惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

W
WeLiveSecurity
博客园 - 【当耐特】
Microsoft Azure Blog
Microsoft Azure Blog
WordPress大学
WordPress大学
Stack Overflow Blog
Stack Overflow Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
IT之家
IT之家
Cloudbric
Cloudbric
The Register - Security
The Register - Security
小众软件
小众软件
PCI Perspectives
PCI Perspectives
G
Google Developers Blog
AI
AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Google DeepMind News
Google DeepMind News
Google DeepMind News
Google DeepMind News
宝玉的分享
宝玉的分享
Recent Commits to openclaw:main
Recent Commits to openclaw:main
量子位
TaoSecurity Blog
TaoSecurity Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
F
Full Disclosure
N
Netflix TechBlog - Medium
博客园_首页
Last Week in AI
Last Week in AI
A
Arctic Wolf
B
Blog RSS Feed
J
Java Code Geeks
C
Cybersecurity and Infrastructure Security Agency CISA
I
InfoQ
aimingoo的专栏
aimingoo的专栏
云风的 BLOG
云风的 BLOG
NISL@THU
NISL@THU
MyScale Blog
MyScale Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Jina AI
Jina AI
有赞技术团队
有赞技术团队
S
Schneier on Security
L
Lohrmann on Cybersecurity
P
Privacy & Cybersecurity Law Blog
T
Threat Research - Cisco Blogs
P
Palo Alto Networks Blog
S
Security @ Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
Security Latest
Security Latest
Vercel News
Vercel News
博客园 - 司徒正美
Webroot Blog
Webroot Blog
Hacker News: Ask HN
Hacker News: Ask HN
A
About on SuperTechFans

Supabase Blog

AI Agents Know About Supabase. They Don't Always Use It Right. Custom OIDC Providers for Supabase Auth 100,000 GitHub stars Supabase docs over SSH Navigating Regional Network Blocks Supabase Joins the Stripe Projects Developer Preview Log Drains: Now available on Pro Supabase Storage: major performance, security, and reliability updates Supabase incident on February 12, 2026 Hydra joins Supabase X / Twitter OAuth 2.0 is now available for Supabase Auth BKND joins Supabase Supabase is now an official Claude connector Supabase PrivateLink is now available Introducing: Postgres Best Practices When to use Read Replicas vs. bigger compute Introducing TRAE SOLO integration with Supabase Supabase Security Retro: 2025 Sync Stripe Data to Your Supabase Database in One Click Building ChatGPT Apps with Supabase Edge Functions and mcp-use Own Your Observability: Supabase Metrics API Introducing iceberg-js: A JavaScript Client for Apache Iceberg Introducing Supabase for Platforms Adding Async Streaming to Postgres Foreign Data Wrappers Build "Sign in with Your App" using Supabase Auth Introducing Seven New Email Templates for Supabase Auth The new Supabase power for Kiro Introducing Supabase ETL Introducing Analytics Buckets Introducing Vector Buckets Snap, Inc. Launches Snap Cloud, Powered by Supabase Triplit joins Supabase Supabase Series E 1000 Y Combinator Founders Choose Supabase gm 👋 web3, welcome aboard to Sign in with Web3 (Solana, Ethereum) Announcing the Supabase Remote MCP Server Enterprise speed, enterprise standards with Bolt Cloud + Supabase PostgREST 13 Lovable Cloud + Supabase: The Default Platform for AI Builders Processing large jobs with Edge Functions, Cron, and Queues Defense in Depth for MCP Servers OrioleDB Patent: now freely available to the Postgres community Supabase Launch Week 15 Hackathon Winner Announcement The Vibe Coder's Guide to Supabase Environments Testing for Vibe Coders: From Zero to Production Confidence The Vibe Coding Master Checklist Vibe Coding: Best Practices for Prompting Supabase Auth: Build vs. Buy Top 10 Launches of Launch Week 15 Supabase Launch Week 15 Hackathon Storage: 10x Larger Uploads, 3x Cheaper Cached Egress, and 2x Egress Quota Persistent Storage and 97% Faster Cold Starts for Edge Functions Algolia Connector for Supabase New Observability Features in Supabase Improved Security Controls and A New Home for Security Introducing Branching 2.0 Stripe-To-Postgres Sync Engine as standalone Library Supabase Analytics Buckets with Iceberg Support Create a Supabase backend using Figma Make Introducing JWT Signing Keys Supabase UI: Platform Kit Build a Personalized AI Assistant with Postgres Announcing Multigres: Vitess for Postgres Building on open table formats Open Data Standards: Postgres, OTel, and Iceberg Simplifying back-end complexity with Supabase Data APIs PostgreSQL Event Triggers without superuser access Top 10 Launches of Launch Week 14 Supabase MCP Server Data API Routes to Nearest Read Replica Declarative Schemas for Simpler Database Management Realtime: Broadcast from Database Keeping Tabs on What's New in Supabase Studio Edge Functions: Deploy from the Dashboard + Deno 2.1 Automatic Embeddings in Postgres Introducing the Supabase UI Library Supabase Auth: Bring Your Own Clerk Postgres Language Server: Initial Release Migrating from Fauna to Supabase Migrating from the MongoDB Data API to Supabase Dedicated Poolers Postgres as a Graph Database: (Ab)using pgRouting AI Hackathon at Y Combinator Calendars in Postgres using Foreign Data Wrappers Supabase Launch Week 13 Hackathon Winners How to Hack the Base! Running Durable Workflows in Postgres using DBOS database.build v2: Bring-your-own-LLM Restore to a New Project Hack the Base! with Supabase Top 10 Launches of Launch Week 13 Supabase Queues High Performance Disk Supabase Cron Supabase CLI v2: Config as Code Supabase Edge Functions: Introducing Background Tasks, Ephemeral Storage, and WebSockets Supabase AI Assistant v2 OrioleDB Public Alpha Executing Dynamic JavaScript Code on Supabase with Edge Functions ClickHouse Partnership, improved Postgres Replication, and Disk Management
GraphQL is now available in Supabase
Oliver Rice, David Thyresson · 2022-03-29 · via Supabase Blog

GraphQL is now available in Supabase

GraphQL support is now in general availability on the Supabase platform via our open source PostgreSQL extension, pg_graphql.

pg_graphql enables you to query existing PostgreSQL databases using GraphQL, either from within SQL or over HTTP:

From SQL:


_15

select graphql.resolve($$

_15

{

_15

accountCollection(first: 1) {

_15

edges {

_15

node {

_15

id

_15

firstName

_15

address {

_15

countryCode

_15

}

_15

}

_15

}

_15

}

_15

}

_15

$$);


or over HTTP:


_10

curl -X POST https://<PROJECT_REF>.supabase.co/graphql/v1 \

_10

-H 'apiKey: <API_KEY>'\

_10

-H 'Content-Type: application/json' \

_10

--data-raw '

_10

{

_10

"query":"{ accountCollection(first: 3) { edges { node { id } } } }"

_10

}'


GraphQL types and fields are reflected from the SQL schema:

  • Tables become types
  • Columns become fields
  • Foreign keys become relations

For example:


_10

create table "Account" (

_10

"id" serial primary key,

_10

"email" varchar(255) not null,

_10

"createdAt" timestamp not null,

_10

"updatedAt" timestamp not null

_10

);


Translates to the GraphQL base type


_10

type Account {

_10

id: Int!

_10

email: String!

_10

createdAt: DateTime!

_10

updatedAt: DateTime!

_10

}


And exposes bulk CRUD operations on the Query and Mutation types, complete with relay style keyset pagination, filters, and ordering and (optional) name inflection.


_26

type Query {

_26

accountCollection(

_26

first: Int

_26

last: Int

_26

before: Cursor

_26

after: Cursor

_26

filter: AccountFilter

_26

orderBy: [AccountOrderBy!]

_26

): AccountConnection

_26

}

_26

_26

type Mutation {

_26

insertIntoAccountCollection(

_26

objects: [AccountInsertInput!]!

_26

): AccountInsertResponse

_26

_26

updateAccountCollection(

_26

set: AccountUpdateInput!

_26

filter: AccountFilter

_26

atMost: Int! = 1

_26

): AccountUpdateResponse!

_26

_26

deleteFromAccountCollection(

_26

filter: AccountFilter

_26

atMost: Int! = 1

_26

): AccountDeleteResponse!


For a complete example with relationships, check out the API docs.

An advantage to embedding GraphQL directly in the database is that we can lean on PostgreSQL's built-in primitives for authentication and authorization.

Authentication#

The GraphQL types exposed by pg_graphql are filtered according to the SQL role's INSERT/UPDATE/DELETE permissions. At Supabase, each API request is resolved in the database using the role in the request's JWT.

Anonymous users receive the anon role, and logged in users get the authenticated role. In either case, pg_graphql resolves requests according to the SQL permissions. The introspection schema is similarly filtered to limit exposed types and fields to those that the user has permission to access. That means we can serve multiple GraphQL schemas for users of differing privilege levels from a single endpoint!

Another nice side effect of making PostgreSQL do the heavy lifting is that GraphQL queries respect your existing row level security policies right out-of-the-box. No additional configuration required.

To squeeze the most out of limited hardware we had to make a few significant optimizations:

GraphQL queries are always transpiled into exactly one SQL query

The SQL queries select and aggregate requested data into the shape of the GraphQL JSON response. In addition to solving the N+1 query problem, a common issue with GraphQL resolvers, GraphQL queries requiring multiple joins typically produce significantly less IO due to reduced data duplication.

For example, when selecting all comments for a blog post:


_10

select

_10

blog_posts.title,

_10

comments.body as comment_body

_10

from

_10

blog_posts

_10

join comments on blog_posts.id = comments.blog_post_id;


a SQL response would duplicate all data from the blog_posts table (title).


_10

| title | comment_body |

_10

| ---------- | ------------------------------ |

_10

| F1sRt P0$T | this guy gets it! |

_10

| F1sRt P0$T | you should re-write it in rust |

_10

| F1sRt P0$T | 10% off daily vitamin http:... |


Compared to the equivalent GraphQL response.


_22

{

_22

"blogPostCollection": {

_22

"edges": {

_22

"node":

_22

"title": "F1sRt P0$T"

_22

"commentCollection": {

_22

"edges": [

_22

"node": {

_22

"body": "this guy gets it!"

_22

},

_22

"node": {

_22

"body": "you should re-write it in rust"

_22

},

_22

"node": {

_22

"body": "10% off daily vitamin http:..."

_22

}

_22

]

_22

}

_22

}

_22

}

_22

}

_22

}


Which has no duplication of data.

The difference in payload size is negligible in this case, but as the number of 1-to-many joins grows, data duplication in the SQL response grows geometrically.

Queries are cached as prepared statements

After a GraphQL query is transpiled to SQL, it is added to the prepared statement cache so subsequent requests with the same structure (think pagination) can skip the transpilation step.

Using prepared statements also allows PostgreSQL to skip the overhead of computing a query plan. For small, on-index, queries, the query planning step can take several times as long as the query's execution time, so the saving is significant at scale.

All operations are bulk

Finally, all reflected query and mutation fields support bulk operations to nudge users towards consuming the API efficiently. Batching similar operations reduces network round-trips and time spent in the database.

Result

As a result of these optimizations, the throughput of a “hello world” equivalent query on Supabase Free Plan hardware is:

  • 377.4 requests/second through the API (mean)
  • 656.2 queries/second through SQL (single connection, mean)

To enable GraphQL in your Supabase instance, enable pg_graphql from the dashboard.

Or create the extension in your database


_10

create extension pg_graphql;


And we're done!

The GraphQL endpoint is available at: https://<project_ref>.supabase.co/graphql/v1

Example app: Build a HN clone with Postgres and GraphQL#

We're excited to have worked with The Guild to show you how to use pg_graphql and their tools to build a HackerNews clone.

The demo application showcases:

  • CRUD (Query + Mutation Operations). Data is fetched from the GraphQL layer auto-generated via pg_graphql.
  • Cursor Based Pagination. pg_graphql generates standardized pagination types and fields as defined by the GraphQL Cursor Connections Specification.
  • Authorization / RLS. GraphQL requests made include Supabase authorization headers so that Row Level Security on the Postgres layer ensures that viewers can only access what they are allowed to — and authenticated users can only update what they should.
  • Code generation. Introspect your GraphQL schema and operations to generates the types for full backend to frontend type-safety.
  • Postgres Triggers and Functions. Recalculate the feed scoring each time someone votes.
  • Supabase UI. Use Auth widget straight out the box to handle logins and access tokens.

Now instead of using the Supabase PostgREST API to query your database ...


_10

// using Supabase PostgREST

_10

_10

const { data, error } = await supabase

_10

.from('profile')

_10

.select('id, username, bio, avatarUrl, website')


... all data fetching and updates are done using the same GraphQL operations you know and love! 🤯


_15

// using GraphQL

_15

_15

query ProfilesQuery {

_15

profileCollection {

_15

edges {

_15

node {

_15

id

_15

username

_15

bio

_15

avatarUrl

_15

website

_15

}

_15

}

_15

}

_15

}


🎁  Get the code on GitHub here: github.com/supabase-community/supabase-graphql-example

This is just the start of what we hope to be a close collaboration with the Guild, whose expertise of the GraphQL ecosystem will guide the development of Supabase's GraphQL features. The Guild and Supabase share a similar approach to open source - we both favor collaboration and composability, making collaboration easy and productive.

Be sure to visit The Guild and follow them to stay informed of the latest developments in GraphQL.

Our first general availability release of pg_graphql supports:

  • Full CRUD on table columns with scalar types
  • Read only support for array types
  • Extending types with computed fields
  • Configuration with SQL comments

In the near term, we plan to fully support array and json/b types. Longer term, we intend to support views and custom mutations from user defined functions.

Didn't see the feature you're interested in? Let us know