Data API
The Supabase Data API is a standalone server that sits between your application client code and your database. It automatically generates a fully RESTful API based on your database structure, allowing you to interact with your database through HTTP endpoints.
With the Data API, you have granular control over exposure: expose specific tables and functions by granting Data API roles the access they need, or enable Default privileges for new entities to automatically grant access to new tables and functions in public.
Any table that is exposed through the Data API should have Row Level Security (RLS) enabled to prevent unauthorized data access.
Expose specific tables and functions (recommended)#
In Data API integrations settings, expose specific tables and functions and grant only the privileges each role needs.
1grant select on table public.your_table to anon;2grant select, insert, update, delete on table public.your_table to authenticated;3grant execute on function public.your_function to anon, authenticated;Use default privileges for new entities in public#
If you want new entities in public to be accessible automatically, enable Default privileges for new entities in the Integrations > Data API section of the Dashboard. This applies only to new tables and functions in public.
1alter default privileges for role postgres in schema public2grant select, insert, update, delete on tables to anon, authenticated, service_role;34alter default privileges for role postgres in schema public5grant execute on functions to anon, authenticated, service_role;Disable the Data API completely#
If your app never uses Supabase client libraries, REST, or GraphQL data endpoints:
- In the Integrations > Data API section of the Dashboard.
- Turn Enable Data API off.
Learn more#
To learn more about the Data API, see the full guide.