SupabaseApril 25, 2025
I hear this all the time.
Supabase gives you a Postgres Database and a REST API called the Data API using PostgREST (a web server that turns your DB into a REST API automatically)
By default, if you have a table in the `public` schema that table becomes an endpoint in your Data API.
This saves you the trouble of writing an API in front of your DB.
Tip: You can have all your tables in a private schema and only expose views for your "endpoints".
Or you can disable the Data API and just write the API manually in your backend.
SupabaseJS gives you an easy, typed way to access the Data API.
I've seen people doing weird stuff where they fetch data from their backend, have auth logic in their backend, and use the SupabaseJS client in the backend manually passing the auth from the user so the backend acts as an authenticated SupabaseJS client. That's not necessary.
First, if you are using SupabaseJS or the Data API you should have RLS ON
If you're accessing from the browser, you need to write the RLS policies.
If you're accessing from your backend and have authorization logic, you can bypass RLS with the Service Role Key.
If you're only accessing from the backend and writing the auth layer in your backend you can bypass it.
If you do this, the auth only lives IN YOUR BACKEND. That means any other application accessing your Supabase DB will need auth logic.
I like RLS because I end up with a schema in my database where I have full control of auth no matter where it gets accessed from (mobile app, server, browser...)
It's just a postgres database with a major postgres version. We do not fork postgres. You can self host it because it is literally just a postgres database with services built around it for convenience.
That depends. For me it would be hard because I am a frontend developer without much experience self hosting stuff.
When you self host Supabase you're not self hosting just a database. There's more stuff you have to take care of to get everything working.
Everything comes packaged in one Docker container and a CLI to manage it easily. Most people who self host it get it working without much issue.
Supabase has a Stripe Foreign Data Wrapper.
That’s Postgres feature. Supabase just makes it extremely easy to use.
You go into the UI. Activate it in integrations. Add your keys. That’s it.
Your subscriptions, customers, etc are synced to your DB now.