configuration
SecretsCreate✅ → ❌1
Delete✅ → ❌1
Authentication
ProvidersUpdate✅ → ❌1
Rate LimitsUpdate✅ → ❌1
Email TemplatesUpdate✅ → ❌1
URL ConfigurationUpdate✅ → ❌1
Logs & Analytics
Events CollectionsCreate✅ → ❌1
Update✅ → ❌1
Delete✅ → ❌1
Warehouse Access TokensCreate✅ → ❌1
Revoke✅ → ❌1

You can learn more about our Platform Access Control here: https://supabase.com/docs/guides/platform/access-control.

If you have any questions or concerns please contact support.

Footnotes

  1. Role's permission to the resource and action will remain the same. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Deployment of up to 5 read replicas now supported on larger compute sizes

Previously, each project could only deploy up to 2 read replicas, but we're now raising this limit to 5 for projects on larger compute sizes (XL and above).

PR: https://github.com/supabase/supabase/pull/29250

Link: https://supabase.com/dashboard/project/_/settings/infrastructure

Catch queries that contains an update query without a where clause in SQL Editor

Another effort to safeguard against running queries with unintended side effects - this time, we're checking for UPDATE queries without a WHERE clause - this check kicks in prior to running the query. We've also consolidated this warning with our existing warning against destructive operations to catch both cases if they exist in the same query.

PR: https://github.com/supabase/supabase/pull/28458

Link: https://supabase.com/dashboard/project/_/sql

Other bug fixes and improvements

General

  • Support querying a table via CMDK by opening the SQL editor (PR)
  • Update Supabase Assistant with GPT 4o from 3.5 (PR)

Table Editor

  • Improve pagination input field, by only navigating to page on Enter (PR)

SQL Editor

  • Fix inability to share queries that are under favorites (PR)
  • Fix moving snippets into folders (PR)

Storage Explorer

  • Fix to prevent continuously retrying when a file of an invalid mime type is uploaded (PR)

Auth

  • Support searching by UID (PR)
  • Add confirmation modal when closing tab with unsaved changes on templates page (PR)
  • Support adding/removing multiple redirect URLs (PR)

Database

  • Fix index page crashing when creating an index on a table with no columns (PR)

Logs Explorer

  • Layout shift and scroll fixes (PR)
  • Prevent use of WITH, ILIKE or wildcards (PR)

The initial launch of Read Replicas allowed for up to two Read Replicas per project.

The limit for projects on XL compute add-ons and larger has now been raised to 5 Read Replicas per project.

Projects on compute add-ons smaller than XL are still allowed up to 2 Read Replicas per project.

As our user base has grown, we are taking steps to make sure we are able to continue to provide a safe, secure, robust free plan experience. To ensure that email-based auth continues to work for all users on Supabase, we're making changes if you're using the default email provider. This allows us to continue to offer our default provider in a more sustainable and resilient manner.

For maximum flexibility and control over your auth emails, we suggest one of the following:

If you still want to use the default email provider, these are the changes being planned:

  • Email template customization will be allowed and customized email templates will not be reverted to default.

  • 26th September: If you do not have a custom SMTP server set up, emails can only be sent to email addresses in your project's organization. So for example, if your organization has the following members: [email protected], [email protected] and [email protected] , this means that email messages from Auth will only be sent to these addresses.

These measures are taken to prevent abuse to our shared SMTP service. In the future, we may consider increasing the email rate limits once we see a drop in abuse.

Frequently asked questions

Why such a short notice?

Supabase uses a third-party email sending provider that has mandated we reduce email abuse significantly or they will be forced to block all email sending. A tragedy of the commons.

Can't Supabase switch to a different email sending partner?

Yes, but we would run into the same issues. All email sending services are required to monitor abuse and force their customers to follow the same rules.

Can't Supabase send emails on their own, without a third party?

Not really. You can't just send email on the web today without investing a lot of money and time (unblocking port 25, keeping IP addresses out of spam lists, etc.). This is not our core competency and do not have plans to start doing this today.

How long does it take to set up a custom SMTP provider?

Fortunately this is very easy. You can use any email sending service for this, really popular ones include:

All you need to do is create an account, verify your sending domain and finally input the SMTP username and password in the Auth settings page.

What if I turn off email confirmations, can I use it then?

Currently this behavior is not supported and we'll be rolling out a fix for it during the first week of October.

Confirming email addresses is where most of the email message activity for a project originates. Turning it off can be a viable option for some projects that are still in the early testing, development or experimental phase.

Be aware that even if you turn off email confirmations the forgot password or reset password flows in your app continue to function. They also send messages, and starting 26th September those messages will be delivered only to the members of the Supabase organization that owns the project. All other end-users will get a message similar to "Email address not authorized." Effectively, the forgot password / reset password flow will be broken for your project.

What if I want just username + password authentication and using <username>@<fakedomain> instead?

Please don't do this. Part of the reason why we were forced to lock down these changes is bounced emails, probably from use cases like this.

Official username + password support is going to be made available in the coming year, and until then:

  • Use a real domain, that you control
  • Send emails to that domain, so set up a receiving server

But the best thing to do is:

  • Set up a Send Email Auth Hook that does nothing. You don't even need to use a server or an Edge Function. Just define a Postgres function that just does nothing.

All projects using generate link via the admin API without custom SMTP have been patched to allow the behavior. We still strongly urge those customers to set up custom SMTP regardless.

Just because you're mostly using the admin API to generate links to send in custom email messages, doesn't mean that the Auth server is not configured to use Supabase's shared SMTP service. Your Auth API can be called from your frontend at any time, especially in edge cases such as to handle forgot password or other similar flows, which you may not be handling via the admin API.

Therefore we urge all customers that do use the admin API to set up a custom SMTP sending service regardless.

If you are not interested in setting this up, you can instruct the Auth server to ignore all emails (pretend it's sending them) by configuring a Send Email Auth Hook as a Postgres function that does nothing.

How can I disable the warning banner?

You can disable the warning banner by setting up a custom SMTP provider , or, if your project doesn't use email at all, by disabling the email provider.

Updates

20th September 2024

Email template customization will be allowed and customized email templates will not be reverted to default.

Team has decided that restricting email template customization is not viable and a big breaking change. We may need to do go back to this in the future if abuse continues and our other measures like allowing projects to only send messages to authorized email addresses do not improve the situation. We continue to urge all customers regardless of plan that use the default SMTP service for live applications to move to a custom SMTP provider as soon as able.

  • 20th September: Email template customization will no longer be possible without setting up a custom SMTP provider. Email templates already customized can still be customized until 24th September.

  • 24th September: Projects without a custom SMTP provider will have their custom email templates returned back to the default ones from Supabase. This means that any auth emails sent out from your project will use the default email template.

Update (2nd October 2024): We have decided to push back the launch from 7th October 2024 to Q4 2024 to roll this out meticulously; we want to perform exhaustive security checks and spend more time dogfooding internally.

Asymmetric key changelog

Introduction

We are introducing asymmetric key cryptography to Supabase Auth in Q4 2024 on 7th October 2024. This will be provided as an additional option to the JWT secret currently shown in the JWT settings page.

Why are we doing this?

Supabase Auth has always been using a symmetric secret (known as the JWT secret) for signing and verifying JWTs. While this is simple and convenient (since the same secret is used for both signing and verifying), it presents the following problems:

  1. Extra network request required to verify the user’s JWT with the symmetric secret. Currently, one needs to make a request to Supabase Auth in order to verify the user’s JWT or copy the JWT secret into their environment. While the latter suggestion improves performance, it can result in security implications if the secret is accidentally leaked, which requires all your keys to be rolled.
  2. Difficult to roll with zero downtime. Since the symmetric secret cannot be shared publicly, developers need to wrangle with rolling the secret across their environments while ensuring that the new secret is used.

Benefits of using asymmetric keys

Asymmetric keys rely on public / private key cryptography, which means that the private key is only used for signing, while the public key is only used for verifying. This solves the above problems in the following way:

  • Usage of asymmetric key cryptography rather than a shared symmetric secret for signing and verifying JWTs. Since asymmetric keys don’t use a shared secret, there is less risk of the secret being leaked.
  • Faster JWT verification times since there’s no need to make a network call to Supabase Auth via getUser() . The public key can be used for verifying the JWT. Note that adding the symmetric secret to your server-side environment to verify the JWT also has the same effect but is potentially less secure since there is an increased risk of the secret being leaked if it is used in multiple applications.
  • Zero-downtime key rotation. Public keys can be exposed in a JSON Web Key Set (JWKs) format, which allows any one of them to be used for verification. When the asymmetric key is rotated, we can still keep the previously used public key in the JWKs endpoint to verify existing JWTs. New JWTs will be signed by the new asymmetric key.

These will include the following changes:

  • A public JWKs endpoint for retrieving the public JWK to verify JWTs. This will be exposed through the https://<project_ref>.supabase.co/auth/v1/.well-known/jwks.json endpoint. The symmetric secret will not be exposed through this endpoint for security reasons.
  • A new method called getClaims() , which handles verifying the JWT and returning the claims in it.
  • Ability to download the public keys in different formats through the dashboard (e.g. PEM, JWKs).

Migration to Asymmetric JWTs

New projects that are created after 1st May 2025 will be created with an RSA asymmetric key by default. Existing projects can choose to start using asymmetric keys by doing the following:

  1. Ensure that you are using the new API keys.
  2. Update all your clients to use at least supabase-js version x.x.x (the version number will be updated closer to the release date). In this version, we are introducing a new method called getClaims which handles verifying both symmetric and asymmetric JWTs:
    • Example successful response payload for getClaims()


      _29
      {
      _29
      "data": {
      _29
      "iss": "https://projectref.supabase.co",
      _29
      "sub": "565dafb5-fd66-4274-9c37-f0ff720f5637",
      _29
      "aud": "authenticated",
      _29
      "exp": 1824717902,
      _29
      "iat": 1724717902,
      _29
      "email": "[email protected]",
      _29
      "phone": "",
      _29
      "app_metadata": {
      _29
      "provider": "email",
      _29
      "providers": ["email"]
      _29
      },
      _29
      "user_metadata": {
      _29
      ...
      _29
      },
      _29
      "role": "authenticated",
      _29
      "aal": "aal1",
      _29
      "amr": [
      _29
      {
      _29
      "method": "oauth",
      _29
      "timestamp": 1724717902
      _29
      }
      _29
      ],
      _29
      "session_id": "479c1cbf-bd52-42d4-894f-1519f39b3241",
      _29
      "is_anonymous": false
      _29
      },
      _29
      "error": null
      _29
      }

    • Using getClaims() to verify the JWT


      _13
      import { createClient } from 'supabase/supabase-js'
      _13
      _13
      const supabase = createClient(SUPABASE_URL, SUPABASE_KEY)
      _13
      _13
      // previously, using getUser() requires making an
      _13
      // additional network request to Supabase Auth to verify the JWT
      _13
      //
      _13
      // const { data, error } = await supabase.auth.getUser()
      _13
      _13
      // getClaims() will always return the JWT payload if the JWT is verified
      _13
      // If it's an asymmetric JWT, getClaims() will verify using the JWKs endpoint.
      _13
      // If it's a symmetric JWT, getClaims() calls getUser() to verify the JWT.
      _13
      const { data, error } = await supabase.auth.getClaims(jwks)

  3. Create an asymmetric key through the dashboard. At this point the symmetric JWT moves to a Previously Used state. Existing JWTs signed with the symmetric JWT continue to be valid, but new JWTs are signed via the asymmetric JWT. Note: The UI mockup below is subjected to change and is just meant to illustrate the different possible states of a signing key.

  1. After the JWT expiry period, you can safely revoke the “Previously Used” symmetric JWT, since new JWTs will now be signed with the asymmetric key.

Frequently Asked Questions

  • What do I need to do before I can start using asymmetric keys in Supabase Auth?
    • See migration section above for the detailed steps
  • Can I create a symmetric key after I create an asymmetric key?
    • Yes. You will still be able to create a new symmetric key under the JWT settings page in the dashboard. New projects will be created with an asymmetric key by default on 1st May 2025.
  • Will the private asymmetric key be exposed?
    • No. Only the public keys will be exposed in various formats (e.g. PEM, JWKs) since those are needed for verification.
  • Will I be able to bring my own private key?
    • Yes, you can bring your own private key as long as it complies with the key types allowed.
  • What key types can I use to create asymmetric JWTs?
    • By default, asymmetric keys will be created with RS256 by default. You can optionally choose to use ECC or Ed25519. ECC keys are more performant, but not as widely supported as RS256. You can also fallback to HS256 (symmetric keys).

Introduction

We’re changing the way API keys work in Supabase to improve your project’s security and developer experience and plan to roll out these changes Q4 2024. Rest assured that the current API keys in your existing projects will continue to work for another year until 1st October 2025 during the transition.

We’ll contact you when we launch the new API keys, and when we do, no immediate action is required. However, we strongly recommend that you migrate your project’s existing API keys for the new set when they are introduced. Updating to use the new API keys is a quick and painless process and can be as simple as a change in environment variable and take just a few minutes.

Timeline

Update (2nd October 2024): We have decided to push back the launch from 7th October 2024 to Q4 2024 to roll this out meticulously; we want to perform exhaustive security checks and spend more time dogfooding internally.

Key DatesDescriptionUser Action Needed
Q4 2024
7th October 2024
Introduction of new API keys.

New projects will automatically generate both new API keys and legacy API keys to help ease the transition.

Existing projects can continue to use the legacy API keys and can opt in to use the new API keys by manually generating them.
No immediate action needed. We strongly recommend that you migrate to use the new API keys.
1st May 2025We will start sending you monthly reminders to migrate off legacy API keys and start using the new keys.

New projects will be created with only new API keys.

Projects restored from 1st May 2025 will no longer be restored with the legacy API keys.
You are highly encouraged to migrate off to use the new API keys before this date since paused projects that are restored risk being broken as they won’t have the legacy keys.
1st October 2025Legacy API keys will be deleted and removed from the Docs / Dashboard.You have to migrate to use the new API keys by this point or your app will break.

Why are we doing this?

Currently there is a tight coupling between API keys and the JWT secret which presents a few challenges:

  1. Difficult to revoke the service_role or anon key. Imagine if someone in your Supabase organization leaves the team, and you want to roll your project’s JWT secret to revoke their access? Or you accidentally commit the service_role key into your version control system and need to roll it?

    If either of these keys gets leaked, the developer’s only option is to roll the JWT secret by generating a new one. When the JWT secret is rolled, all authenticated users would be logged out, clients using the older anon and service keys would break. Realistically, there is no way to roll the JWT secret without downtime.

  2. Sub-optimal developer experience to create an API key with a custom role. Developer needs to sign a JWT with a long expiry time and their custom role using the secret.

The introduction of new API keys solves the above problems by allowing the developer to:

  • roll individual API keys
  • roll the API keys without logging out their users
  • create custom API keys easily

API Key changes

These are the planned changes for the API keys:

  • anon key will be renamed to publishable key and the service_role key will be renamed to secret key. publishable api keys are meant to be used along with Supabase Auth users and secret api keys are for use from the server side and bypasses all row level security policies. We chose to use publishable and secret to align with stripe’s terminology and preferred it to terms like public and private since those could be confused with public / private key cryptography when we introduce asymmetric JWTs to Supabase Auth.

  • New API keys will look like regular strings instead of JWTs:

    Legacy API KeysEquivalent New API Keys
    anon key: eyJhbGciOiJIUzI1...FDsBGn0iqSmL28Zeg8f0publishable key: sb_publishable_123abc
    service_role key: eyJhbGciOiJIUzI1...SEVEyZQNhffCoSj4P5Asecret key: sb_secret_123abc
  • With the new API keys, it will be possible to revoke individual API keys and without revoking the JWT secret. Once the legacy API key is revoked, it won’t be possible to restore them.

  • New projects will be created with both new and legacy API keys until 1st May 2025. New projects created after this date will only be created with new API keys.

  • Projects that are restored after 1st May 2025 will not be restored with legacy API keys.

  • Legacy API keys will no longer work for all projects after 1st October 2025.

Migration to the new API keys

  1. If you want to use the new API keys, all you need to do is to swap out your keys for the new ones:
Legacy API KeysEquivalent New API Keys
anon keypublishable key
service_role keysecret key
  1. Update your .env file to contain the new API key

_10
# the legacy anon key
_10
SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...w6PYobnC7Ep7EnDd9DG25qBFDsBGn0iqSmL28Zeg8f0
_10
_10
# the new publishable key
_10
SUPABASE_PUBLISHABLE_KEY=sb_publishable_123abc

  1. Instantiate the supabase client with the new API Keys.

_10
import { createClient } from 'supabase/supabase-js'
_10
_10
const supabase = createClient(SUPABASE_URL, SUPABASE_PUBLISHABLE_KEY)

  1. After all your clients have been instantiated with the new API keys, you can revoke the legacy keys from the dashboard.

Frequently Asked Questions

  • What is the timeline for the migration?
    • See "Timeline" section above
  • My app is deployed through Vercel / Netlify, how do I use the new API keys?
    • If you’re using Vercel or Netlify, changing the keys in your environment will only be reflected when you trigger a new deployment.
  • I only connect to the database via the connection string — do I need to worry about this at all?
    • No, unless you use the supabase client libraries to make queries to the database.
  • How do we do custom claims?
    • Currently, users have to manually create a new key with their custom claims using the JWT secret provided.
    • There will be support for creating new API keys with custom properties in the dashboard and management API.
  • What benefit do we get from migrating to use the new API keys?
    • You can revoke an individual key in the event of a compromise
    • You can revoke keys without logging out existing users
    • You don’t have to deal with minting a new JWT using the JWT secret if you want to add custom claims to an API key.
  • What is the interaction between the apikey header, the Authorization header and the underlying Postgres role used?
    • The new API keys are just regular strings instead of JWTs.
    • By default, secret API keys assume the service_role. When creating the new secret API keys, you can override this behavior and assign a custom role. Downstream services like postgREST and storage assume this role when they are called with this API key.
    • By default, publishable API keys default to the anon role. When a user JWT is passed in via the Authorization header, the role claim in the JWT is used instead. You cannot map publishable keys to custom roles when creating the key, like you will be able to do with secret API keys.

Schema Visualizer nodes are now persisted

This was yet another request that we've commonly heard from everyone and we're taking a first step to making this happen 😄 Position of the nodes will now be stored within local storage so that you won't have to re-position them each time you land on this page. We've also added a button to help arrange the nodes automatically if that might be preferred!

Note that if you add new tables to the schema however, the node positions will be defaulted to a certain position that may overlap with other nodes - we're definitely looking into how we can make that better so that new nodes can be easily identified (and then shifted around to your liking 🙂)

PR: https://github.com/supabase/supabase/pull/29136

Link: https://supabase.com/dashboard/project/_/schemas

Other improvements and bug fixes

General

  • Minor improvements to layouts and buttons to ensure their visibility on smaller screens (PR)
  • Fix project status filter on home page to only show active projects if only the active checkbox is checked (PR)

Table Editor

  • Fix client crash when creating an empty table with no columns (PR)
  • Fix handling of of large JSON / text fields in the side panel text editor (PR)

SQL Editor

  • Add client side validation for query size (max 1MB) (PR)
  • Couple of fixes around adding a new folder with the same name as an existing one (PR)

Database

  • Update Stripe Wrapper with more tables (PR)
  • Remove docs button for database extensions that have no documentation yet (PR)

Supabase Edge Runtime version 1.57 is compatible with Deno 1.45.

Supabase's hosted platform was upgraded to use this release when serving Edge Functions starting last week.

If you're using Supabase CLI for local development latest stable release 1.192.5, it adds compatibility for Deno 1.45.

How do I find which version of Edge Runtime I'm running?

Supabase CLI (local)

When you run supabase functions serve, it should show the current version of Edge Runtime used (and its Deno compatibility)


_10
> supabase functions serve
_10
_10
Setting up Edge Functions runtime...
_10
Serving functions on http://127.0.0.1:54321/functions/v1/<function-name>
_10
Using supabase-edge-runtime-1.58.2 (compatible with Deno v1.45.2)

Hosted Platform

You can check the served_by field in log events to see which Edge Runtime version was used to serve your function.

We try our best to maintain backward compatibility in these upgrades. If you're experiencing any issues, please feel free to make a support request

Upgrade your organization directly from our pricing page

https://github.com/user-attachments/assets/2262d816-0c69-4c58-a6e2-1ce4868122f2

Users who are logged in will now be able to select and upgrade their organization from the pricing page itself when clicking on the Upgrade to Pro / Team plan buttons. This is mainly to help streamline this process so that users can upgrade their existing organizations, and prevent confusions where users end up creating new paid organizations instead.

PR: https://github.com/supabase/supabase/pull/28942

Link: https://supabase.com/pricing

UI improvements around credit card billing information

Screenshot 2024-08-29 at 12 45 11

The selected payment method on the billing page is easily missed as you'll need to scroll down before finding it. In particular with outstanding invoices, it may not be obvious that the wrong card (or even expired card) might have been selected as the default. As such we now will

  • Indicate which cards are about to expire (within the current month)
  • Indicate which cards have expired
  • Show the selected payment method, along with a quick link to change it on the invoices page

PR: https://github.com/supabase/supabase/pull/28971

Link: https://supabase.com/dashboard/org/_/billing

Set payment method as default when adding a new payment method

Screenshot 2024-08-27 at 17 59 50

When adding a new payment method, we have now added a checkbox to set the card as default which is toggled on by default. This should resolve a UX issue whereby customers needed to explicitly set the card as default in a separate manual step after adding it.

PR: https://github.com/supabase/supabase/pull/28921

Link: https://supabase.com/dashboard/org/_/billing

Choose which schemas to share with OpenAI

This mainly applies to wherever the Supabase AI assistant is present in the dashboard (SQL Editor + RLS policies). You can now choose which schemas to share with OpenAI as opposed to sending information from all schemas in hopes to improve the output quality of the assistant by only sharing relevant information for your prompts to the assistant.

Do keep in mind that you'll need to opt in to sending anonymous data to OpenAI prior to doing this 🙂 You may also verify exactly what data is being sent here as well under "Important information regarding opting in"!

PR: https://github.com/supabase/supabase/pull/28594

Link: https://supabase.com/dashboard/project/_/sql/new

Other improvements and bug fixes

General

  • Show which is the last sign in method used on login page (PR)
  • Added 3 new regions to spin up projects from: Ohio, Stockholm, Paris, and Zurich (PR)
  • Commands added for cmd+k to search and open snippets in the SQL Editor (PR)
  • Support pasting image (via Cmd/Ctrl + v) in the feedback widget (PR)
  • Use expanding text area for RLS AI assistant for multi line prompts (PR)

Table Editor

  • Save last selected schema, no longer defaults to public schema (PR)
  • Set the correct schema in the schema selector when opening a table via URL directly (PR)
  • Support exporting table data as SQL seed file (PR)
  • Couple of fixes for bugs around composite foreign keys (PR)
  • Improve display of estimated row count for the table if the table has > 50k rows, to emphasize that it's an estimated count (PR)
  • Spreadsheet import now checks column types from imported spreadsheet (PR)

SQL Editor

  • Fix folder name editing where clicking on the input field toggles the folder (PR)
  • Support opening cell value via right click into a side panel for a more detailed view (PR)

Auth

  • "With check" checkbox is toggled on by default for commands that involve a with check expression (PR)

Storage

  • Support searching and sorting buckets (PR)

Logs Explorer

  • Support copying cell content via context menu (PR)

The SQL Editor got an upgrade this week, finally letting you organize snippets into folders!

  • Favourites and Shared snippets are in folders now
  • Organize Private snippets in folders as you like
  • Share snippets with your team as you could before

Link: https://supabase.com/dashboard/project/_/sql/new PR: https://github.com/supabase/supabase/pull/27881

Other bug fixes and improvements

Project compute size badge

  • See project compute details and upgrade right from the home screen (PR)

SQL Editor

  • Update the SQL Editor AI Assistant model to the latest from OpenAI (PR)

tldr:

  • No changes for Free Plan users
  • Billing for paid plan organizations will be based on provisioned disk rather than used database space:
    • Each project starts with 8 GB disk provisioned by default.
    • The first 8 GB of provisioned disk per project is free, then $0.125 per additional GB.
    • Charges are prorated down to the hour, which is advantageous for short-lived projects and branches.
    • Provisioned disk from Read Replicas will also be included in billing.
    • Enables upcoming features for enhanced control over disk and Postgres parameters.

Timeline

This change will be rolled out to new customers on August 26th, 2024 and will be gradually rolled out to existing customers shortly after.

Changes

We are adjusting our pricing to offer more flexibility and self-serve for developers wanting to tune their disk and Postgres configuration. For example:

  • Some developers want disks with higher throughput
  • Some developers want to store more than 1GB of WAL (for tools like Airbyte/PeerDB, or adding more read replicas)

To make this available we will start billing for provisioned disk size (rather than database space used). Previously, costs associated with WAL files were not directly billed but also users could not control change max_wal_size (default is 1GB).

There is no action needed on your end. You will automatically be transitioned to the new billing model throughout the next couple of weeks. In case there is any change in your monthly bill, we will reach out to you proactively with additional information and give you a grace period to decrease your usage.

For customers on the Free Plan, there will be no changes; the total database space remains capped at 500MB. These adjustments only apply to customers on paid plans. The database disk will continue to autoscale when nearing capacity for paid plan customers.

BeforeAfter (August 26th, 2024)
Price$0.125 / GB$0.000171 / GB-Hr
ChangeWe take the average database space used for all projects, independent of how many days/hours you store the files and sum it up.We will you based on the provisioned disk usage every hour. First 8GB per project are free. Read replicas will also incur disk costs.
Invoice ItemYour invoices display 'Total Database size'.Your invoices will display 'Disk Size GB-Hrs'.

Example 1: Pro plan org, active for whole month

In this scenario, an Organization is on the Pro Plan with 3 active projects.

Usage

Project# Days ActiveAverage Database Space UsedProvisioned DiskAfter: Provisioned Disk Size GB-Hrs
Project A3025 GB40.5 GB29,160 (720 hours * 40.5 GB)
Project B3010 GB27 GB19,440 (720 hours * 27 GB)
Project C305 GB8 GB5,760 (720 hours * 8 GB)
Total40 GB54,360 GB-Hrs

Billing

BeforeAfter
Total Usage40 GB54,360 GB-Hrs
Usage Discount (Pro Plan)(8 GB)(17,280 GB-Hrs - first 8 GB per project included)
Billable Usage32 GB37,080 GB-Hrs
Price$0.125 / GB$0.000171 / GB-Hr
Total Cost$4.00$6.43

Example 2: Pro plan org, active for part of the month

In this scenario, an Organization is on the Pro Plan with 3 active projects.

Usage

Project# Days ActiveAverage Database Space UsedProvisioned DiskAfter: Provisioned Disk Size GB-Hrs
Project A309 GB12 GB8,640 (720 hours * 12 GB)
Project B159 GB12 GB4,320 (360 hours * 12 GB)
Project C29 GB12 GB576 (48 hours * 12 GB)
Total27 GB13,536 GB-Hrs

Billing

BeforeAfter
Total Usage27 GB13,536 GB-Hrs
Usage Discount (Pro Plan)(8 GB)(9,024 - first 8 GB per project included)
Billable Usage19 GB4,512 GB-Hrs
Price$0.125 / GB$0.000171 / GB-Hr
Total Cost$2.38$0.77

Where do I see my disk size?

You can see your project’s disk size in your database settings (Project Settings > Database).

Screenshot 2024-07-25 at 09 36 09

How can I resize my disk down?

Your disk size is based on your database space usage. As a first step, you need to identify current database space usage and reduce it. To see your current database space usage, head over to the built-in “Database” project report. Once you have reduced your database space and want to reduce your provisioned disk, you can upgrade your Postgres version through your project settings to automatically rightsize your disk. For further information around disk management and reducing database space, please refer to our docs.

Is this going to affect my monthly bill?

If your current disk size is >8GB, this is likely going to impact you. Note that this will be gradually rolled out and you will be notified about the concrete impact on your organization and given a 3-month grace period, which gives you time to right-size your disk and minimize the impact of this change.

Further to earlier discussions, the threshold for transitioning large databases to use physical backups for their daily backups is being lowered to 15GB in the next few days.

Physical backups are more performant, have lower impact on the db, and avoid holding locks for long periods of time. Restores continue to work as expected, but backups taken using this method can no longer be downloaded from the dashboard.

Over the next few months, we'll be introducing functionality to restore to a separate, new database, allowing for the perusal of the backed up data without disruption to the original project.

Please refer to supabase.com/docs/guides/platform/backups#daily-backups-process for additional details.

Currently, usage data on the invoice breakdown and organization usage page has a 24-hour delay. Starting from August 26th, the usage data will have no more of 1 hour delay for new customers. Afterwards, the changes will be rolled out to existing customer gradually. We're also working on additional improvements to provide better usage insights.

Screenshot 2024-07-31 at 21 06 58

Additionally, we are revamping invoices to provide more detailed breakdowns of usage for enhanced transparency. Due to our new proration of project add-ons and storage down to the hour, you may notice slight variances in your monthly bill. For the majority of line items, you’ll see the project reference and usage on the invoice, which should make it clearer which project allocated the usage/costs.

A few examples:

Compute Hours is broken down per project and the compute credits ($10) is displayed as discount for the compute line item.

Screenshot 2024-08-08 at 20 34 47

Egress is broken down to each project and displays included quota (250GB) and over-age pricing ($0.09/GB)

Screenshot 2024-08-08 at 20 34 57

Realtime Messages line item shows package-based pricing with $2.50 per million.

Screenshot 2024-08-08 at 20 35 26

Moving to hourly usage-based billing for IPv4, Custom Domain and Point-in-time recovery

We’re moving to billing all project add-ons usage-based and prorated down to the hour at the end of your billing cycle. We're not altering the monthly prices.


Timeline

This change will be rolled out to new customers on August 26th, 2024 and will be gradually rolled out to existing customers shortly after.


Changes

BeforeAfter (August 26th, 2024)
Custom Domain$10 / month$0.0137 / hour
IPv4$4 / month / database$0.0055 / hour / database
Point-in-time Recovery - 7 Days$100 / month$0.137 / hour
Point-in-time Recovery - 14 Days$200 / month$0.274 / hour
Point-in-time Recovery - 28 Days$400 / month$0.55 / hour
ChangeProject add-ons are paid upfront. Every time you change an add-on, you immediately pay for remaining time or get credits for unused time. Each change triggers an additional invoice.We bill you at the end of your billing cycle for the hours you’ve used the project add-ons. No in-between charges, credit prorations or additional invoices.
Invoice ItemYour invoices display 'Add-on Name'.Your invoices will display 'Add-on Name Hours'.

Details

We're updating how we bill project add-ons (IPv4, Point-in-time recovery, Custom Domain) without changing their monthly prices. This change will be rolled out on August 26th, 2024 for new customers and shortly after for existing customers.

Previously, when you added a project add-on, like IPv4 or PITR, you were immediately invoiced and charged for the remaining billing cycle period. At the start of a new cycle, you paid upfront for the entire month. If you removed an add-on mid-cycle, you received a credit for unused time.

Starting August 26th, you will be billed retrospectively for these add-ons, similar to Compute Hours. There are no more upfront charges, prorated invoices, or credits. You simply pay for the exact hours you use the project add-ons.

Plans (Pro/Team/Enterprise) are still charged upfront and there are no changes to how they are billed.

Hourly Billing for Storage

We’re moving to more granular billing periods. We're not altering the prices or storage quotas. Every customer will benefit from this change, especially short-lived projects and customers using Branching.

Timeline

This change will be rolled out to new customers on August 26th, 2024 and will be gradually rolled out to existing customers shortly after.

Changes

The price will move to "GB per hour" instead of "Total storage GB":

BeforeAfter (August 26th, 2024)
Price$0.021 / GB$0.00002919 / GB / hour
ChangeWe take the average storage size for all projects, independent of how many days/hours you store the files.We bill you only for the exact GBs used each hour.
Invoice ItemYour invoices display 'Total storage size'.Your invoices will display 'Storage Size GB-Hrs'.

Let's step through 2 scenarios to explain how this change will benefit developers:




Example 1: Pro Plan Org, active for the full month

In this scenario, an Organization is on the Pro Plan with 3 active projects.

Usage

The projects are running for the entire month:

Storage# Days ActiveActive Hours (After)
Project A200 GB30144,000 (720 hours * 200 GB)
Project B1,500 GB301,080,000 (720 hours * 1,500 GB)
Project C2,500 GB301,800,000 (720 hours * 2,500 GB)
----
Total4,200 GB3,024,000 hours

Billing

After the billing changes on August 26th there would be no change in pricing:

BeforeAfter
Total Usage4,200 GB3,024,000 hours
Usage Discount (Pro Plan)(100 GB)(74,400 hours)
Billable Usage4,100 GB2,949,600 hours
---
Price$0.021 / GB$0.00002919 / GB / hour
Total Cost$86.10$86.10



Example 2: Pro Plan Org, active for part of the month

In this scenario, an Organization is on the Pro Plan with 3 active projects.

Usage

In this scenario, some of the projects are only active for a few days in the month:

Storage# Days ActiveAfter: GB Hours
Project A200 GB29,600 (48 hours * 200 GB)
Project B1,500 GB15540,000 (360 hours * 1,500 GB)
Project C2,500 GB301,800,000 (720 hours * 2,500 GB)
----
Total4,200 GB2,349,600 hours

Billing

Currently we charge you for the full 4,200 GB, even though Project A and B weren’t active for the entire month. After August 26th, this scenario will be 22.87% cheaper:

BeforeAfter
Total Usage4,200 GB2,349,600 hours
Usage Discount (Pro Plan)(100 GB)(74,400 hours)
Billable Usage4,100 GB2,275,200 hours
---
Price$0.021 / GB$0.00002919 / GB / hour
Total Cost$86.10$66.41



Feedback

This change should be universally beneficial, but if there is anything that we have missed just let us know and we will make sure we consider it before rolling out this change.

WebAssembly Foreign Data Wrapper (Wasm FDW) is now on public alpha from Wrappers version >= 0.4.1. This release also contains two new Wasm FDWs: Snowflake and Paddle.

What is Wasm FDW?

In previous versions of Wrappers, all the foreign data wrappers need to be built into wrappers extension. The develop/test/release cycle is time consuming and fully on Supabase teams. To speed up this process and give more flexibility to community, we're adding Wasm to the Wrappers framework. With this new feature, users can build their own FDW using Wasm and use it instantly on Supabase platform.

Another benefit is because of the improved modularity, each FDW can be updated and loaded individually. New FDWs release will be quicker than before. Also, wrappers extension size won't be bloated as more FDWs added in.

What are the changes?

There is no changes from end-users' perspective, all existing native FDWs are still same. The Wasm FDW only brings a new way of developing and distributing FDW.

How to use it?

Visit Database -> Platform -> Wrappers on Supabase Studio, enable Wrappers and choose Snowflake or Paddle, then create foreign tables.

Visit Snowflake Wasm FDW docs or Paddle Wasm FDW docs for more details.

How to develop my own Wasm FDW?

To build your own Wasm FDW, visit the example project to get started.

We have several updates and new features to share with you this month. Dive in to see what’s new from Supabase.

Edge Runtime Inspector Feature (CLI)

We’ve introduced the Edge Runtime Inspector, a powerful new feature in the CLI that helps you inspect and debug edge functions more efficiently. Pull Request

View and Abort Running Queries (Supabase Studio)

You can now view and abort queries currently running on your database (primary or replica) in the Supabase Studio SQL Editor. This feature gives you greater control and flexibility in managing your queries. Pull Request

Logging Integration With The ELK Stack

The Logflare to Elastic filebeat backend has been merged. This integration enables log drains to ELK stacks, providing more robust logging and monitoring capabilities. Documentation

Interpreting Supabase Grafana I/O Charts

We have published a guide on how to use the Supabase I/O charts to identify when you may need to scale your database, optimize your queries, or spin up a read replica. Github Discussion

Breaking Change to Supabase Platform Access Control

On July 26, 2024, Supabase will be making breaking changes to our platform’s access control system. Developer and Read-Only roles will no longer have write access to an organization’s GitHub and Vercel integrations. These changes will not affect existing integrations that are in place. Github Discussion

Change to Retention of Paused Free Tier Projects

Starting June 24, 2024, paused Free Tier projects are restorable for 90 days. There is a grace period where all paused projects will continue to be restorable until September 22, 2024. Github Discussion

Billing Improvements

We’ve made significant improvements to our billing system to help you better understand compute pricing. These changes aim to prevent unexpected charges and provide clarity on “Compute Hours.” Github Discussion

Quick product announcements

[Edge Functions] We’ve implemented some key updates to Edge Functions, including adding Deno 1.43 support [Github Discussion]

New Engineering and Troubleshooting Guides

Made with Supabase

  • Dribble - Flutter NBA name guess game available for iOS and Android [Website]
  • EvalHub - an open-source platform for researchers to discover AI evaluation metrics [Website]
  • SVGPS - Removes the burden of working with a cluster of SVG files by converting your icons into a single JSON file [Website]
  • CleanCoffee - Lean coffee discussion utility where you can create boards and share with friends [Website]
  • Rewritebar - Improve your writing in any macOS application with AI assistance. Quickly correct grammar mistakes, change writing styles or translate text [Website]

Community highlights

  • Building a Basic Social Network with Remix and Supabase [YouTube]
  • Next Level Supabase Techniques For Your Production App! [YouTube]
  • Building a Local-First React Native App with PowerSync and Supabase [YouTube]
  • Build a Fullstack Job Portal App with Next.js 14, Tailwind, Supabase, Stripe, Clerk [YouTube]
  • Generate Vector Tiles with PostGIS [Blog] [YouTube]

Supabase HTTP APIs are no longer using DigiCert as the root CA. This should have no impact on the vast majority of environments, as the other CAs in use are essentially universally trusted.

If your client environment only trusts certificates signed by DigiCert, you could be impacted. We're currently using Cloudflare to serve our HTTP APIs, and recommend ensuring that any client environment that only trusts a specific subset of CAs trusts all of the CAs Cloudflare uses.

In an effort to simplify pricing, we are going to remove usage-based billing for the number of Edge Functions in your projects. Instead, we are going for a bigger quota across all plans at no extra costs. We picked the limits to ensure all customers are benefiting from this change.

Free Plan customers can now create 25 instead of 10 functions without the need to upgrade to a paid Plan.

Free PlanPro PlanTeam Plan Enterprise Plan
Before10 included100 included, then $10 per additional 100100 included, then $10 per additional 100Custom
After25 included500 included1000 includedUnlimited

This change is effective immediately and in case you were previously exceeding the number of included functions on a paid Plan, you will no longer be charged for it.

These breaking changes are rolling out on July 26, 2024 and affects all organizations that have members assigned either the Developer or Read-Only roles.

All Supabase organizations invite users and assign them to one of the following roles as part of membership to an organization:

  • Owner
  • Administrator
  • Developer
  • Read-Only (available only on Team and Enterprise plans).

Depending on the role, members are authorized to access a specific set of the organization's resources, such as permission to create a new project or change the billing email.

We recently re-evaluated the access that the Developer and Read-Only roles have and decided to implement changes to restrict them on a couple of resources to improve your organizations' security.

On July 26, 2024, we will turn off certain access that the Developer and Read-Only roles currently have to your organization's resources. The following table is to illustrate the breaking changes that will be going into effect:

ResourceActionDeveloperRead-Only
Integrations1
Authorize GitHub-✅ → ❌✅ → ❌
Add GitHub Repositories-✅ → ❌✅ → ❌
GitHub ConnectionsDelete✅ → ❌2
Vercel ConnectionsUpdate✅ → ❌2
Delete✅ → ❌2

You can learn more about our Platform Access Control here: https://supabase.com/docs/guides/platform/access-control.

If you have any questions or concerns please contact support.

Footnotes

  1. Existing integrations will continue to work.

  2. Role's permission to the resource and action will remain the same. 2 3

Option to use a dedicated api schema for your project

By default, the public schema is used to generate API routes for your database. In some cases, it's better to use a custom schema - this is important if you use tools that generate tables in the public schema to prevent accidental exposure of your data.

The dashboard supports this workflow through 2 options: either at the project creation step under "Security Options", or in the project's API settings after your project has been created. More information about this workflow in our documentation here!

Link: https://supabase.com/dashboard/project/_/settings/api

PR: https://github.com/supabase/supabase/pull/27918

Other bug fixes and improvements

SQL Editor

  • Text area under AI assistant is now expandable for better UX with multi-line prompts (PR)

Database

  • Added placeholder for function body editor section to hint the syntax if language selected is plpgsql (PR)

Logs Explorer

  • Fixed logs explorer placeholder query for local set up (PR)

Supabase support for Postgres 13 is being deprecated as of 15th July 2024, and support for it will be fully removed on 15th November 2024.

All Postgres 13 projects should be upgraded to Postgres 15 before 15th November, 2024.

Any projects still on Postgres 13 after the 15th of November 2024 will be automatically upgraded to Postgres 15. If any Postgres extensions or functions are in use that cause the upgrade process to fail, a backup will be taken instead, and the project will be paused.

Postgres 15 comes with numerous features, bug fixes and performance improvements. Check out the announcement blog posts to find out what each version introduces.

Deprecation Timeline

  • 15th July: All users are notified via email about Postgres 13 Deprecation. Users can self-serve upgrade to Postgres 15 from our dashboard.
  • 30th September: Users are reminded of impending deprecation via email.
  • 30th October: Users are sent a final email reminder.
  • 15th November: Any remaining projects on PG13 start getting migrated to PG15 (or paused, if there are upgrade issues).

Option to disable Data API when creating projects

Screenshot 2024-06-24 at 6 58 14 PM

You can now opt to disable the Data API when creating a new project under a section called "Advanced Options", such that you will only be able to connect to your database via connection string. Note that this setting can be subsequently updated again in the project's API settings if and when you want to connect your project via the client libraries.

PR: https://github.com/supabase/supabase/pull/26809

Link: https://supabase.com/dashboard/new/_

Authorization for Realtime is now available!

You can now control client access to Realtime Broadcast and Presence by adding Row Level Security policies to the realtime.messages table! Read more about through our documentation here!

PR: https://github.com/supabase/supabase/pull/27362

Link: https://supabase.com/dashboard/project/_/realtime/inspector\

Optimizations for table editor row count query

image

Previously, the Table Editor on the dashboard would run a select count(*) from table query to retrieve the number of rows in the table and display it in the editor (this also supports the pagination logic as well). However, understandably this query can be resource intensive and expensive if the table in question is particularly large. As such, we've chucked some optimizations around this logic to only retrieve the exact row count if the table has less than 50k rows, otherwise we'll retrieve an estimate of the row count instead. You'll still be able to get the exact row count but on demand instead.

PR: https://github.com/supabase/supabase/pull/27612

Link: https://supabase.com/dashboard/project/_/editor

Support showing all entity types in the database/tables page

PR: https://github.com/supabase/supabase/pull/27749

Link: https://supabase.com/dashboard/project/_/database/tables

Other improvements and bug fixes

General

  • More granular project statuses for pausing and restoration (PR)
  • Support filtering projects by status (either active or paused) (PR)

Account

  • Added instructions on how to change your email for your account (PR)

Storage

  • Fix uploading a folder to the storage explorer causes all files to be uploaded in a flat list with the folder name prefixed to the file name (PR)

Table Editor

  • Optimized table editor select query when cutting off column values (PR)

SQL Editor

  • Added labels and grid to SQL editor charts (PR)

Greater clarity on costs when creating new projects

Screenshot 2024-06-14 at 17 06 16

One of our bigger papercuts in terms of billing is customers not understand compute pricing and that they cannot launch unlimited projects for $25 in total per month. Customers also get confused with "Compute Hours" on their bill. The changes aim to alleviate any "surprise" compute charges and serves as kaizen improvement.

Changes involved are only applicable to paid plan organizations, as it's irrelevant for free plan organizations.

PR: https://github.com/supabase/supabase/pull/27268

Link: https://supabase.com/dashboard/new/_

Address Table Editor "resorting" of rows when rows are updated and no active sorts applied

If you've tried updating a table via the Table Editor without an active sort in place, you'd have noticed that the rows seem to re-sort themselves, specifically the row that you were updating. While this is because rows are returned in an unspecified order without a sort clause from the select query, it certainly must've been a confusing UX. We've alleviated this problem by setting a default sort by clause when reading the table via the Table Editor, which will get overriden once you've set a sort via the UI.

PR: https://github.com/supabase/supabase/pull/27097

Link: https://supabase.com/dashboard/project/_/editor

Other improvements and bug fixes

General

  • Greater granularity in project statuses, specifically for when project is restoring, when restoring failed and when pausing failed (PR)

Database

  • Table searching is now case in-sensitive (PR)
  • Add duplicate table CTA (Similar to the Table Editor) (PR)

SQL Editor

  • Auto limit fix for when SQL query has "fetch first n rows only" (PR)
  • Preserve whitespace in results (PR)

Query Performance

  • Support index advisor for queries from Postgrest (PR)

Org Billing

  • Users can now only manage a single tax ID instead of multiple (PR)

This only impacts projects on the Free Plan because projects in any of the paid plans cannot be paused.

Beginning June 24, 2024, we're updating some project pause/restore behavior:

  • paused Free projects are restorable for 90 days following their pause date
  • any Free projects paused before June 24 will be able to restore at any point before September 22, 2024 so they have a full 90 days from when this announcement is made
  • once a project is no longer restorable, the "restore" option is replaced with an option to download the latest logical backup, taken right before the project is paused, and all Storage objects

This change is being made to enable us to maintain high development velocity on the platform. Previously, paused projects could be restored indefinitely. That creates the need for the platform to remain fully backwards compatible with outdated versions of Postgres and associated extensions. The update allows us to provide a reasonable pause/restore window while gaining the ability to evolve the platform.

Supabase Edge Runtime version 1.54 is compatible with Deno 1.43.

Supabase's hosted platform was upgraded to use this release when serving Edge Functions starting today.

If you're using Supabase CLI for local development latest stable release 1.176.10, it adds compatibility for Deno 1.43.

How do I find which version of Edge Runtime I'm running?

Supabase CLI (local)

When you run supabase functions serve, it should show the current version of Edge Runtime used (and its Deno compatibility)


_10
> supabase functions serve
_10
_10
Setting up Edge Functions runtime...
_10
Serving functions on http://127.0.0.1:54321/functions/v1/<function-name>
_10
Using supabase-edge-runtime-1.54.2 (compatible with Deno v1.43.0)

Hosted Platform

You can check the served_by field in log events to see which Edge Runtime version was used to serve your function .

We try our best to maintain backward compatibility in these upgrades. If you're experiencing any issues, please feel free to make a support request

Supabase underwent Consolidation Month™ to focus on initiatives that improve the stability, scalability, and security of our products. We also have exciting product announcements that we can’t wait to share. Let’s dive in!

Consolidation Month™

We kicked off Consolidation Month (no it’s not actually trademarked) during the month of May. During this time, every product team within Supabase addressed outstanding performance and stability issues of existing features. Here’s a small subset of initiatives and product announcements as part of Consolidation Month:

Auth Launches @supabase/ssr for Better SSR Framework Support

The newly released @supabase/ssr package improves cookie management, developer experience, and handling of edge cases in various SSR and CSR contexts. We’ve added extensive testing to prevent issues that users experienced with the @supabase/auth-helpers package.

Announcement

pgvector v0.7.0 Release Features Significant Performance Improvements

pgvector v0.7.0 introduced float16 vectors that further improve HNSW build times by 30% while reducing shared memory and disk space by 50% when both index and underlying table use 16-bit float. The latest version also adds sparse and bit vectors as well as L1, Hamming, and Jaccard distance functions.

Announcement

Edge Functions Improves Memory Handling

The Edge Functions team has significantly reduced the error rate for functions encountering memory issues by implementing better safeguards. This has greatly minimized errors with the 502 status code. Additionally, status codes and limits are now documented separately.

Status Codes | Limits

Dashboard Supports Bigger Workloads as Projects Grow

The Supabase Dashboard is now better equipped to handle your projects, regardless of their size. We have implemented sensible defaults for the amount of data rendered and returned in the Table and SQL Editors to prevent browser performance issues while maintaining a snappy user experience.

Announcement

Realtime Standardizes Error Codes

Realtime now emits standardized error codes, providing descriptions of their meanings and suggested actions. This enhancement improves your error-handling code and helps to narrow down whether the issue lies with the database, Realtime service, or client error.

Realtime Error Codes

RLS AI Assistant v2

We’ve improved the prompt and output of our RLS AI Assistant by including best practices found in our RLS docs and upgrading to OpenAI’s newest GPT-4o. We’ve also introduced numerous test scenarios to make sure you’re getting the right security and performance recommendations by comparing parsed SQL with the help of pg_query.

Pull Request

Quick product announcements

  • [Functions] JSR modules are supported in Edge Functions & Edge Runtime [Announcement]

  • [Functions] Debug Edge Functions with Chrome DevTools [Docs]

  • [Functions] Use HonoJS web Framework with Edge Functions [Docs]

  • [Analytics] Log Drains is in Private Alpha [Announcement]

  • [Realtime] Realtime Authorization Early Access [Announcement]

  • [Docs] SQL to PostgREST API Translator [Docs]

  • [Client libs] Supabase JavaScript SDK Sentry Integration now supports Sentry SDK v8 [Commit]

Made with Supabase

  • GroupUp - organize social gatherings to hang out with friends [Website]
  • HabitKit - track habits, view daily progress, and stay motivated as you work towards your goals [Website]
  • Meteron AI - LLM and generative AI metering, load-balancing and storage [Website]
  • EQMonitor - An app that displays and notifies earthquake information in Japan [Website]
  • GitAuto - AI software engineer that writes, reads, and creates pull requests [Website]
  • GenPPT - Free AI powerpoint presentation generator to help you create beautiful slides in minutes [Website]

Community highlights

  • Make your queries 43,240x faster [Video]
  • Exploring Support Tooling at Supabase: A Dive into SLA Buddy [Article]
  • FlutterFlow SuperApp Complex Template : Developing Feed with Supabase [Video]
  • How We Use Supabase in Betashares Direct [Video]
  • AI Assistant to Chat with Supabase Database [Video]
  • How to use wrappers in Supabase [Video]
  • Build Realtime Apps with Next.js and Supabase [Video]
  • SvelteKit & Supabase Project Build [Video]
  • Next.js 14 x Supabase — Build a Team component using shadcn [Article]
  • Create a Real Time Chat App with Supabase and Angular [Article]

This discussion was created from the release Developer Updates - May 2024.

You might be wondering what we've been up to the past few weeks when we'd usually have some cadence in our weekly updates with our GitHub discussion updates - the team at Supabase had decided to commit to a month of consolidation by putting our efforts into each of the following pillars: Alerting, Testing, and Scaling. Let's jump right in to see what this means for the Dashboard! 💪🏻

🚨 Alerts: Enabling proactive resolution to issues that users run into

We want to find out about bugs before you do. In an effort to lower the time between deploying a bug and fixing it, we’ve set up some alerts that will enable us to be more proactively catch bugs, in particular for show-stopping problems (e.g that awful “A client side exception has occurred” screen)!

  • Added alerts for critical points of failures (PR) This includes any errors that will completely prevent you from using the Supabase dashboard.
  • Added alerts for full page client crash events with a custom error boundary (PR) Having a custom error boundary also allows us to potentially provide contextual hints/resolutions to the problem faced, such as what we did in this PR.

🛠️ Testing: Identifying and covering critical points of failure

We believe in ensuring that minimally our critical paths are covered by tests as opposed to ensuring our dashboard has 100% test coverage. Anything that might completely block our users from doing what they need to do should be caught as much as possible before reaching production.

  • Moved to Vitest + Integrating packages to make writing tests easier (PR) We’ve revamped our current test set up to use Vitest instead of Jest and have integrated Mock Service Workers (MSW) and next-router-mock. These are all to support writing better tests easier, and also to reduce the amount of configuration we need to set up the tests.
  • Expanded on Playwright for E2E tests (PR) We previously had a couple of Playwright tests written over in our tests repository that we’ve decided to shift over to our main repository. We’re also in the midst of writing more tests and making them public

📈 Scaling: Supporting bigger workloads as the project grows

The dashboard should be able to keep up with your projects, no matter how big they grow - and even if unable to, it should never block you, or leave you feeling confused. This effort involved several solutions: gracefully failing if unable to handle large workloads, better observability, or even just better error handling to allow our users to self-service most errors. We were able to get improvements out for several common issues. Check out each individual PR for more information 😄

  • Rendering large column data within the Table Editor (PR) We’re now limiting rendering each text/JSON based column data in the table editor at a max of 10kB when initially viewing the table, which should alleviate browser performance issues when rendering tables with large row data. You may load the entire column data on demand instead.
  • Handling large results within the SQL editor (PR) A limit parameter will now be added as a suffix to select queries that are run in the SQL editor, which should prevent the browser performance from degrading when trying to query too much data. The limit parameter can be optionally removed if your intention might be to pull data in greater quantity.
  • View ongoing queries in the SQL editor and support terminating them (PR) This came in response to a user who accidentally ran a large query through the SQL editor which ended up in the API request timing out, giving the impression that the query stopped running when in fact it was still running on the database in the background. This should help surface such problems and give the tooling required to abort erroneous queries.
  • Contextual errors when something goes wrong (PR) While the attached PR was more of a POC, this is the direction we want to move towards to by providing contextual information and suggest possible resolutions whenever users run into an error

Of course consolidation is not a one time event, but an ongoing effort that our team is committing to in parallel to shipping new and exciting features. We hope that as our users, you will all be able to benefit from this with less blockers to keep you from building cool stuff 🙂

As always, if you have any feedback for us - we're just a message away through the feedback widget to the top right corner of the dashboard! We're always listening 👂🏻 (as in reading 👀).

Go here for latest update

Hey everyone,

I'm Stojan a member of the Supabase Auth team, bringing some updates about what's next with @supabase/ssr. This is the recommended package that helps you use the Supabase JavaScript client with SSR frameworks such as NextJS, Remix, SvelteKit and others.

We've been quite busy recently gathering feedback, reviewing common complaints and bugs with the package, and using it in the popular SSR frameworks. We've identified a few areas needing improvement and we've already started implementing them.

The package is still on major version 0, indicating its beta status. We plan to move it to major version 1 in the coming months making it the preferred way of using the Supabase JavaScript library in your favorite SSR framework.

First, we'll extract @supabase/ssr's code from the auth-helpers repository into its own. We’re doing this because:

  • @supabase/auth-helpers-x (like for NextJS) is no longer supported by the team, as we expect people to move to @supabase/ssr.
  • It's no longer about "auth-helpers," but rather about how you can most effectively and ergonomically use the Supabase Client in various SSR and CSR contexts.
  • A standalone repo makes it easier for the community to contribute and for us to track issues.

We're going to release a fairly ground-up reimplementation of the package. This should come as version 0.4.0 around mid-June. We've received a lot of signal in the past months from developers and the community about possible improvements for developer ergonomics and better handling for edge cases.

The reason for this change is because @supabase/ssr is really just a thin layer for cookie management on top of @supabase/supabase-js. We've identified some improvements that reduce odd and difficult-to-diagnose behavior. The new implementation will boast over 90% test coverage, including testing for issues that we’ve seen commonly reported so far.

As part of the new implementation, we are changing the API. The old API will be deprecated when we reach v1.0.0. This is to ensure the best possible experience for both developers and users. For most use cases and happy paths, the deprecated API will continue working during the phase-out, but we encourage switching as soon as possible. Once we release v1.0.0, major version 0 will no longer be maintained.

The change in the API is quite simple, so here’s an example of how it will look like. Instead of defining three cookie access methods get, set and remove like so:


_13
createServerClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
_13
cookies: {
_13
get: async (name) => {
_13
// ...
_13
},
_13
set: async(name, value, options) => {
_13
// ...
_13
},
_13
remove: async(name) => {
_13
// ...
_13
}
_13
}
_13
})

You would need to define two — getAll and setAll cookie access methods like so:


_10
createServerClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
_10
cookies: {
_10
getAll: async() => {
_10
// return all cookies you have access to
_10
},
_10
setAll: async(cookiesToSet: { name: string; value: string; options: CookieOptions; }[]) => {
_10
// set the cookies exactly as they appear in the cookiesToSet array
_10
}
_10
}
_10
})

Note that for createBrowserClient nothing needs to be done in most cases, it automatically works with the document.cookie API.

The change should be trivial for most SSR frameworks, and we'll be sure to update the guides to instruct you on how to change your code into this new way of accessing cookies.

Thanks for all your feedback! Feel free to ask any questions below!

Log drains is currently private alpha, and is available for Teams and Enterprise customers. We are still firming up the pricing and documentation, however it will likely involve a flat fee and variable egress usage. This will be announced separately through official channels.

We will be supporting Datadog as our initial provider.

The following destinations are in the works:

  1. Elastic/Filebeat
  2. Syslog

We are currently onboarding interested customers manually, so please fill out this form to get started: https://forms.supabase.com/logdrains.

We've released a fix to the deployment instructions for the supabase-grafana monitoring application.

If you're ingesting the metrics endpoint into your pre-existing managed infrastructure without using the supabase-grafana app, this change does not affect you. If you're running the supabase-grafana app using the docker-compose mechanism, you are also not affected.

Fly applications launched off the repository between December 10, 2023, and May 16, 2024 are impacted, and will experience:

  • Fly application being shut down after periods of inactivity of a few minutes (default Fly.io behaviour)
  • Historical data will not be persisted after such a shutdown

The fix to the deployment instructions ensures that a persistent volume is created to store the data on, which prevents loss in case of a machine shutdown or restart. Additionally, autoshutdown behaviour is disabled, in order to prevent the app from being paused due to inactivity.

In order to fix an existing, already deployed Fly application, you can edit its configuration to disable auto_stop_machines, and create a persistent volume, and mount it at /data (similar to the updated deployment instructions). Please note that as the newly created persistent volume will be empty to start, any existing metrics data will not be preserved as part of this change. If doing so is necessary, you can initially mount it at a separate path, copy the data over, and finally mount it at /data.

If you need further help, please reach out to Support via https://supabase.help

Conversational AI assistant in the SQL Editor

This was previously behind a feature flag but we're now making this available by default, which will replace the existing single prompt UI that you saw previously at the top of the SQL editor. Once again, thank you all so much for the feedback that you've left us - we really appreciate them and they definitely do help in guiding us towards the ideal dashboard experience for everyone. 🙂🙏

We're also aware that the feature preview functionality is missing in the local set up - rest assured we're looking into it and hope to get a fix out soon for everyone!

PR: https://github.com/supabase/supabase/pull/23142

Link: https://supabase.com/dashboard/project/_/sql

A step towards slightly more contextual error messages

A topic that came up in one of our discussions internally was regarding self-serviceability, and we realised that our error messages could do a much better job than just informing users what the error is about - especially when their errors from Postgres directly and the messages could be slightly cryptic for those not familiar with Postgres (yet 😉). The PR linked here is just a small idea and example for what we plan to do with error messages in the future, by giving users more context about the errors like possible solutions and links to relevant documentation. Hopefully this will make using the dashboard slightly more easier 🙂

PR: https://github.com/supabase/supabase/pull/23135

Link: https://supabase.com/dashboard/project/_/editor

Other improvements and bug fixes

Branching

  • Disable branch reset while branch is initializing (PR)

Database

  • Allow searching for schema and tables when creating indexes (PR)
  • Allow SQL language for writing database functions (PR)

Here’s everything we shipped during our GA week:

Day 1 - Supabase is officially launching into General Availability (GA)

Supabase has moved to General Availability (GA) with over 1 million databases under management and over 2,500 databases launched daily. We’ve been production ready for years and now we are fully confident that we can help every customer become successful, from weekend projects to enterprise initiatives at organizations like Mozilla, 1Password, and PwC.

Full announcement | Video announcement | X space

Day 2 - Supabase Functions now supports AI models

Supabase Functions has added a native API that makes it easy to run AI models within your functions while removing nasty cold starts. You can use the gte-small embedding model to generate text embeddings or bring your own Ollama server to tap into many more embedding models and Large Language Models (LLMs) like Llama3 and Mistral. Soon we’ll provide hosted Ollama servers so you won’t have to manage them yourselves for a more seamless experience.

Blog post | Video announcement | X space

Day 3 - Supabase Auth now supports Anonymous sign-ins

Supabase Auth heard your requests and went to work building anonymous sign-ins which enable you to create temporary users that have yet to sign up for your application. This lowers the friction for visitors to use your application while making it easy to convert them to permanent users once they’re hooked.

Blog post | Video announcement | X space

Day 4 - Supabase Storage now supports the S3 protocol

Supabase Storage already has standard and resumable uploads and now supports the industry standard S3 protocol enabling multipart upload and compatibility with a myriad of tools such as AWS CLI, Clickhouse, and Airbyte for a wide array of use cases.

Blog post | Video announcement | X space

Day 5 - Supabase Security & Performance Advisor

Supabase has managed over 1 million databases over the last four years and has seen all manner of use cases with common pitfalls that we’re helping our customers address with our Security, Performance, and Index Advisors. These Advisors will help to surface and fix insecure database configurations and recommend database and query optimizations to keep your database secure and performant for your mission critical workloads.

Blog post | Video announcement | X space

GA Week Hackathon Winners

We are delighted that so many high quality projects were submitted but in the end there could only be one Best Overall Project. The decision wasn’t easy but the Supabase panel of judges chose vdbs (vision database SQL) for the honorific. Congratulations 👏 to @xavimonp who will receive the prize of Apple AirPods.

Full list of winners | All the submissions

One more thing from GA Week

Just kidding, there’s always more than one. Here’s more awesome things we shipped:

Community Highlights

  • Changing Databases 5 Times in 48 Hours Boosted Our Launch to 35,000 Views [Article]
  • Crazy new Supabase feature: Understand and learn about anonymous users [Video]
  • Support unstructured data in Postgres with JSON columns [Video]
  • Build an AI-powered blogging platform (Next.js, Langchain & CopilotKit) [Article]
  • How to Secure Your Supabase Database and Storage [Blog post]
  • Self-host Protomaps PMTiles on Supabase Storage [Video]
  • Supabase Realtime - How to deal with multiplayers in Next.js [Blog post]
  • The Hard Parts of Building an Application, Made Easy with Supabase [Article]

This discussion was created from the release Developer Updates - April 2024.

You can now use JSR packages in your Edge Functions. JSR is a modern package registry for JavaScript and TypeScript created by the Deno team. With JSR support, you can use the latest versions of popular Deno packages like Oak.

How to use:


_10
import { Application } from "jsr:@oak/oak/application";
_10
import { Router } from "jsr:@oak/oak/router";

For local development, you will need to update Supabase CLI for the version v1.166.1 or above.

Edge Functions also supports using NPM and deno.land/x packages. If you are already using them, no changes are needed.

Other improvements and bug fixes

We've been focusing on improving existing features on the dashboard and fixing some issues over the past week, so while we've got nothing shiny to shout out about, here's still a list of things that we've shipped! 🙂 As always, feel free to let us know if there's something that you guys really want to see in the dashboard - we'll see how we can make it happen 😉

General

  • Feedback widget will not clear its contents when closing until explicitly cleared or submitted [PR]

Table Editor

  • Reinstate link button for foreign keys in table editor side panel [PR]
  • Fix creating foreign key on new column after changing column's name [PR]

SQL Editor

  • Set column width of results to be relative to column content length [PR]

Authentication

  • Added Create policy CTA under each table for convenience [PR]

Storage

  • Added file size validation against project's upload limit when uploading files in dashboard [PR]

Database

  • Query performance: Fix searching via role and query [PR]
  • Query performance: Add db inspect docs link for visibility to aid in helping identify potential Postgres issues [PR]
  • Enumerated types: clean up form field when reopening create enumerated type panel [PR]
  • Tables: Add ellipses to table descriptions to prevent odd wrapping for long descriptions [PR]

Supabase GA Week just wrapped up but the shipping doesn't! This just summarises what have been shipped over the last week - and more 😉

Auth support for anonymous sign-ins

Supabase Auth now supports anonymous sign-ins, which can be used to create temporary users who haven’t signed up for your application yet! This lowers the friction for new users to try out your product since they don’t have to provide any signup credentials.

Read more about this here

PR: https://github.com/supabase/supabase/issues/21813

Link: https://supabase.com/dashboard/project/_/settings/auth

Storage support for S3 protocol

Supabase Storage is now officially an S3-Compatible Storage Provider, and now you can use any S3 client to interact with your buckets and files: upload with TUS, serve them with REST, and manage them with the S3 protocol.

Read more about this here

PR: https://github.com/supabase/supabase/issues/22620

Link: http://supabase.com/dashboard/project/_/settings/storage

3 new advisors to your database

We've added a Security Advisor, a Performance Advisor and a bonus Index Advisor as tools that can help improve your database, more specifically:

  • Security Advisor: for detecting insecure database configuration
  • Performance Advisor: for suggesting database optimizations
  • Index Advisor: for suggesting indexes on slow-running queries

Read more about them here!

PR: https://github.com/supabase/supabase/issues/22842

Link: http://supabase.com/dashboard/project/_/database/security-advisor

4 new database foreign data wrappers

We've added support for data wrappers with Auth0, Cognito, Microsoft SQL Server, and Redis! Connect to these external data sources and query them directly from your database.

PR: https://github.com/supabase/supabase/pull/22289

Link: https://supabase.com/dashboard/project/_/database/wrappers

Updating of some projects pages to more appropriate sections

We've renamed and shifted a couple of pages within a project to sections which we believe are more appropriate and relevant. These include:

We've also added more appropriate sections within the Database section in hopes to make things easier to find!

PR: https://github.com/supabase/supabase/issues/22835

Link: https://supabase.com/dashboard/project/_

An option to submit a request to delete your account

If comes the day that you'd no longer want to use Supabase anymore (hopefully not!) and want to be removed from our systems entirely, feel free to submit a request to delete your account through the account preferences page.

PR: https://github.com/supabase/supabase/pull/22486

Link: [https://supabase.com/dashboard/account/me](https://supabase.com/dashboard/account/me

Other improvements and bug fixes

General

  • Added project connection instructions for Vite [PR]

Join us for a Special Announcement April 15-19

We’re making a Special Announcement on April 15th with a few more surprises throughout the week. Claim your ticket today so you don’t miss out and enter for a chance to win a set of AirPods Max.

Claim your ticket

Increased Supavisor connection pooler limits

We’ve increased the Supavisor client connection limits, the number of concurrent clients that can connect to your project’s pooler, for projects on Small, Medium, Large, and XL compute instances while pricing remains unchanged.

Announcement

Conversational AI assistant now available in SQL Editor

Introducing a conversational AI assistant in the SQL Editor to help you write and iterate on your queries. This is currently under a feature preview and can be enabled with instructions here.

Announcement

Supavisor pooler port 6543 is transaction-mode only

We’re simplifying Supavisor connection pooler ports and modes so that port 6543 is only transaction mode and port 5432 continues to be only session mode. If you have pool mode set to session we recommend you switch to pooler port 5432 and set the mode to transaction.

Pull request

Migration to v2 platform architecture

You may have noticed improved performance from your database over the last couple of weeks. We made some architectural changes to free up resources for your Postgres instance by removing Storage, Realtime, and Pgbouncer from your instance and each are replaced with an equivalent multi-tenant solution, including our new Supavisor connection pooler.

Announcement

Implementing semantic image search with Amazon Bedrock and Supabase Vector

In this post we'll be creating a Python project to implement semantic image search featuring Amazon Bedrock and Amazon Titan’s multimodal model to embed images and Supabase Vecs client library for managing embeddings in your Supabase database with the pgvector extension.

Blog post

Quick Product Announcements

  • [Postgres Tooling] vector (pgvector) upgraded to v0.6.2 enables faster HNSW index builds using more parallel workers [Commit]
  • [Postgres Tooling] pg_cron upgraded to v1.6.2 enables sub-minute schedules [Pull request]

Made With Supabase

  • location-tRacer - Supabase Realtime live location sharing app [GitHub]
  • Talk to your docs - An example agent providing help on your GitHub documentation [GitHub]
  • Feedbase - Open-source solution for collecting feedback & communicating updates [GitHub]
  • Wacky Wordcraft - Create wacky stories with some help from AI [Twitter]
  • Capgo - Instant updates for Capacitor apps. Ship updates, fixes, changes, and features within minutes [Website]

Community Highlights

  • Building an Investor List App with Novu and Supabase [Blog post]
  • 3 reasons you should use Postgres Functions and Transactions [Video]
  • Add image support to Flutter web application with Supabase Storage [Video]
  • How to set up a secure Supabase project [Blog post]
  • Dynamic Role and Permission Management in Supabase: Enhancing Security and Flexibility [Blog post]
  • Simulate Supabase Postgres RLS (Row Level Security) [Blog post]
  • Monitor Supabase databases and Edge Functions [Blog post]

This discussion was created from the release Platform Updates: March 2024.

Update

Discussion has been updated with solution chosen.

Realtime Authorization for Broadcast and Presence is now available in Public Beta.

See the official documentation.


Overview

This post explains how authorization works for Realtime Broadcast and Realtime Presence.

This allows you (the developer) to control access to Realtime Channels. We use Postgres Row Level Security to manage access. Developers create Policies which allow or deny access for your users.

Usage

Creating Realtime Policies

Using Studio’s SQL editor you can set RLS rules against the table realtime.messages which will define the rules for your users.


_10
CREATE POLICY "presence sync and broadcast listen to authenticated users"
_10
ON realtime.messages FOR SELECT
_10
TO authenticated
_10
USING ( true );
_10
_10
CREATE POLICY "presence track and broadcast send to authenticated users"
_10
ON realtime.messages FOR INSERT
_10
TO authenticated
_10
WITH CHECK ( true );

Since you are using RLS policies you can do more complex examples.

In a scenario where you have a schema with a table for rooms and one that creates an association between rooms and users.

Example schema to be used in RLS policies

We'll use this example schema to be showcase RLS policies limiting Realtime functionality

We can build more complex RLS rules using this information:


_26
-- Set permission for authenticated users to only listen for Broadcast messages
_26
CREATE POLICY "authenticated can listen to broadcast only on their topics"
_26
ON realtime.messages FOR SELECT
_26
TO authenticated
_26
USING (
_26
exists(
_26
select 1
_26
from public.rooms r join public.rooms_users ru on r.id = ru.room_id
_26
where ru.user_id = auth.uid()
_26
and r.name = realtime.topic()
_26
and realtime.messages.extension = 'broadcast'
_26
)
_26
);
_26
-- Set permission for authenticated users to only write for Broadcast messages
_26
CREATE POLICY "authenticated can write to broadcast only on their topics"
_26
ON realtime.messages FOR INSERT
_26
TO authenticated
_26
WITH CHECK (
_26
exists(
_26
select 1
_26
from public.rooms r join public.rooms_users ru on r.id = ru.room_id
_26
where ru.user_id = auth.uid()
_26
and r.name = realtime.topic()
_26
and realtime.messages.extension = 'broadcast'
_26
)
_26
)

Testing Authorization

Now to test it we can use a quick deno script by creating a index.ts


_21
// Run with deno run --allow-net --allow-env --allow-read --allow-ffi index.ts
_21
import { createClient } from "npm:@supabase/[email protected]";
_21
const url = "https://<project_ref>.supabase.com";
_21
const apikey = "<api_key>";
_21
_21
const client = createClient(url, apikey);
_21
_21
const channel = client.channel("channel_1", {
_21
config: { broadcast: { self: true }, private: true},
_21
});
_21
channel
_21
.on("broadcast", { event: "test" }, (payload) => console.log(payload))
_21
.on("presence", { event: "join" }, (payload) => console.log(payload))
_21
.on("presence", { event: "leave" }, (payload) => console.log(payload))
_21
.subscribe((status: string, err: any) => {
_21
if (status === "SUBSCRIBED") {
_21
console.log("Connected!");
_21
} else {
_21
console.error(err);
_21
}
_21
});

This will return an error with the message You do not have permissions to read from this Topic

But if we change our code to pass along an authenticated user, then we will be able to connect and receive / send messages.


_28
import { createClient } from "npm:@supabase/[email protected]";
_28
const url = "https://<project_ref>.supabase.co";
_28
const apikey = "<api_key>";
_28
_28
const client = createClient(url, apikey);
_28
_28
await client.auth.signInWithPassword({
_28
email: "<email>",
_28
password: "<password>",
_28
});
_28
_28
client.realtime.setAuth(
_28
(await client.auth.getSession()).data.session.access_token
_28
);
_28
const channel = client.channel("channel_1", {
_28
config: { broadcast: { self: true }, private: true },
_28
});
_28
channel
_28
.on("broadcast", { event: "test" }, (payload) => console.log(payload))
_28
.on("presence", { event: "join" }, (payload) => console.log(payload))
_28
.on("presence", { event: "leave" }, (payload) => console.log(payload))
_28
.subscribe((status: string, err: any) => {
_28
if (status === "SUBSCRIBED") {
_28
console.log("Connected!");
_28
} else {
_28
console.error(err);
_28
}
_28
});

Do not forget that RLS policies can use other tables in them so this will give you all the flexibility you need to better fit your use case but be aware of the performance impact of heavy RLS queries or non-indexed fields.

Migrating from Public Channels

On connect, you need to send in the configuration that the channel will be private: true

Client library

We’re working on the next version actively so we can provide a good developer experience.

Please check the latest next version at https://www.npmjs.com/package/@supabase/realtime-js?activeTab=versions

This library as changed the configuration settings to add private: true on channel connect to determine if the user will be connecting an RLS checked channel.

How it works

Connection context

When you connect with Realtime we set a connection configuration with your JWT, Topic and Headers using the following query:


_10
SELECT
_10
set_config('role', $1, true),
_10
set_config('realtime.topic', $2, true),
_10
set_config('request.jwt', $4, true),
_10
set_config('request.jwt.claims', $6, true),
_10
set_config('request.headers', $7, true)

This query is only run when you connect to a topic.

We’re also providing a new function to easily fetch the realtime.topic configuration with


_10
SELECT realtime.topic();
_10
_10
-- Usage example
_10
CREATE POLICY "authenticated users can only write to topic named foo"
_10
ON realtime.messages FOR INSERT
_10
TO authenticated
_10
WITH CHECK ( realtime.topic() = 'foo' );

Applying RLS Policies

To achieve RLS checks on your Realtime connection we created a new table in the realtime schema to which you will be able to write RLS rules against it to control your topics extensions.

You won’t see any entries recorded in this table as we rollback the changes made to test out RLS policies to avoid creating clutter in your database.

Supavisor, Supabase's multi-tenant connection pooler deployed to regional clusters, became production ready back in December 2023. You can read the announcement here.

Since then, we've migrated Supabase projects from PgBouncer, single tenant connection pooler deployed to the project's instance, to Supavisor.

However, we kept the previous client connection limits from PgBouncer during the transition across all compute instances.

Today, we're happy to announce that we've increased this limit for compute instances Small, Medium, Large, and XL so your projects can take advantage of additional client connections while pricing remains unchanged. These new limits have already been applied to all existing projects and any new projects spun up.

Here's a quick breakdown:

Compute SizePrevious Client LimitsNew Client Limits
Small200400
Medium200600
Large300800
XL7001,000

For a more complete breakdown of your compute instance resources head over to the Compute Add-ons page.

Update to the UI for RLS policies

image

We've been looking into improving the UX for the RLS policy UI after going through feedback of the community's struggles with RLS in general, and this is the next step that we're taking to streamline the UX.

What we're calling as a "hybrid" editor (for now), you'll be able to see the corresponding SQL query for creating or updating your RLS policies while you're editing the policy via the input fields. And if you'd like even greater control, there's always the "Open in SQL Editor" button as an escape hatch where you can edit the SQL query in its entirety.

Templates are now right beside the editor as well, so you no longer have to click back and forth between templates and the editor.

We've always seen the dashboard as more than just a database adminstration tool, but also potentially an educational platform for developers to pick up the SQL language as they build out their database, and we hope that the changes here will help make that even easier.

PR: https://github.com/supabase/supabase/pull/21806

Link: https://supabase.com/dashboard/project/_/auth/policies

Connection pooler on port 6543 is set to transaction mode permanently

Previously, connection pooler's port 6543 can be set to either transaction or session mode under your project's database settings. This change makes it easier to distinguish between pooler modes and ports by only enabling transaction mode on port 6543 while maintaining session mode on port 5432.

If your using port 6543 and your project's pooler mode is transaction then you won't be able to set the mode to session. You can use port 5432 for session mode.

If your using port 6543 and your project's pooler mode is session then we strongly advise that you use port 5432 for session mode and change the mode to transaction. Once this setting is saved you won't be able to set session mode on port 6543.

PR: https://github.com/supabase/supabase/pull/22150

Link: https://supabase.com/dashboard/project/_/settings/database#connection-pooler

Other improvements and bug fixes

[General]

  • Home page connect modal fix broken link under pooler mode to Database Settings [PR]
  • Fix toast messages to handle really long messages, and support closing them in such scenarios [PR]

[Auth]

  • Fix applying table privileges to incorrect table if there any more than 1 table with the same name in different schemas [PR]

[Table Editor]

  • Prevent updating RLS via GUI for tables under protected schemas [PR]
  • Support updating column "is unique" when editing table in side panel [PR]
  • Fix support NULL values when importing data via CSV text [PR]
  • Ensure that table and column names are trimmed for whitespaces when saving [PR]

[Storage Explorer]

  • Fix delete bucket modal styling when bucket name is long [PR]
  • Fix deleting parent folder not deleting child folders despite child folders being empty [PR]

[Database Pages]

  • Fix inability to manage foreign keys [PR]
  • Validate enumerated types to ensure names do not conflict with native PG data type names [PR]
  • Validate enumerated types to ensure names do not conflict with native PG data type names [PR]
  • Fix Stripe foreign data wrapper to support selecting a rowid_column, addresses the issue of not being able to update stripe foreign tables [PR]

In our previous platform architecture, our Storage, Realtime, and connection pooler (PgBouncer) services were bundled together, with a single instance of each service per project.

For our v2 architecture, we’ve “unbundled” these services, moving to a multi-tenant model, where a single instance of each service serves many projects:

This frees up as much resources as possible for your Postgres databases, while enabling us to offer more resource intensive features for these services, and opens the door to capabilities such as zero-downtime scaling.

With Supavisor replacing PgBouncer, along with some other key optimizations, the final pieces of our v2 architecture are now ready.

We’ve already fully rolled out our v2 architecture to paid plan projects. You now have more resources available, for the same price that you’ve been paying.

Free plan gradual rollout (20 March 2024 onwards)

  • 20 March 2024: Newly created or unpaused projects will use v2 architecture
  • 28 March 2024: Existing projects will start being migrated to v2 architecture

This will be a gradual rollout - we will email you at least one week before your project is scheduled to be migrated.

Your action for projects scheduled to be migrated

For newly created or unpaused projects on the Free Plan, no action is required.

For existing projects on the Free Plan, up to a few minutes of downtime is expected for the migration. For each of your projects, we’ll identify the 30-minute maintenance window where your project had the least database queries over the previous 10 weeks.

You have two choices:

  • Automatic Migration: If you don't take any action, we plan to do the migration automatically during that maintenance window with the least historical activity.
  • Manual Migration: Any time before that, you can go to Project Settings > General to see whether/when the maintenance window is scheduled (timings will also be included in the email). There, you may choose to manually restart the project yourself, at a time that is convenient for you. Your project will be restarted on v2 architecture.

Conversational AI assistant now available as part of the SQL Editor

As part of our ongoing efforts to introduce the AI assistant across the dashboard, we're bringing the AI assistant to the SQL Editor next! Some of you might have already been using the AI assistant in the SQL Editor through the green bar at the top of the editor - we're sprucing it up by extending it further to a conversational UX. Go back and forth with the assistant and apply the code snippets that you deem to be the most appropriate!

This is currently under a feature preview - you may enable this feature by clicking on the user icon while in a project at the bottom of the side navigation bar and selecting "Feature previews". From there just enable the preview under "SQL Editor Conversational Assistant". And as always, we're incredibly open to any feedback for this, so give us a shout right here!

PR: https://github.com/supabase/supabase/pull/21388

Link: https://supabase.com/dashboard/project/_/sql/new

Other improvements and bug fixes

Table Editor

  • Fix creating a table will automatically trim for whitespaces (PR)

SQL Editor

  • Fix snippet names not truncating (PR)

Auth Policies

  • Fix error message not surfacing in new RLS UI from feature preview (PR)

Database Functions

  • Fix light mode styling for code editor (PR)

Matryoshka Embeddings: Faster OpenAI Vector Search Using Adaptive Retrieval

Learn about how OpenAI’s newest text embeddings models, text-embedding-3-small and text-embedding-3-large, are able to truncate their dimensions with only a slight loss in accuracy.

Blog post

Easily Connect to Supabase Projects From Frameworks and ORMs of Your Choice

Connect to Supabase from any framework or ORM with our new “Connect” panel in Studio. This displays simple setup snippets that you can copy and paste into your application. We’ve started with a selection of popular frameworks and ORMs and you can request more by feature request or pull request.

Pull request

PostgREST Aggregate Functions

PostgREST v12 has been released, and with it, comes the release of the highly requested aggregate functions, avg(), count(), sum(), min(), and max(), that is used to summarize data by performing calculations across groups of rows.

Blog post

Terraform Provider to Manage Resources on Supabase Platform

We’ve created an official Supabase Provider for Terraform to version-control your project settings in Git. You can use this provider in CI/CD pipelines to automatically provision projects and branches and keep configuration in code.

Learn more

Support for Composite Foreign Keys in Table Editor

We've shifted the management of foreign keys into the Table Editor’s side panel so you can easily see all foreign keys pertaining to a table as well as referencing columns to composite foreign keys.

Pull request

Build a Content Recommendation App With Flutter and OpenAI

Learn about how we built a movie listing app that recommends another movie based on the movie that a user is currently viewing built with Supabase, Flutter, and OpenAI.

Blog post

Load Testing Supabase

Performance testing evaluates a system's compliance with its performance requirements. It reveals your app’s ability to handle user load, unexpected spikes, or recover from stressful workloads. In this blog post you will learn about how we automated our performance testing.

Blog post

More Studio Updates

  • Collapsible main sidebar navigation [PR]
  • Create charts from SQL Editor [PR]
  • Resizable main tabs in Table Editor and SQL Editor [PR]
  • View user metadata from the dashboard [PR]
  • Bulk delete SQL Editor snippets [PR]
  • Query Performance updates [PR]
  • Choose a compute option when creating a project (Paid organizations only) [PR]
  • Logs Explorer facelift [PR]

Quick Product Announcements

  • [Auth] Require AAL2 to enroll additional factors for MFA enrollment [PR]
  • [Storage] Increased maximum file upload size to 50GB for paid plans [PR]

Made With Supabase

  • Inkvestigations is a webgame using LLM technology (currently GPT) to create interactive mystery games [GitHub]
  • MathPuzzles- a multiplayer game to outsmart your friends [GitHub]
  • Create a recipe app with Nowa [Article]
  • Open-source AI wearable device that captures what you say and hear [GitHub]
  • Brick yourself - turn yourself into a mini-figure [Website]

Community Highlights

  • SupaVlog: Vlog Application Starter Kit Built with Supabase, Stream, Hookdeck, and Next.js [Article]
  • Chat with Supabase PostgreSQL using AI [Article]
  • How to implement Google sign-in on Flutter with Supabase on iOS, Android and the Web [Video]
  • They're Making Supabase Better... [Video]
  • How to send welcome emails with Supabase edge functions and database triggers [Article]
  • How to Create Email Signup and Login Screens in React Native (Expo), ExpressJS, and Supabase [Article]
  • Integrating Supabase with Flutterflow [Video]
  • Join the #SupaBuilders movement and never get your project paused again!

This discussion was created from the release Platform Updates: February 2024.

Templates added to new RLS assistant

If you're not aware yet, we previously created a new RLS UI that comes integrated with the Supabase Assistant to (hopefully) help everyone write RLS policies easier and faster. This is currently still a feature preview which you can enable by clicking on your user profile at the bottom of the side navigation bar. We're continuously trying to see how we can improve this to make it a much better UX than the current existing RLS policy user flow.

The first gap that we're trying to address is the ease of referencing existing templates that just work out of the box from the current RLS policy flow - those proved to be really useful when trying to understand the syntax of writing policies, and so we added that in to the new RLS UI. Not just that but we also added more complex templates that work better in the new UI than the current one!

The next item that we're looking into is to see what minimal guard rails we can add to make writing RLS policies even less intimidating since the new UI expects only SQL input. One of the aims of the dashboard is to guide our users to not be afraid of SQL no matter the level of proficiency and we hope that we'll be able to cook up the ideal UX that will allow everyone to write SQL with confidence.

PR: https://github.com/supabase/supabase/pull/21447

Link: https://supabase.com/dashboard/project/_/auth/policies

Collapsible navigation bar

https://github.com/supabase/supabase/assets/8291514/070cb030-d249-404d-82cd-3ba92d9309f3

We received many feedback that the icons alone in the navigation bar are not too intuitive in understanding what page they're navigating too. So finally, we're adding some textual cues that show up on hover to the navigation bar in hopes to make navigating around the dashboard easier!

PR: https://github.com/supabase/supabase/pull/21550

Link: https://supabase.com/dashboard/project/_

Make charts in the SQL editor

For the users who leverage on SQL to analyze data, this should be useful for you! You can now plot your data points through the SQL editor after running your query. Choose which columns to be your axes and you're good to go. As always - feel free to drop any feedback for us on this! We're keen to see how else we can make this feature better and stronger 😄

PR: https://github.com/supabase/supabase/pull/21638

Link: https://supabase.com/dashboard/project/_/sql/new

Foreign Key Management re-introduced into the Column side panel editor

We previously made an update in the Table Editor to shift the management of foreign keys to the table editor as an effort to properly support composite foreign keys. This understandably caused the UX to suffer as we received many feedback around creating simple 1:1 foreign key relations much more troublesome. We've thus re-introduced being able to manage your foreign keys while editing a column! Thank you so much for everyone's feedback around this - it's something that we genuinely appreciate our community for! 🙏

PR: https://github.com/supabase/supabase/pull/21683

Link: https://supabase.com/dashboard/project/_/editor

Toggle intellisense for the SQL editor

Intellisense for the SQL editor was always enabled by default for everyone, but we're now making this a toggleable feature - this is more specifically useful for large projects with many tables as we've noticed the amount of data we try to load into intellisense causes the SQL editor to slow down noticeable (likely due to browser memory issues).

PR: https://github.com/supabase/supabase/pull/21643

Link: https://supabase.com/dashboard/project/_/sql/new

Other improvements and bug fixes

Schema Visualizer

  • Added legends to the schema visualizer and align icons properly [PR]

March Beta 2021

Apr 6, 2021

Launch week, Storage, Supabase CLI, Connection Pooling, Supabase UI, and Pricing. Here's what we released last month.

This is also available as a blog post and a video demo.

Supabase Storage

Need to store images, audio, and video clips? Well now you can do it on Supabase Storage. It's backed by S3 and our new OSS storage API written in Fastify and Typescript. Read the full blog post.

Connection Pooling

The Supabase API already handles Connection Pooling, but if you're connecting to your database directly (for example, with Prisma) we now bundle PgBouncer. Read the full blog post.

React UI Component Library

We open sourced our internal UI component library, so that anyone can use and contribute to the Supabase aesthetic. It lives at ui.supabase.io . It was also the #1 Product of the Day on Product Hunt.

CLI

Now you can run Supabase locally in the terminal with supabase start. We have done some preliminary work on diff-based schema migrations, and added some new tooling for self-hosting Supabase with Docker. Blog post here.

OAuth Scopes

Thanks to a comunity contribution (@_mateomorris and @Beamanator), Supabase Auth now includes OAuth scopes. These allow you to request elevated access during login. For example, you may want to request access to a list of Repositories when users log in with GitHub. Check out the Documentation.

Kaizen

  • You can now manage your PostgREST configuration inside the Dashboard.
  • Our website has been redesigned. Check out our new Homepage and Blog, and our new Database, Auth, and Storage product pages.
  • We refactored some of our Filter methods to make them even easier to use. Check out the Full Text Search refactor.
  • We have added several new sections to our Docs including: Local Dev, Self Hosting, and Postgres Reference docs (all still under development).

Supabase is an open source Firebase alternative. We've now been building for one year. Here's what we released last month.

This is also available as a blog post and a video demo.

Dashboard Sidebars

We've improved the UX of our Dashboard with sidebars in every section, including the Table view, the Auth section, and the SQL Editor.

SQL Autocomplete

Writing SQL just got 10x easier. We added autocomplete to the SQL editor, including table & column suggestions.

Auth Redirects

Redirect your users to specific route within your site on signIn() and signUp().

Redirect your users after sign up

Learning Resources

We've released a new Resources section in our docs, as well as two new Auth modules: GoTrue Overview and Google OAuth.

New Region

Launch your database in South Africa.

Kaizen

New year, new features. We've been busy at Supabase during January and our community has been even busier. Here's a few things you'll find interesting.

This is also available as a blog post and a video demo.

Count functionality

Anyone who has worked with Firebase long enough has become frustrated over the lack of count functionality. This isn't a problem with PostgreSQL! Our libraries now have support for PostgREST's exact, planned, and estimated counts. A massive thanks to @dshukertjr for this adding support to our client library.

New Auth Providers

We enabled 2 new Auth providers - Facebook and Azure. Thanks to @Levet for the Azure plugin, and once again to Netlify's amazing work with GoTrue to implement Facebook.

Auth Audit Trail

We have exposed the audit trail directly in the dashboard, as well as the GoTrue logs. Great for security and debugging.

Auth UI widget

In case our Auth endpoints aren't easy enough already, we've built a React Auth Widget for you to drop into your app and to get up-and-running in minutes.

New auth.email() function

We added a helper function for extracting the logged in user's email address.

New Regions

Launch your database in London or Sydney!

Launch your database in London or Sydney

Copy rows as Markdown

You can now copy SQL results as Markdown - super useful for adding to blogs and issues.

React server components

If you're excited by React Server components then check out the Supabase + Server Components experimental repo. https://github.com/supabase/next-server-components

Learn

We know that Auth can be a bit daunting when you're just starting out, so we have created some intro videos to get you up to speed in no time:

Kaizen

  • Performance: We migrated all of our subdomains to Route53, implementing custom Let's Encrypt certs for your APIs. As a result, our read benchmarks are measuring up 12% faster.
  • Performance: We upgrade your databases to the new GP3 storage for faster and more consistent throughput.

After 10 hectic months of building, Supabase is now in Beta.

This is also available as a blog post and a video demo.

Supabase is now in Beta

We spent months working on Performance, Security, and Reliability. Read more on our Beta Page.

This image shows our Beta Page

Improve your docs inline

Add comments and descriptions to your Tables directly from our auto-generated docs.

Table View now has realtime changes

Any updates that happen to your database are reflected in the Table View immediately.

Table Pagination

Our table view now has pagination - better for working with large data sets.

Supabase raised a Seed Round

We raised $6M from Y Combinator, Mozilla, and Coatue. You can read more on TechCrunch.

Kaizen

  • Supabase is now 26% faster in regions which support Graviton (1460 reqs/s up from 1167 reqs/s)
  • We launched a new region in Sao Paulo.
  • Postgres Array Support. You can now edit Native Postgres array items in the grid editor or the side panel.
  • We added better support for your custom Database Types.
  • Fixed some buggy keyboard commands. We're continuously improving key commands in the Table editor.

Build in a weekend, scale to millions