Python Reference v2.0

Initializing

You can initialize a new Supabase client using the create_client() method.

The Supabase client is your entrypoint to the rest of the Supabase functionality and is the easiest way to interact with everything we offer within the Supabase ecosystem.

Parameters
    supabase_url
    REQUIRED
    string

    The unique Supabase URL which is supplied when you create a new project in your project dashboard.

    supabase_key
    REQUIRED
    string

    The unique Supabase Key which is supplied when you create a new project in your project dashboard.

    options
    Optional
    ClientOptions

    Options to change the Auth behaviors.


import os
from supabase import create_client, Client

url: str = os.environ.get("SUPABASE_URL")
key: str = os.environ.get("SUPABASE_KEY")
supabase: Client = create_client(url, key)

Fetch data

  • By default, Supabase projects return a maximum of 1,000 rows. This setting can be changed in your project's API settings. It's recommended that you keep it low to limit the payload size of accidental or malicious requests. You can use range() queries to paginate through your data.
  • select() can be combined with Filters
  • select() can be combined with Modifiers
  • apikey is a reserved keyword if you're using the Supabase Platform and should be avoided as a column name.
Parameters
    columns
    Optional
    string

    The columns to retrieve, defaults to *.

    count
    Optional
    CountMethod

    The property to use to get the count of rows returned.


response = supabase.table("countries").select("*").execute()

Insert data

Parameters
    json
    REQUIRED
    dict, list

    The values to insert. Pass an dict to insert a single row or an list to insert multiple rows.

    count
    Optional
    CountMethod

    The property to use to get the count of rows returned.

    returning
    Optional
    ReturnMethod

    Either 'minimal' or 'representation'. Defaults to 'representation'.

    default_to_null
    Optional
    bool

    Make missing fields default to null. Otherwise, use the default value for the column. Only applies for bulk inserts.


response = (
    supabase.table("countries")
    .insert({"id": 1, "name": "Denmark"})
    .execute()
)

Update data

  • update() should always be combined with Filters to target the item(s) you wish to update.
Parameters
    json
    REQUIRED
    dict, list

    The values to insert. Pass an dict to insert a single row or an list to insert multiple rows.

    count
    Optional
    CountMethod

    The property to use to get the count of rows returned.

    returning
    Optional
    ReturnMethod

    Either 'minimal' or 'representation'. Defaults to 'representation'.

    ignore_duplicates
    Optional
    bool

    Whether duplicate rows should be ignored.

    on_conflict
    Optional
    bool

    Specified columns to be made to work with UNIQUE constraint.

    default_to_null
    Optional
    bool

    Make missing fields default to null. Otherwise, use the default value for the column. This only applies when inserting new rows, not when merging with existing rows under ignore_duplicates: false. This also only applies when doing bulk upserts.


response = (
    supabase.table("countries")
    .update({"name": "Australia"})
    .eq("id", 1)
    .execute()
)

Upsert data

  • Primary keys must be included in the values dict to use upsert.
Parameters
    json
    REQUIRED
    dict, list

    The values to insert. Pass an dict to insert a single row or an list to insert multiple rows.

    count
    Optional
    CountMethod

    The property to use to get the count of rows returned.

    returning
    Optional
    ReturnMethod

    Either 'minimal' or 'representation'. Defaults to 'representation'.

    ignore_duplicates
    Optional
    bool

    Whether duplicate rows should be ignored.

    on_conflict
    Optional
    bool

    Specified columns to be made to work with UNIQUE constraint.

    default_to_null
    Optional
    bool

    Make missing fields default to null. Otherwise, use the default value for the column. Only applies for bulk inserts.


response = (
    supabase.table("countries")
    .upsert({"id": 1, "name": "Australia"})
    .execute()
)

Delete data

  • delete() should always be combined with filters to target the item(s) you wish to delete.
  • If you use delete() with filters and you have RLS enabled, only rows visible through SELECT policies are deleted. Note that by default no rows are visible, so you need at least one SELECT/ALL policy that makes the rows visible.
  • When using delete().in_(), specify an array of values to target multiple rows with a single query. This is particularly useful for batch deleting entries that share common criteria, such as deleting users by their IDs. Ensure that the array you provide accurately represents all records you intend to delete to avoid unintended data removal.
Parameters
    count
    Optional
    CountMethod

    The property to use to get the count of rows returned.

    returning
    Optional
    ReturnMethod

    Either 'minimal' or 'representation'. Defaults to 'representation'.


response = supabase.table('countries').delete().eq('id', 1).execute()

Call a Postgres function

You can call Postgres functions as Remote Procedure Calls, logic in your database that you can execute from anywhere. Functions are useful when the logic rarely changes—like for password resets and updates.

create or replace function hello_world() returns text as $$
  select 'Hello world';
$$ language sql;
Parameters
    fn
    REQUIRED
    callable

    The stored procedure call to be executed.

    params
    Optional
    dict of any

    Parameters passed into the stored procedure call.

    get
    Optional
    dict of any

    When set to true, data will not be returned. Useful if you only need the count.

    head
    Optional
    dict of any

    When set to true, the function will be called with read-only access mode.

    count
    Optional
    CountMethod

    Count algorithm to use to count rows returned by the function. Only applicable for set-returning functions. "exact": Exact but slow count algorithm. Performs a COUNT(*) under the hood. "planned": Approximated but fast count algorithm. Uses the Postgres statistics under the hood. "estimated": Uses exact count for low numbers and planned count for high numbers.


response = supabase.rpc("hello_world").execute()

Using filters

Filters allow you to only return rows that match certain conditions.

Filters can be used on select(), update(), upsert(), and delete() queries.

If a Postgres function returns a table response, you can also apply filters.


# Correct
response = (
    supabase.table("cities")
    .select("name, country_id")
    .eq("name", "Bali")
    .execute()
)

# Incorrect
response = (
    supabase.table("cities")
    .eq("name", "Bali")
    .select("name, country_id")
    .execute()
)

Column is equal to a value

Match only rows where column is equal to value.

Parameters
    column
    REQUIRED
    string

    The column to filter on

    value
    REQUIRED
    any

    The value to filter by


response = supabase.table("countries").select("*").eq("name", "Albania").execute()

Column is not equal to a value

Match only rows where column is not equal to value.

Parameters
    column
    REQUIRED
    string

    The column to filter on

    value
    REQUIRED
    any

    The value to filter by


response = supabase.table("countries").select("*").neq("name", "Albania").execute()

Column is greater than a value

Match only rows where column is greather than value.

Parameters
    column
    REQUIRED
    string

    The column to filter on

    value
    REQUIRED
    any

    The value to filter by


response = supabase.table("countries").select("*").gt("id", 2).execute()

Column is greater than or equal to a value

Match only rows where column is greater than or equal to value.

Parameters
    column
    REQUIRED
    string

    The column to filter on

    value
    REQUIRED
    any

    The value to filter by


response = supabase.table("countries").select("*").gte("id", 2).execute()

Column is less than a value

Match only rows where column is less than value.

Parameters
    column
    REQUIRED
    string

    The column to filter on

    value
    REQUIRED
    any

    The value to filter by


response = supabase.table("countries").select("*").lt("id", 2).execute()

Column is less than or equal to a value

Match only rows where column is less than or equal to value.

Parameters
    column
    REQUIRED
    string

    The column to filter on

    value
    REQUIRED
    any

    The value to filter by


response = supabase.table("countries").select("*").lte("id", 2).execute()

Column matches a pattern

Match only rows where column matches pattern case-sensitively.

Parameters
    column
    REQUIRED
    string

    The name of the column to apply a filter on

    pattern
    REQUIRED
    string

    The pattern to match by


response = supabase.table("countries").select("*").like("name", "%Alba%").execute()

Column matches a case-insensitive pattern

Match only rows where column matches pattern case-insensitively.

Parameters
    column
    REQUIRED
    string

    The name of the column to apply a filter on

    pattern
    REQUIRED
    string

    The pattern to match by


response = supabase.table("countries").select("*").ilike("name", "%alba%").execute()

Column is a value

Match only rows where column IS value.

Parameters
    column
    REQUIRED
    string

    The name of the column to apply a filter on

    value
    REQUIRED
    null | boolean

    The value to match by


response = supabase.table("countries").select("*").is_("name", "null").execute()

Column is in an array

Match only rows where column is included in the values array.

Parameters
    column
    REQUIRED
    string

    The column to filter on

    values
    REQUIRED
    array

    The values to filter by


response = (
    supabase.table("countries")
    .select("*")
    .in_("name", ["Albania", "Algeria"])
    .execute()
)

Column contains every element in a value

Only relevant for jsonb, array, and range columns. Match only rows where column contains every element appearing in value.

Parameters
    column
    REQUIRED
    string

    The column to filter on

    values
    REQUIRED
    object

    The jsonb, array, or range value to filter with


response = (
    supabase.table("issues")
    .select("*")
    .contains("tags", ["is:open", "priority:low"])
    .execute()
)

Contained by value

Only relevant for jsonb, array, and range columns. Match only rows where every element appearing in column is contained by value.

Parameters
    column
    REQUIRED
    string

    The jsonb, array, or range column to filter on

    value
    REQUIRED
    object

    The jsonb, array, or range value to filter with


response = (
    supabase.table("classes")
    .select("name")
    .contained_by("days", ["monday", "tuesday", "wednesday", "friday"])
    .execute()
)

Greater than a range

Only relevant for range columns. Match only rows where every element in column is greater than any element in range.

Parameters
    column
    REQUIRED
    string

    The range column to filter on

    range
    REQUIRED
    array

    The range to filter with


response = (
    supabase.table("reservations")
    .select("*")
    .range_gt("during", ["2000-01-02 08:00", "2000-01-02 09:00"])
    .execute()
)

Greater than or equal to a range

Only relevant for range columns. Match only rows where every element in column is either contained in range or greater than any element in range.

Parameters
    column
    REQUIRED
    string

    The range column to filter on

    range
    REQUIRED
    string

    The range to filter with


response = (
    supabase.table("reservations")
    .select("*")
    .range_gte("during", ["2000-01-02 08:30", "2000-01-02 09:30"])
    .execute()
)

Less than a range

Only relevant for range columns. Match only rows where every element in column is less than any element in range.

Parameters
    column
    REQUIRED
    string

    The range column to filter on

    range
    REQUIRED
    array

    The range to filter with


response = (
    supabase.table("reservations")
    .select("*")
    .range_lt("during", ["2000-01-01 15:00", "2000-01-01 16:00"])
    .execute()
)

Less than or equal to a range

Only relevant for range columns. Match only rows where every element in column is less than any element in range.

Parameters
    column
    REQUIRED
    string

    The range column to filter on

    range
    REQUIRED
    array

    The range to filter with


response = (
    supabase.table("reservations")
    .select("*")
    .range_lte("during", ["2000-01-01 14:00", "2000-01-01 16:00"])
    .execute()
)

Mutually exclusive to a range

Only relevant for range columns. Match only rows where column is mutually exclusive to range and there can be no element between the two ranges.

Parameters
    column
    REQUIRED
    string

    The range column to filter on

    range
    REQUIRED
    array

    The range to filter with


response = (
    supabase.table("reservations")
    .select("*")
    .range_adjacent("during", ["2000-01-01 12:00", "2000-01-01 13:00"])
    .execute()
)

With a common element

Only relevant for array and range columns. Match only rows where column and value have an element in common.

Parameters
    column
    REQUIRED
    string

    The array or range column to filter on

    value
    REQUIRED
    Iterable[Any]

    The array or range value to filter with


response = (
    supabase.table("issues")
    .select("title")
    .overlaps("tags", ["is:closed", "severity:high"])
    .execute()
)

Match a string

Only relevant for text and tsvector columns. Match only rows where column matches the query string in query.

Parameters
    column
    REQUIRED
    string

    The text or tsvector column to filter on

    query
    REQUIRED
    string

    The query text to match with

    options
    Optional
    object

    Named parameters


response = (
    supabase.table("texts")
    .select("content")
    .text_search("content", "'eggs' & 'ham'", options={"config": "english"})
    .execute()
)

Match an associated value

Match only rows where each column in query keys is equal to its associated value. Shorthand for multiple .eq()s.

Parameters
    query
    REQUIRED
    dict

    The object to filter with, with column names as keys mapped to their filter values


response = (
    supabase.table("countries")
    .select("*")
    .match({"id": 2, "name": "Albania"})
    .execute()
)

Don't match the filter

Match only rows which doesn't satisfy the filter. not_ expects you to use the raw PostgREST syntax for the filter values.

1.not_.in_('id', '(5,6,7)')  # Use `()` for `in` filter
2.not_.contains('arraycol', '{"a","b"}')  # Use `{}` for array values

response = (
    supabase.table("countries")
    .select("*")
    .not_.is_("name", "null")
    .execute()
)

Match at least one filter

or_() expects you to use the raw PostgREST syntax for the filter names and values.

1.or_('id.in.(5,6,7), arraycol.cs.{"a","b"}')  # Use `()` for `in` filter, `{}` for array values and `cs` for `contains()`.
2.or_('id.in.(5,6,7), arraycol.cd.{"a","b"}')  # Use `cd` for `containedBy()`
Parameters
    filters
    REQUIRED
    string

    The filters to use, following PostgREST syntax

    reference_table
    Optional
    string

    Set this to filter on referenced tables instead of the parent table


response = (
    supabase.table("countries")
    .select("name")
    .or_("id.eq.2,name.eq.Algeria")
    .execute()
)

Match the filter

filter() expects you to use the raw PostgREST syntax for the filter values.

1.filter('id', 'in', '(5,6,7)')  # Use `()` for `in` filter
2.filter('arraycol', 'cs', '{"a","b"}')  # Use `cs` for `contains()`, `{}` for array values
Parameters
    column
    REQUIRED
    string

    The column to filter on

    operator
    Optional
    string

    The operator to filter with, following PostgREST syntax

    value
    Optional
    any

    The value to filter with, following PostgREST syntax


response = (
    supabase.table("countries")
    .select("*")
    .filter("name", "in", '("Algeria","Japan")')
    .execute()
)

Using modifiers

Filters work on the row level—they allow you to return rows that only match certain conditions without changing the shape of the rows. Modifiers are everything that don't fit that definition—allowing you to change the format of the response (e.g., returning a CSV string).

Modifiers must be specified after filters. Some modifiers only apply for queries that return rows (e.g., select() or rpc() on a function that returns a table response).

Order the results

Order the query result by column.

Parameters
    column
    REQUIRED
    string

    The column to order by

    desc
    Optional
    bool

    Whether the rows should be ordered in descending order or not.

    foreign_table
    Optional
    string

    Foreign table name whose results are to be ordered.

    nullsfirst
    Optional
    bool

    Order by showing nulls first


response = (
    supabase.table("countries")
    .select("*")
    .order("name", desc=True)
    .execute()
)

Limit the number of rows returned

Parameters
    size
    REQUIRED
    number

    The maximum number of rows to return

    foreign_table
    Optional
    string

    Set this to limit rows of foreign tables instead of the parent table.


response = supabase.table("countries").select("name").limit(1).execute()

Limit the query to a range

Limit the query result by starting at an offset (from) and ending at the offset (from + to). Only records within this range are returned. This respects the query order and if there is no order clause the range could behave unexpectedly.

The from and to values are 0-based and inclusive: range(1, 3) will include the second, third and fourth rows of the query.

Parameters
    start
    REQUIRED
    number

    The starting index from which to limit the result.

    end
    REQUIRED
    number

    The last index to which to limit the result.

    foreign_table
    Optional
    string

    Set this to limit rows of foreign tables instead of the parent table.


response = supabase.table("countries").select("name").range(0, 1).execute()

Retrieve one row of data

Return data as a single object instead of an array of objects.


response = supabase.table("countries").select("name").limit(1).single().execute()

Retrieve zero or one row of data

Return data as a single object instead of an array of objects.


response = (
    supabase.table("countries")
    .select("*")
    .eq("name", "Albania")
    .maybe_single()
    .execute()
)

Retrieve as a CSV

Return data as a string in CSV format.


response = supabase.table("countries").select("*").csv().execute()

Using explain

For debugging slow queries, you can get the Postgres EXPLAIN execution plan of a query using the explain() method. This works on any query, even for rpc() or writes.

Explain is not enabled by default as it can reveal sensitive information about your database. It's best to only enable this for testing environments but if you wish to enable it for production you can provide additional protection by using a pre-request function.

Follow the Performance Debugging Guide to enable the functionality on your project.

Parameters
    wal
    Optional
    boolean

    If true, include information on WAL record generation.

    verbose
    Optional
    boolean

    If true, the query identifier will be returned and data will include the output columns of the query.

    settings
    Optional
    boolean

    If true, include information on configuration parameters that affect query planning.

    format
    Optional
    boolean

    The format of the output, can be "text" (default) or "json".

    format
    Optional
    "text" | "json"

    The format of the output, can be "text" (default) or "json".

    buffers
    Optional
    boolean

    If true, include information on buffer usage.

    analyze
    Optional
    boolean

    If true, the query will be executed and the actual run time will be returned.


response = supabase.table("countries").select("*").explain().execute()

Create a new user

  • By default, the user needs to verify their email address before logging in. To turn this off, disable Confirm email in your project.
  • Confirm email determines if users need to confirm their email address after signing up.
    • If Confirm email is enabled, a user is returned but session is null.
    • If Confirm email is disabled, both a user and a session are returned.
  • By default, when the user confirms their email address, they are redirected to the SITE_URL. You can modify your SITE_URL or add additional redirect URLs in your project.
  • If sign_up() is called for an existing confirmed user:
    • When both Confirm email and Confirm phone (even when phone provider is disabled) are enabled in your project, an obfuscated/fake user object is returned.
    • When either Confirm email or Confirm phone (even when phone provider is disabled) is disabled, the error message, User already registered is returned.
  • To fetch the currently logged-in user, refer to get_user().
Parameters
    credentials
    REQUIRED
    SignUpWithPasswordCredentials

response = supabase.auth.sign_up(
    credentials={"email": "[email protected]", "password": "password"}
)

Create an anonymous user

  • Returns an anonymous user
  • It is recommended to set up captcha for anonymous sign-ins to prevent abuse. You can pass in the captcha token in the options param.
Parameters
    credentials
    REQUIRED
    SignInAnonymouslyCredentials

response = supabase.auth.sign_in_anonymously(
    credentials={"options": {"captcha_token": ""}}
)

Sign in a user

  • Requires either an email and password or a phone number and password.

data = supabase.auth.sign_in_with_password({"email": "[email protected]", "password": "testsupabasenow"})

Sign in a user through OTP

  • Requires either an email or phone number.
  • This method is used for passwordless sign-ins where a OTP is sent to the user's email or phone number.
  • If the user doesn't exist, sign_in_with_otp() will signup the user instead. To restrict this behavior, you can set should_create_user in SignInWithPasswordlessCredentials.options to false.
  • If you're using an email, you can configure whether you want the user to receive a magiclink or a OTP.
  • If you're using phone, you can configure whether you want the user to receive a OTP.
  • The magic link's destination URL is determined by the SITE_URL.
  • See redirect URLs and wildcards to add additional redirect URLs to your project.
  • Magic links and OTPs share the same implementation. To send users a one-time code instead of a magic link, modify the magic link email template to include {{ .Token }} instead of {{ .ConfirmationURL }}.

data = supabase.auth.sign_in_with_otp({
  "email": '[email protected]',
  "options": {
    "email_redirect_to": 'https://example.com/welcome'
  }
})

Sign in a user through OAuth

  • This method is used for signing in using a third-party provider.
  • Supabase supports many different third-party providers.

data = supabase.auth.sign_in_with_oauth({
  "provider": 'github'
})

Sign out a user

  • In order to use the signOut() method, the user needs to be signed in first.

res = supabase.auth.sign_out()

Verify and log in through OTP

  • The verify_otp method takes in different verification types. If a phone number is used, the type can either be sms or phone_change. If an email address is used, the type can be one of the following: signup, magiclink, recovery, invite or email_change.
  • The verification type used should be determined based on the corresponding auth method called before verify_otp to sign up / sign-in a user.

res = supabase.auth.verify_otp(phone, token)

Retrieve a session


res = supabase.auth.get_session()

Retrieve a new session

  • This method will refresh the session whether the current one is expired or not.

res = supabase.auth.refresh_session()

Retrieve a user

  • This method gets the user object from the current session.
  • Fetches the user object from the database instead of local session.

data = supabase.auth.get_user()

Set the session data

  • setSession() takes in a refresh token and uses it to get a new session.
  • The refresh token can only be used once to obtain a new session.
  • Refresh token rotation is enabled by default on all projects to guard against replay attacks.
  • You can configure the REFRESH_TOKEN_REUSE_INTERVAL which provides a short window in which the same refresh token can be used multiple times in the event of concurrency or offline issues.

res = supabase.auth.set_session(access_token, refresh_token)

Auth MFA

This section contains methods commonly used for Multi-Factor Authentication (MFA) and are invoked behind the supabase.auth.mfa namespace.

Currently, we only support time-based one-time password (TOTP) as the 2nd factor. We don't support recovery codes but we allow users to enroll more than 1 TOTP factor, with an upper limit of 10.

Having a 2nd TOTP factor for recovery frees the user of the burden of having to store their recovery codes somewhere. It also reduces the attack surface since multiple recovery codes are usually generated compared to just having 1 backup TOTP factor.

Enroll a factor

  • Currently, totp is the only supported factor_type. The returned id should be used to create a challenge.
  • To create a challenge, see mfa.challenge().
  • To verify a challenge, see mfa.verify().
  • To create and verify a challenge in a single step, see mfa.challenge_and_verify().

res = supabase.auth.mfa.enroll({
  "factor_type": "totp",
  "friendly_name": "your_friendly_name"
})

Create a challenge


res = supabase.auth.mfa.challenge({
  "factor_id": '34e770dd-9ff9-416c-87fa-43b31d7ef225'
})

Verify a challenge


res = supabase.auth.mfa.verify({
  "factor_id": '34e770dd-9ff9-416c-87fa-43b31d7ef225',
  "challenge_id": '4034ae6f-a8ce-4fb5-8ee5-69a5863a7c15',
  "code": '123456'
})

Create and verify a challenge


res = supabase.auth.mfa.challenge_and_verify({
  "factor_id": '34e770dd-9ff9-416c-87fa-43b31d7ef225',
  "code": '123456'
})

Unenroll a factor


res = supabase.auth.mfa.unenroll({
  "factor_id": '34e770dd-9ff9-416c-87fa-43b31d7ef225',
})

Get Authenticator Assurance Level

  • Authenticator Assurance Level (AAL) is the measure of the strength of an authentication mechanism.
  • In Supabase, having an AAL of aal1 refers to having the 1st factor of authentication such as an email and password or OAuth sign-in while aal2 refers to the 2nd factor of authentication such as a time-based, one-time-password (TOTP).
  • If the user has a verified factor, the next_level field will return aal2, else, it will return aal1.

res = supabase.auth.mfa.get_authenticator_assurance_level()

Invokes a Supabase Edge Function.

Invoke a Supabase Function.

  • Requires an Authorization header.
  • When you pass in a body to your function, we automatically attach the Content-Type header for Blob, ArrayBuffer, File, FormData and String. If it doesn't match any of these types we assume the payload is json, serialise it and attach the Content-Type header as application/json. You can override this behaviour by passing in a Content-Type header of your own.

response = supabase.functions.invoke(
    "hello-world", invoke_options={"body": {"name": "Functions"}}
)

Create a bucket

  • RLS policy permissions required:
    • buckets table permissions: insert
    • objects table permissions: none
  • Refer to the Storage guide on how access control works

res = supabase.storage.create_bucket(name)

Retrieve a bucket

  • RLS policy permissions required:
    • buckets table permissions: select
    • objects table permissions: none
  • Refer to the Storage guide on how access control works

res = supabase.storage.get_bucket(name)

List all buckets

  • RLS policy permissions required:
    • buckets table permissions: select
    • objects table permissions: none
  • Refer to the Storage guide on how access control works

res = supabase.storage.list_buckets()

Delete a bucket

  • RLS policy permissions required:
    • buckets table permissions: select and delete
    • objects table permissions: none
  • Refer to the Storage guide on how access control works

res = supabase.storage.delete_bucket(name)

Empty a bucket

  • RLS policy permissions required:
    • buckets table permissions: select
    • objects table permissions: select and delete
  • Refer to the Storage guide on how access control works

res = supabase.storage.empty_bucket(name)

Upload a file

  • RLS policy permissions required:
    • buckets table permissions: none
    • objects table permissions: insert
  • Refer to the Storage guide on how access control works
  • Please specify the appropriate content MIME type if you are uploading images or audio. If no file_options are specified, the MIME type defaults to text/html.

with open(filepath, 'rb') as f:
    supabase.storage.from_("testbucket").upload(file=f,path=path_on_supastorage, file_options={"content-type": "audio/mpeg"})

Download a file

  • RLS policy permissions required:
    • buckets table permissions: none
    • objects table permissions: select
  • Refer to the Storage guide on how access control works

with open(destination, 'wb+') as f:
  res = supabase.storage.from_('bucket_name').download(source)
  f.write(res)

List all files in a bucket

  • RLS policy permissions required:
    • buckets table permissions: none
    • objects table permissions: select
  • Refer to the Storage guide on how access control works

res = supabase.storage.from_('bucket_name').list()

Replace an existing file

  • RLS policy permissions required:
    • buckets table permissions: none
    • objects table permissions: update and select
  • Refer to the Storage guide on how access control works

with open(filepath, 'rb') as f:
  supabase.storage.from_("bucket_name").update(file=f, path=path_on_supastorage, file_options={"cache-control": "3600", "upsert": "true"})

Move an existing file

  • RLS policy permissions required:
    • buckets table permissions: none
    • objects table permissions: update and select
  • Refer to the Storage guide on how access control works

res = supabase.storage.from_('bucket_name').move('public/avatar1.png', 'private/avatar2.png')

Delete files in a bucket

  • RLS policy permissions required:
    • buckets table permissions: none
    • objects table permissions: delete and select
  • Refer to the Storage guide on how access control works

res = supabase.storage.from_('bucket_name').remove('test.jpg')

Create a signed URL

  • RLS policy permissions required:
    • buckets table permissions: none
    • objects table permissions: select
  • Refer to the Storage guide on how access control works

res = supabase.storage.from_('bucket_name').create_signed_url(filepath, expiry_duration)

Retrieve public URL

  • The bucket needs to be set to public, either via updateBucket() or by going to Storage on supabase.com/dashboard, clicking the overflow menu on a bucket and choosing "Make public"
  • RLS policy permissions required:
    • buckets table permissions: none
    • objects table permissions: none
  • Refer to the Storage guide on how access control works

res = supabase.storage.from_('bucket_name').get_public_url('test/avatar1.jpg')