Recipe

Supabase Primer

Open-source Firebase alternative with Postgres, Auth, and realtime subscriptions — all from a single backend.

What is Supabase?

Supabase wraps a managed Postgres database with auto-generated REST and GraphQL APIs, row-level security, built-in auth (email/password, OAuth, magic links), realtime listeners via Postgres logical replication, and file storage. Every project ships with a full Postgres instance — you own your data, schemas, and migrations.

Core primitives

▸Database — Full Postgres with extensions (pgvector, PostGIS). Define tables, indexes, and functions via the dashboard or migrations.
▸Auth — JWT-based. Users table lives in your auth schema. Row-level security policies reference auth.uid().
▸Realtime — Subscribe to Postgres changes over WebSockets. Enable per-table with ALTER PUBLICATION.
▸Storage — S3-compatible object store with RLS policies. Buckets can be public or private.
▸Edge Functions — Deno runtime deployed globally. Use for webhooks, custom auth flows, or sensitive server-side logic.

Client SDK quickstart

import { createClient } from '@supabase/supabase-js'

const supabase = createClient(
  process.env.NEXT_PUBLIC_SUPABASE_URL!,
  process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
)

const { data } = await supabase
  .from('profiles')
  .select('*')
  .eq('id', user.id)
  .single()

Row-level security example

-- Users can only read their own profile
CREATE POLICY "Users read own profile"
  ON profiles FOR SELECT
  USING (auth.uid() = id);

-- Only insert rows where id matches the caller
CREATE POLICY "Users insert own profile"
  ON profiles FOR INSERT
  WITH CHECK (auth.uid() = id);

Meridian tip: Pair Supabase Auth with Next.js middleware for route protection. Store the session token in an httpOnly cookie and validate on every request — no client-side redirect races.

← Back to docs Next: Supabase Auth →