Skip to main content


A config.toml file is generated after running supabase init.

This file is located in the supabase folder under supabase/config.toml.



A string used to distinguish different Supabase projects on the same host. Defaults to the working directory name when running supabase init.

  • Required: true
  • Default: None

Auth Settings


The base URL of your website. Used as an allow-list for redirects and for constructing URLs used in emails.


A list of exact URLs that auth providers are permitted to redirect to post authentication.


How long tokens are valid for, in seconds. Defaults to 3600 (1 hour), maximum 604,800 seconds (one week).


Allow/disallow new user signups to your project.

Allow/disallow new user signups via email to your project.

If enabled, a user will be required to confirm any email change on both the old, and new email addresses. If disabled, only the new email is required to confirm.

If enabled, users need to confirm their email address before signing in.


Use an external OAuth provider. The full list of providers are:

  • apple
  • azure
  • bitbucket
  • discord
  • facebook
  • github
  • gitlab
  • google
  • twitch
  • twitter
  • slack
  • spotify


Client ID for the external OAuth provider.


Client secret for the external OAuth provider.

API Settings


Port to use for the API URL.


Extra schemas to add to the search_path of every request.


The maximum number of rows returned from a view, table, or stored procedure. Limits payload size for accidental or malicious requests.

Database Settings


Port to use for the local database URL.


The database major version to use. This has to be the same as your remote database's. Run SHOW server_version; on the remote database to check.

Dashboard Settings


Port to use for Supabase Studio.

  • Required: true
  • Default: 54323

Local Development


Port to use for the email testing server web interface.

Emails sent with the local dev setup are not actually sent - rather, they are monitored, and you can view the emails that would have been sent from the web interface.