This reference documents every object and method available in Supabase's isomorphic JavaScript library, supabase-js. You can use supabase-js to interact with your Postgres database, listen to database changes, invoke Deno Edge Functions, build login and user management functionality, and manage large files.
You can install @supabase/supabase-js via the terminal.
npm install @supabase/supabase-js
You can install @supabase/supabase-js via CDN links.
<script src="https://cdn.jsdelivr.net/npm/@supabase/supabase-js@2"></script> //or <script src="https://unpkg.com/@supabase/supabase-js@2"></script>
You can use supabase-js in the Deno runtime via esm.sh:
import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
Create a new client for use in the browser.
You can initialize a new Supabase client using the createClient() method.
The Supabase client is your entrypoint to the rest of the Supabase functionality and is the easiest way to interact with everything we offer within the Supabase ecosystem.
The unique Supabase URL which is supplied when you create a new project in your project dashboard.
The unique Supabase Key which is supplied when you create a new project in your project dashboard.
Automatically refreshes the token for logged-in users. Defaults to true.
Detect a session from the URL. Used for OAuth login callbacks. Defaults to true.
Whether to persist a logged-in session to storage. Defaults to true.
A storage provider. Used to store the logged-in session.
Optional key name used for storing tokens in local storage.
The Postgres schema which your tables belong to. Must be on the list of exposed schemas in Supabase. Defaults to `public`.
A custom `fetch` implementation.
Optional headers for initializing the client.
Options passed to the realtime-js instance
import { createClient } from '@supabase/supabase-js'
// Create a single supabase client for interacting with your database
const supabase = createClient('https://xyzcompany.supabase.co', 'public-anon-key')supabase-js supports Typescript.
You can use our CLI to generate types:
1supabase start 2supabase gen types typescript --local > lib/database.types.ts
These types are generated directly from your database.
There is a difference between selects, inserts, and updates, because often you will set default values in your database for specific columns.
With default values you do not need to send any data over the network, even if that column is a "required" field. Our type system is granular
enough to handle these situations.
Given a table public.movies, the definition will provide the following data:
interface Database {
public: {
Tables: {
movies: {
Row: {} // The data expected to be returned from a "select" statement.
Insert: {} // The data expected passed to an "insert" statement.
Update: {} // The data expected passed to an "update" statement.
}
}
}
}
You can enrich the supabase client with the types you generated with Supabase.
import { createClient } from '@supabase/supabase-js' import { Database } from 'lib/database.types' const supabase = createClient<Database>( process.env.SUPABASE_URL, process.env.SUPABASE_ANON_KEY )
supabase-js always returns a data object (for success), and an error response (for unsuccessful requests).
This provides a simple interface to get the relevant types returned from any function:
export async function getMovies() {
return await supabase.from('movies').select(`id, title`)
}
type MoviesResponse = Awaited<ReturnType<typeof getMovies>>
export type MoviesResponseSuccess = MoviesResponse['data']
export type MoviesResponseError = MoviesResponse['error']
For advanced queries such as nested tables, you may want to construct your own types.
import supabase from '~/lib/supabase'
import type { Database } from '~/lib/database.types'
async function getMovies() {
return await supabase.from('movies').select('id, title, actors(\*)')
}
type Actors = Database['public']['tables']['actors']['row']
type MoviesResponse = Awaited<ReturnType<typeof getMovies>>
type MoviesResponseSuccess = MoviesResponse['data'] & {
actors: Actors[]
}
Perform a SELECT query on the table or view.
range() queries to paginate through your data.select() can be combined with Filtersselect() can be combined with Modifiersapikey is a reserved keyword if you're using the Supabase Platform and should be avoided as a column name.The columns to retrieve, separated by commas
Named parameters
Count algorithm to use to count rows in the table or view. `"exact"`: Exact but slow count algorithm. Performs a `COUNT(*)` under the hood. `"planned"`: Approximated but fast count algorithm. Uses the Postgres statistics under the hood. `"estimated"`: Uses exact count for low numbers and planned count for high numbers.
When set to `true`, `data` will not be returned. Useful if you only need the count.
const { data, error } = await supabase
.from('countries')
.select()Perform an INSERT into the table or view.
The values to insert. Pass an object to insert a single row or an array to insert multiple rows.
Named parameters
Count algorithm to use to count inserted rows. `"exact"`: Exact but slow count algorithm. Performs a `COUNT(*)` under the hood. `"planned"`: Approximated but fast count algorithm. Uses the Postgres statistics under the hood. `"estimated"`: Uses exact count for low numbers and planned count for high numbers.
const { error } = await supabase
.from('countries')
.insert({ id: 1, name: 'Denmark' })Perform an UPDATE on the table or view.
update() should always be combined with Filters to target the item(s) you wish to update.The values to update with
Named parameters
Count algorithm to use to count updated rows. `"exact"`: Exact but slow count algorithm. Performs a `COUNT(*)` under the hood. `"planned"`: Approximated but fast count algorithm. Uses the Postgres statistics under the hood. `"estimated"`: Uses exact count for low numbers and planned count for high numbers.
const { error } = await supabase
.from('countries')
.update({ name: 'Australia' })
.eq('id', 1)Perform an UPSERT on the table or view. Depending on the column(s) passed
to onConflict, .upsert() allows you to perform the equivalent of
.insert() if a row with the corresponding onConflict columns doesn't
exist, or if it does exist, perform an alternative action depending on
ignoreDuplicates.
values to use upsert.The values to upsert with. Pass an object to upsert a single row or an array to upsert multiple rows.
Named parameters
Count algorithm to use to count upserted rows. `"exact"`: Exact but slow count algorithm. Performs a `COUNT(*)` under the hood. `"planned"`: Approximated but fast count algorithm. Uses the Postgres statistics under the hood. `"estimated"`: Uses exact count for low numbers and planned count for high numbers.
If `true`, duplicate rows are ignored. If `false`, duplicate rows are merged with existing rows.
Comma-separated UNIQUE column(s) to specify how duplicate rows are determined. Two rows are duplicates if all the `onConflict` columns are equal.
const { data, error } = await supabase
.from('countries')
.upsert({ id: 1, name: 'Albania' })
.select()Perform a DELETE on the table or view.
delete() should always be combined with filters to target the item(s) you wish to delete.delete() with filters and you have
RLS enabled, only
rows visible through SELECT policies are deleted. Note that by default
no rows are visible, so you need at least one SELECT/ALL policy that
makes the rows visible.Named parameters
Count algorithm to use to count deleted rows. `"exact"`: Exact but slow count algorithm. Performs a `COUNT(*)` under the hood. `"planned"`: Approximated but fast count algorithm. Uses the Postgres statistics under the hood. `"estimated"`: Uses exact count for low numbers and planned count for high numbers.
const { error } = await supabase
.from('countries')
.delete()
.eq('id', 1)Perform a function call.
You can call Postgres functions as Remote Procedure Calls, logic in your database that you can execute from anywhere. Functions are useful when the logic rarely changes—like for password resets and updates.
create or replace function hello_world() returns text as $$
select 'Hello world';
$$ language sql;
The function name to call
The arguments to pass to the function call
Named parameters
Count algorithm to use to count rows returned by the function. Only applicable for [set-returning functions](https://www.postgresql.org/docs/current/functions-srf.html). `"exact"`: Exact but slow count algorithm. Performs a `COUNT(*)` under the hood. `"planned"`: Approximated but fast count algorithm. Uses the Postgres statistics under the hood. `"estimated"`: Uses exact count for low numbers and planned count for high numbers.
When set to `true`, `data` will not be returned. Useful if you only need the count.
const { data, error } = await supabase.rpc('hello_world')Filters allow you to only return rows that match certain conditions.
Filters can be used on select(), update(), upsert(), and delete() queries.
If a Postgres function returns a table response, you can also apply filters.
const { data, error } = await supabase
.from('cities')
.select('name, country_id')
.eq('name', 'The Shire') // Correct
const { data, error } = await supabase
.from('cities')
.eq('name', 'The Shire') // Incorrect
.select('name, country_id')Match only rows where column is equal to value.
The column to filter on
The value to filter with
const { data, error } = await supabase
.from('countries')
.select()
.eq('name', 'Albania')Match only rows where column is not equal to value.
The column to filter on
The value to filter with
const { data, error } = await supabase
.from('countries')
.select()
.neq('name', 'Albania')Match only rows where column is greater than value.
The column to filter on
The value to filter with
const { data, error } = await supabase
.from('countries')
.select()
.gt('id', 2)Match only rows where column is greater than or equal to value.
The column to filter on
The value to filter with
const { data, error } = await supabase
.from('countries')
.select()
.gte('id', 2)Match only rows where column is less than value.
The column to filter on
The value to filter with
const { data, error } = await supabase
.from('countries')
.select()
.lt('id', 2)Match only rows where column is less than or equal to value.
The column to filter on
The value to filter with
const { data, error } = await supabase
.from('countries')
.select()
.lte('id', 2)Match only rows where column matches pattern case-sensitively.
The column to filter on
The pattern to match with
const { data, error } = await supabase
.from('countries')
.select()
.like('name', '%Alba%')Match only rows where column matches pattern case-insensitively.
The column to filter on
The pattern to match with
const { data, error } = await supabase
.from('countries')
.select()
.ilike('name', '%alba%')Match only rows where column IS value.
The column to filter on
The value to filter with
const { data, error } = await supabase
.from('countries')
.select()
.is('name', null)Match only rows where column is included in the values array.
The column to filter on
The values array to filter with
const { data, error } = await supabase
.from('countries')
.select()
.in('name', ['Albania', 'Algeria'])Only relevant for jsonb, array, and range columns. Match only rows where
column contains every element appearing in value.
The jsonb, array, or range column to filter on
The jsonb, array, or range value to filter with
const { data, error } = await supabase
.from('users')
.select()
.contains('name', ['is:online', 'faction:red'])Only relevant for jsonb, array, and range columns. Match only rows where
every element appearing in column is contained by value.
The jsonb, array, or range column to filter on
The jsonb, array, or range value to filter with
const { data, error } = await supabase
.from('classes')
.select('name')
.containedBy('days', ['monday', 'tuesday', 'wednesday', 'friday'])Only relevant for range columns. Match only rows where every element in
column is greater than any element in range.
The range column to filter on
The range to filter with
const { data, error } = await supabase
.from('reservations')
.select()
.rangeGt('during', '[2000-01-02 08:00, 2000-01-02 09:00)')Only relevant for range columns. Match only rows where every element in
column is either contained in range or greater than any element in
range.
The range column to filter on
The range to filter with
const { data, error } = await supabase
.from('reservations')
.select()
.rangeGte('during', '[2000-01-02 08:30, 2000-01-02 09:30)')Only relevant for range columns. Match only rows where every element in
column is less than any element in range.
The range column to filter on
The range to filter with
const { data, error } = await supabase
.from('reservations')
.select()
.rangeLt('during', '[2000-01-01 15:00, 2000-01-01 16:00)')Only relevant for range columns. Match only rows where every element in
column is either contained in range or less than any element in
range.
The range column to filter on
The range to filter with
const { data, error } = await supabase
.from('reservations')
.select()
.rangeLte('during', '[2000-01-01 14:00, 2000-01-01 16:00)')Only relevant for range columns. Match only rows where column is
mutually exclusive to range and there can be no element between the two
ranges.
The range column to filter on
The range to filter with
const { data, error } = await supabase
.from('reservations')
.select()
.rangeAdjacent('during', '[2000-01-01 12:00, 2000-01-01 13:00)')Only relevant for array and range columns. Match only rows where
column and value have an element in common.
The array or range column to filter on
The array or range value to filter with
const { data, error } = await supabase
.from('issues')
.select('title')
.overlaps('tags', ['is:closed', 'severity:high'])Only relevant for text and tsvector columns. Match only rows where
column matches the query string in query.
The text or tsvector column to filter on
The query text to match with
Named parameters
The text search configuration to use
Change how the `query` text is interpreted
const { data, error } = await supabase
.from('quotes')
.select('catchphrase')
.textSearch('catchphrase', `'fat' & 'cat'`, {
config: 'english'
})Match only rows where each column in query keys is equal to its
associated value. Shorthand for multiple .eq()s.
The object to filter with, with column names as keys mapped to their filter values
const { data, error } = await supabase
.from('countries')
.select('name')
.match({ id: 2, name: 'Albania' })Match only rows which doesn't satisfy the filter.
not() expects you to use the raw PostgREST syntax for the filter values.
.not('id', 'in', '(5,6,7)') // Use `()` for `in` filter
.not('arraycol', 'cs', '{"a","b"}') // Use `cs` for `contains()`, `{}` for array values
The column to filter on
The operator to be negated to filter with, following PostgREST syntax
The value to filter with, following PostgREST syntax
const { data, error } = await supabase
.from('countries')
.select()
.not('name', 'is', null)Match only rows which satisfy at least one of the filters.
or() expects you to use the raw PostgREST syntax for the filter names and values.
.or('id.in.(5,6,7), arraycol.cs.{"a","b"}') // Use `()` for `in` filter, `{}` for array values and `cs` for `contains()`.
.or('id.in.(5,6,7), arraycol.cd.{"a","b"}') // Use `cd` for `containedBy()`
The filters to use, following PostgREST syntax
Set this to filter on foreign tables instead of the current table
const { data, error } = await supabase
.from('countries')
.select('name')
.or('id.eq.2,name.eq.Algeria')Match only rows which satisfy the filter. This is an escape hatch - you should use the specific filter methods wherever possible.
filter() expects you to use the raw PostgREST syntax for the filter values.
.filter('id', 'in', '(5,6,7)') // Use `()` for `in` filter
.filter('arraycol', 'cs', '{"a","b"}') // Use `cs` for `contains()`, `{}` for array values
The column to filter on
The operator to filter with, following PostgREST syntax
The value to filter with, following PostgREST syntax
const { data, error } = await supabase
.from('countries')
.select()
.filter('name', 'in', '("Algeria","Japan")')Filters work on the row level—they allows you to return rows that only match certain conditions without changing the shape of the rows. Modifiers are everything that don't fit that definition—allowing you to change the format of the response (e.g., returning a CSV string).
Modifiers must be specified after filters. Some modifiers only apply for
queries that return rows (e.g., select() or rpc() on a function that
returns a table response).
Perform a SELECT on the query result.
The columns to retrieve, separated by commas
const { data, error } = await supabase
.from('countries')
.upsert({ id: 1, name: 'Algeria' })
.select()Order the query result by column.
The column to order by
Named parameters
Set this to order a foreign table by foreign columns
If `true`, the result will be in ascending order
If `true`, `null`s appear first. If `false`, `null`s appear last.
const { data, error } = await supabase
.from('countries')
.select('id', 'name')
.order('id', { ascending: false })Limit the query result by count.
The maximum number of rows to return
Named parameters
Set this to limit rows of foreign tables instead of the current table
const { data, error } = await supabase
.from('countries')
.select('name')
.limit(1)Limit the query result by from and to inclusively.
The starting index from which to limit the result
The last index to which to limit the result
Named parameters
Set this to limit rows of foreign tables instead of the current table
const { data, error } = await supabase
.from('countries')
.select('name')
.range(0, 1)Set the AbortSignal for the fetch request.
The AbortSignal to use for the fetch request
const ac = new AbortController()
ac.abort()
const { data, error } = await supabase
.from('very_big_table')
.select()
.abortSignal(ac.signal)Return data as a single object instead of an array of objects.
const { data, error } = await supabase
.from('countries')
.select('name')
.limit(1)
.single()Return data as a single object instead of an array of objects.
const { data, error } = await supabase
.from('countries')
.select()
.eq('name', 'Singapore')
.maybeSingle()Return data as a string in CSV format.
const { data, error } = await supabase
.from('countries')
.select()
.csv()Override the type of the returned data.
const { data } = await supabase
.from('countries')
.select()
.returns<MyType>()supabase.auth namespace.
import { createClient } from '@supabase/supabase-js'
const supabase = createClient(supabase_url, anon_key)Creates a new user.
user is returned but session is null.user and a session are returned.SITE_URL by default. You can modify your SITE_URL or add additional redirect URLs in your project.User already registered is returned.getUser().
const { data, error } = await supabase.auth.signUp({
email: 'example@email.com',
password: 'example-password',
})Log in an existing user with an email and password or phone and password.
const { data, error } = await supabase.auth.signInWithPassword({
email: 'example@email.com',
password: 'example-password',
})Log in a user using magiclink or a one-time password (OTP).
signInWithOtp() will signup the user instead. To restrict this behaviour, you can set shouldCreateUser in SignInWithPasswordlessCredentials.options to false.SITE_URL.{{ .Token }} instead of {{ .ConfirmationURL }}.
const { data, error } = await supabase.auth.signInWithOtp({
email: 'example@email.com',
options: {
emailRedirectTo: 'https://example.com/welcome'
}
})Log in an existing user via a third-party provider.
One of the providers supported by GoTrue.
An object of query params
A URL to send the user to after they are confirmed.
A space-separated list of scopes granted to the OAuth application.
If set to true does not immediately redirect the current browser context to visit the OAuth authorization page for the provider.
const { data, error } = await supabase.auth.signInWithOAuth({
provider: 'github'
})Inside a browser context, signOut() will remove the logged in user from the browser session
and log them out - removing all items from localstorage and then trigger a "SIGNED_OUT" event.
signOut() method, the user needs to be signed in first.
const { error } = await supabase.auth.signOut()Log in a user given a User supplied OTP received via mobile.
verifyOtp method takes in different verification types. If a phone number is used, the type can either be sms or phone_change. If an email address is used, the type can be one of the following: signup, magiclink, recovery, invite or email_change.verifyOtp to sign up / sign-in a user.
const { data, error } = await supabase.auth.verifyOtp({ phone, token, type: 'sms'})Returns the session, refreshing it if necessary. The session returned can be null if the session is not detected which can happen in the event a user is not signed-in or has logged out.
const { data, error } = await supabase.auth.getSession()Returns a new session, regardless of expiry status. Takes in an optional current session. If not passed in, then refreshSession() will attempt to retrieve it from getSession(). If the current session's refresh token is invalid, an error will be thrown.
The current session. If passed in, it must contain a refresh token.
const { data, error } = await supabase.auth.refreshSession()
const { session, user } = dataGets the current user details if there is an existing session.
getSession().session.user is recommended.Takes in an optional access token jwt. If no jwt is provided, getUser() will attempt to get the jwt from the current session.
const { data: { user } } = await supabase.auth.getUser()Updates user data, if there is a logged in user.
updateUser() method, the user needs to be signed in first.A custom data object to store the user's metadata. This maps to the `auth.users.user_metadata` column. The `data` should be a JSON object that includes user-specific info, such as their first and last name.
The user's email.
The user's password.
The user's phone.
const { data, error } = await supabase.auth.updateUser({email: 'new@email.com'})Sets the session data from the current session. If the current session is expired, setSession will take care of refreshing it to obtain a new session. If the refresh token or access token in the current session is invalid, an error will be thrown.
setSession() takes in a refresh token and uses it to get a new session.REFRESH_TOKEN_REUSE_INTERVAL which provides a short window in which the same refresh token can be used multiple times in the event of concurrency or offline issues.The current session that minimally contains an access token and refresh token.
const { data, error } = supabase.auth.setSession({
access_token,
refresh_token
})Receive a notification every time an auth event happens.
SIGNED_IN, SIGNED_OUT, TOKEN_REFRESHED, USER_UPDATED, PASSWORD_RECOVERYonAuthStateChange() does not work across tabs.
For instance, in the case of a password reset flow, the original tab which requested for the password reset link will not receive the SIGNED_IN and PASSWORD_RECOVERY event when the user clicks on the link.A callback function to be invoked when an auth event happens.
supabase.auth.onAuthStateChange((event, session) => {
console.log(event, session)
})Sends a password reset request to an email address.
resetPasswordForEmail() only sends a password reset link to the user's email.
To update the user's password, see updateUser().SIGNED_IN and PASSWORD_RECOVERY event will be emitted when the password recovery link is clicked.
You can use onAuthStateChange() to listen and invoke a callback function on these events.redirectTo parameter.
See redirect URLs and wildcards to add additional redirect URLs to your project.updateUser():const { data, error } = await supabase.auth.updateUser({
password: new_password
})
The email address of the user.
Verification token received when the user completes the captcha on the site.
The URL to send the user to after they click the password reset link.
const { data, error } = await supabase.auth.resetPasswordForEmail(email, {
redirectTo: 'https://example.com/update-password',
})Starts the enrollment process for a new Multi-Factor Authentication (MFA)
factor. This method creates a new unverified factor.
To verify a factor, present the QR code or secret to the user and ask them to add it to their
authenticator app.
The user has to enter the code from their authenticator app to verify it.
totp is the only supported factorType. The returned id should be used to create a challenge.mfa.challenge().mfa.verify().mfa.challengeAndVerify().totp secret in nextjs, you can do the following:<Image src={data.totp.qr_code} alt={data.totp.uri} layout="fill"></Image>
The type of factor being enrolled.
Human readable name assigned to the factor.
Domain which the user is enrolled with.
const { data, error } = await supabase.auth.mfa.enroll({
factorType: 'totp'
})
// Use the id to create a challenge.
// The challenge can be verified by entering the code generated from the authenticator app.
// The code will be generated upon scanning the qr_code or entering the secret into the authenticator app.
const { id, type, totp: { qr_code, secret, uri } } = dataPrepares a challenge used to verify that a user has access to a MFA factor.
mfa.verify().ID of the factor to be challenged. Returned in enroll().
const { data, error } = await supabase.auth.mfa.challenge({
factorId: '34e770dd-9ff9-416c-87fa-43b31d7ef225'
})Verifies a code against a challenge. The verification code is provided by the user by entering a code seen in their authenticator app.
ID of the factor being verified. Returned in enroll().
Verification code provided by the user.
ID of the challenge being verified. Returned in challenge().
const { data, error } = await supabase.auth.mfa.verify({
factorId: '34e770dd-9ff9-416c-87fa-43b31d7ef225',
challengeId: '4034ae6f-a8ce-4fb5-8ee5-69a5863a7c15',
code: '123456'
})Helper method which creates a challenge and immediately uses the given code to verify against it thereafter. The verification code is provided by the user by entering a code seen in their authenticator app.
challengeAndVerify().mfa.challenge() and mfa.verify() in a single step.ID of the factor being verified. Returned in enroll().
Verification code provided by the user.
const { data, error } = await supabase.auth.mfa.challengeAndVerify({
factorId: '34e770dd-9ff9-416c-87fa-43b31d7ef225',
code: '123456'
})Unenroll removes a MFA factor.
A user has to have an aal2 authenticator level in order to unenroll a verified factor.
ID of the factor being unenrolled.
const { data, error } = await supabase.auth.mfa.unenroll({
factorId: '34e770dd-9ff9-416c-87fa-43b31d7ef225',
})Returns the Authenticator Assurance Level (AAL) for the active session.
aal1 refers to having the 1st factor of authentication such as an email and password or OAuth sign-in while aal2 refers to the 2nd factor of authentication such as a time-based, one-time-password (TOTP).nextLevel field will return aal2, else, it will return aal1.
const { data, error } = await supabase.auth.mfa.getAuthenticatorAssuranceLevel()
const { currentLevel, nextLevel, currentAuthenticationMethods } = datasupabase.auth.admin namespace requires a service_role key.service_role key in the browser.
import { createClient } from '@supabase/supabase-js'
const supabase = createClient(supabase_url, service_role_key, {
auth: {
autoRefreshToken: false,
persistSession: false
}
})
// Access auth admin api
const adminAuthClient = supabase.auth.adminGet user by id.
getUserById() method requires the user's id which maps to the auth.users.id column.The user's unique identifier This function should only be called on a server. Never expose your `service_role` key in the browser.
const { data, error } = await supabase.auth.admin.getUserById(1)Get a list of users.
An object which supports `page` and `perPage` as numbers, to alter the paginated results.
The page number
Number of items returned per page
const { data: { users }, error } = await supabase.auth.admin.listUsers()Creates a new user.
This function should only be called on a server. Never expose your service_role key in the browser.
email_confirm or phone_confirm to true. Both arguments default to false.A custom data object to store the user's application specific metadata. This maps to the `auth.users.app_metadata` column. Only a service role can modify. The `app_metadata` should be a JSON object that includes app-specific info, such as identity providers, roles, and other access control information.
Determines how long a user is banned for. The format for the ban duration follows a strict sequence of decimal numbers with a unit suffix. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". For example, some possible durations include: '300ms', '2h45m'. Setting the ban duration to 'none' lifts the ban on the user.
A custom data object to store the user's metadata. This maps to the `auth.users.user_metadata` column. The `data` should be a JSON object that includes user-specific info, such as their first and last name.
The user's email.
Confirms the user's email address if set to true. Only a service role can modify.
The user's password.
The user's phone.
Confirms the user's phone number if set to true. Only a service role can modify.
A custom data object to store the user's metadata. This maps to the `auth.users.user_metadata` column. Only a service role can modify. The `user_metadata` should be a JSON object that includes user-specific info, such as their first and last name. Note: When using the GoTrueAdminApi and wanting to modify a user's metadata, this attribute is used instead of UserAttributes data.
const { data, error } = await supabase.auth.admin.createUser({
email: 'user@email.com',
password: 'password',
user_metadata: { name: 'Yoda' }
})Delete a user. Requires a service_role key.
deleteUser() method requires the user's ID, which maps to the auth.users.id column.The user id you want to remove.
If true, then the user will be soft-deleted from the auth schema. Defaults to false for backward compatibility. This function should only be called on a server. Never expose your `service_role` key in the browser.
const { data, error } = await supabase.auth.admin.deleteUser(
'715ed5db-f090-4b8c-a067-640ecee36aa0'
)Sends an invite link to an email address.
The email address of the user.
Optional user metadata
A URL or mobile deeplink to send the user to after they are confirmed.
const { data, error } = await supabase.auth.admin.inviteUserByEmail('email@example.com')Sends a password reset request to an email address.
resetPasswordForEmail() only sends a password reset link to the user's email.
To update the user's password, see updateUser().SIGNED_IN and PASSWORD_RECOVERY event will be emitted when the password recovery link is clicked.
You can use onAuthStateChange() to listen and invoke a callback function on these events.redirectTo parameter.
See redirect URLs and wildcards to add additional redirect URLs to your project.updateUser():const { data, error } = await supabase.auth.updateUser({
password: new_password
})
The email address of the user.
Verification token received when the user completes the captcha on the site.
The URL to send the user to after they click the password reset link.
const { data, error } = await supabase.auth.resetPasswordForEmail(email, {
redirectTo: 'https://example.com/update-password',
})Generates email links and OTPs to be sent via a custom email provider.
const { data, error } = await supabase.auth.admin.generateLink({
type: 'signup',
email: 'email@example.com',
password: 'secret'
})Updates the user data.
The data you want to update. This function should only be called on a server. Never expose your `service_role` key in the browser.
A custom data object to store the user's application specific metadata. This maps to the `auth.users.app_metadata` column. Only a service role can modify. The `app_metadata` should be a JSON object that includes app-specific info, such as identity providers, roles, and other access control information.
Determines how long a user is banned for. The format for the ban duration follows a strict sequence of decimal numbers with a unit suffix. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". For example, some possible durations include: '300ms', '2h45m'. Setting the ban duration to 'none' lifts the ban on the user.
A custom data object to store the user's metadata. This maps to the `auth.users.user_metadata` column. The `data` should be a JSON object that includes user-specific info, such as their first and last name.
The user's email.
Confirms the user's email address if set to true. Only a service role can modify.
The user's password.
The user's phone.
Confirms the user's phone number if set to true. Only a service role can modify.
A custom data object to store the user's metadata. This maps to the `auth.users.user_metadata` column. Only a service role can modify. The `user_metadata` should be a JSON object that includes user-specific info, such as their first and last name. Note: When using the GoTrueAdminApi and wanting to modify a user's metadata, this attribute is used instead of UserAttributes data.
const { data: user, error } = await supabase.auth.admin.updateUserById(
'6aa5d0d4-2a9f-4483-b6c8-0cf4c6c98ac4',
{ email: 'new@email.com' }
)Lists all factors associated to a user.
ID of the user.
const { data, error } = await supabase.auth.admin.mfa.listFactors()Deletes a factor on a user. This will log the user out of all active sessions if the deleted factor was verified.
ID of the user whose factor is being deleted.
ID of the MFA factor to delete.
const { data, error } = await supabase.auth.admin.mfa.deleteFactor({
id: '34e770dd-9ff9-416c-87fa-43b31d7ef225',
userId: 'a89baba7-b1b7-440f-b4bb-91026967f66b',
})Invokes a function
Invoke a Supabase Function.
Blob, ArrayBuffer, File, FormData and String. If it doesn't match any of these types we assume the payload is json, serialise it and attach the Content-Type header as application/json. You can override this behaviour by passing in a Content-Type header of your own.json, blob and form-data depending on the Content-Type header sent by your function. Responses are parsed as text by default.The name of the Function to invoke.
Options for invoking the Function.
The body of the request.
Object representing the headers to send with the request.
const { data, error } = await supabase.functions.invoke('hello', {
body: { foo: 'bar' }
})Creates an event handler that listens to changes.
REPLICA IDENTITY to FULL (e.g., ALTER TABLE your_table REPLICA IDENTITY FULL;).One of "broadcast", "presence", or "postgres_changes".
Custom object specific to the Realtime feature detailing which payloads to receive.
Function to be invoked when event handler is triggered.
supabase
.channel('any')
.on('broadcast', { event: 'cursor-pos' }, payload => {
console.log('Cursor position received!', payload)
})
.subscribe((status) => {
if (status === 'SUBSCRIBED') {
channel.send({
type: 'broadcast',
event: 'cursor-pos',
payload: { x: Math.random(), y: Math.random() },
})
}
})Unsubscribes and removes Realtime channel from Realtime client.
The name of the Realtime channel.
supabase.removeChannel(myChannel)Unsubscribes and removes all Realtime channels from Realtime client.
supabase.removeAllChannels()Returns all Realtime channels.
const channels = supabase.getChannels()Creates a new Storage bucket
buckets table permissions: insertobjects table permissions: noneA unique identifier for the bucket you are creating.
The visibility of the bucket. Public buckets don't require an authorization token to download objects, but still require a valid token for all other operations. By default, buckets are private.
const { data, error } = await supabase
.storage
.createBucket('avatars', { public: false })Retrieves the details of an existing Storage bucket.
buckets table permissions: selectobjects table permissions: noneThe unique identifier of the bucket you would like to retrieve.
const { data, error } = await supabase
.storage
.getBucket('avatars')Retrieves the details of all Storage buckets within an existing project.
buckets table permissions: selectobjects table permissions: none
const { data, error } = await supabase
.storage
.listBuckets()Updates a Storage bucket
buckets table permissions: updateobjects table permissions: noneA unique identifier for the bucket you are updating.
The visibility of the bucket. Public buckets don't require an authorization token to download objects, but still require a valid token for all other operations.
const { data, error } = await supabase
.storage
.updateBucket('avatars', { public: false })Deletes an existing bucket. A bucket can't be deleted with existing objects inside it.
You must first empty() the bucket.
buckets table permissions: select and deleteobjects table permissions: noneThe unique identifier of the bucket you would like to delete.
const { data, error } = await supabase
.storage
.deleteBucket('avatars')Removes all objects inside a single bucket.
buckets table permissions: selectobjects table permissions: select and deleteThe unique identifier of the bucket you would like to empty.
const { data, error } = await supabase
.storage
.emptyBucket('avatars')Uploads a file to an existing bucket.
buckets table permissions: noneobjects table permissions: insertBlob, File or FormData does not work as intended. Upload file using ArrayBuffer from base64 file data instead, see example below.The file path, including the file name. Should be of the format `folder/subfolder/filename.png`. The bucket must already exist before attempting to upload.
The body of the file to be stored in the bucket.
The number of seconds the asset is cached in the browser and in the Supabase CDN. This is set in the `Cache-Control: max-age=<seconds>` header. Defaults to 3600 seconds.
the `Content-Type` header value. Should be specified if using a `fileBody` that is neither `Blob` nor `File` nor `FormData`, otherwise will default to `text/plain;charset=UTF-8`.
When upsert is set to true, the file is overwritten if it exists. When set to false, an error is thrown if the object already exists. Defaults to false.
const avatarFile = event.target.files[0]
const { data, error } = await supabase
.storage
.from('avatars')
.upload('public/avatar1.png', avatarFile, {
cacheControl: '3600',
upsert: false
})Downloads a file from a private bucket. For public buckets, make a request to the URL returned from getPublicUrl instead.
buckets table permissions: noneobjects table permissions: selectThe full path and file name of the file to be downloaded. For example `folder/image.png`.
Transform the asset before serving it to the client.
Specify the format of the image requested. When using 'origin' we force the format to be the same as the original image, bypassing automatic browser optimisation such as webp conversion
The height of the image in pixels.
The resize mode can be cover, contain or fill. Defaults to cover. Cover resizes the image to maintain it's aspect ratio while filling the entire width and height. Contain resizes the image to maintain it's aspect ratio while fitting the entire image within the width and height. Fill resizes the image to fill the entire width and height. If the object's aspect ratio does not match the width and height, the image will be stretched to fit.
The width of the image in pixels.
const { data, error } = await supabase
.storage
.from('avatars')
.download('folder/avatar1.png')