惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

TaoSecurity Blog
TaoSecurity Blog
L
LINUX DO - 最新话题
Help Net Security
Help Net Security
N
News | PayPal Newsroom
www.infosecurity-magazine.com
www.infosecurity-magazine.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Last Watchdog
The Last Watchdog
S
Security @ Cisco Blogs
W
WeLiveSecurity
C
CXSECURITY Database RSS Feed - CXSecurity.com
Webroot Blog
Webroot Blog
T
Troy Hunt's Blog
V
Vulnerabilities – Threatpost
Google Online Security Blog
Google Online Security Blog
N
News and Events Feed by Topic
T
Threat Research - Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tor Project blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
D
Darknet – Hacking Tools, Hacker News & Cyber Security
PCI Perspectives
PCI Perspectives
Google DeepMind News
Google DeepMind News
T
Tailwind CSS Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Apple Machine Learning Research
Apple Machine Learning Research
IT之家
IT之家
S
SegmentFault 最新的问题
J
Java Code Geeks
P
Privacy & Cybersecurity Law Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 【当耐特】
博客园_首页
H
Hacker News: Front Page
T
Threatpost
Jina AI
Jina AI
博客园 - Franky
月光博客
月光博客
L
LINUX DO - 热门话题
The Cloudflare Blog
H
Heimdal Security Blog
博客园 - 司徒正美
酷 壳 – CoolShell
酷 壳 – CoolShell
Cloudbric
Cloudbric
雷峰网
雷峰网
Hugging Face - Blog
Hugging Face - Blog
S
Secure Thoughts
T
Tenable Blog
I
Intezer
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻

Supabase Blog

AI Agents Know About Supabase. They Don't Always Use It Right. Custom OIDC Providers for Supabase Auth 100,000 GitHub stars Supabase docs over SSH Navigating Regional Network Blocks Supabase Joins the Stripe Projects Developer Preview Log Drains: Now available on Pro Supabase Storage: major performance, security, and reliability updates Supabase incident on February 12, 2026 Hydra joins Supabase X / Twitter OAuth 2.0 is now available for Supabase Auth BKND joins Supabase Supabase is now an official Claude connector Supabase PrivateLink is now available Introducing: Postgres Best Practices When to use Read Replicas vs. bigger compute Introducing TRAE SOLO integration with Supabase Supabase Security Retro: 2025 Sync Stripe Data to Your Supabase Database in One Click Building ChatGPT Apps with Supabase Edge Functions and mcp-use Own Your Observability: Supabase Metrics API Introducing iceberg-js: A JavaScript Client for Apache Iceberg Introducing Supabase for Platforms Adding Async Streaming to Postgres Foreign Data Wrappers Build "Sign in with Your App" using Supabase Auth Introducing Seven New Email Templates for Supabase Auth The new Supabase power for Kiro Introducing Supabase ETL Introducing Analytics Buckets Introducing Vector Buckets Snap, Inc. Launches Snap Cloud, Powered by Supabase Triplit joins Supabase Supabase Series E 1000 Y Combinator Founders Choose Supabase gm 👋 web3, welcome aboard to Sign in with Web3 (Solana, Ethereum) Announcing the Supabase Remote MCP Server Enterprise speed, enterprise standards with Bolt Cloud + Supabase PostgREST 13 Lovable Cloud + Supabase: The Default Platform for AI Builders Processing large jobs with Edge Functions, Cron, and Queues Defense in Depth for MCP Servers OrioleDB Patent: now freely available to the Postgres community Supabase Launch Week 15 Hackathon Winner Announcement The Vibe Coder's Guide to Supabase Environments Testing for Vibe Coders: From Zero to Production Confidence The Vibe Coding Master Checklist Vibe Coding: Best Practices for Prompting Supabase Auth: Build vs. Buy Top 10 Launches of Launch Week 15 Supabase Launch Week 15 Hackathon Storage: 10x Larger Uploads, 3x Cheaper Cached Egress, and 2x Egress Quota Persistent Storage and 97% Faster Cold Starts for Edge Functions Algolia Connector for Supabase New Observability Features in Supabase Improved Security Controls and A New Home for Security Introducing Branching 2.0 Stripe-To-Postgres Sync Engine as standalone Library Supabase Analytics Buckets with Iceberg Support Create a Supabase backend using Figma Make Introducing JWT Signing Keys Supabase UI: Platform Kit Build a Personalized AI Assistant with Postgres Announcing Multigres: Vitess for Postgres Building on open table formats Open Data Standards: Postgres, OTel, and Iceberg PostgreSQL Event Triggers without superuser access Top 10 Launches of Launch Week 14 Supabase MCP Server Data API Routes to Nearest Read Replica Declarative Schemas for Simpler Database Management Realtime: Broadcast from Database Keeping Tabs on What's New in Supabase Studio Edge Functions: Deploy from the Dashboard + Deno 2.1 Automatic Embeddings in Postgres Introducing the Supabase UI Library Supabase Auth: Bring Your Own Clerk Postgres Language Server: Initial Release Migrating from Fauna to Supabase Migrating from the MongoDB Data API to Supabase Dedicated Poolers Postgres as a Graph Database: (Ab)using pgRouting AI Hackathon at Y Combinator Calendars in Postgres using Foreign Data Wrappers Supabase Launch Week 13 Hackathon Winners How to Hack the Base! Running Durable Workflows in Postgres using DBOS database.build v2: Bring-your-own-LLM Restore to a New Project Hack the Base! with Supabase Top 10 Launches of Launch Week 13 Supabase Queues High Performance Disk Supabase Cron Supabase CLI v2: Config as Code Supabase Edge Functions: Introducing Background Tasks, Ephemeral Storage, and WebSockets Supabase AI Assistant v2 OrioleDB Public Alpha Executing Dynamic JavaScript Code on Supabase with Edge Functions ClickHouse Partnership, improved Postgres Replication, and Disk Management Live Share: Connect to in-browser PGlite with any Postgres client
Simplifying back-end complexity with Supabase Data APIs
Prashant Sridharan, Steve Chavez, Laurence Isla · 2025-05-17 · via Supabase Blog

Simplifying back-end complexity with Supabase Data APIs

Behind every modern app is a sprawling backend: dozens of microservices, redundant APIs, managed databases, and gateways stitched together by developers. While this gives engineering teams control, it comes at a steep cost: time, maintenance overhead, and complexity that scales faster than your product.

For many teams, that complexity starts at the data layer. You model your database, write a set of REST endpoints, deploy them to servers, monitor them, patch them, and update them every time your schema changes. Repeat across environments, then across teams.

Supabase offers a different path. By exposing a secure, auto-generated REST and GraphQL API for every table, view, and stored procedure in the public schema in your Postgres database, Supabase compresses weeks of infrastructure work into minutes without sacrificing flexibility or control. This post explores how to use Supabase’s API layer.

Supabase exposes your Postgres database through a powerful RESTful interface, auto-generated by PostgREST. The moment you create a table or view, Supabase makes it accessible via a fully functional, queryable API with no boilerplate required. These endpoints are structured, predictable, and adhere to industry standards.

Let’s say you define a customers table. Instantly, you get:

  • GET /customers to fetch rows
  • POST /customers to insert
  • PATCH /customers?id=eq.123 to update
  • DELETE /customers?id=eq.123 to remove

And it doesn’t stop at basic CRUD. Supabase’s API layer supports a rich set of features out of the box:

  • Filters and operators for advanced querying
  • Pagination and ordering
  • Embedded relationships with foreign key joins
  • Exposing Postgres functions as RPC endpoints
  • GraphQL support
  • A dynamic connection pool that shrinks and grows based on traffic and whose max pool size grows as the instance size does
  • Built-in observability with Prometheus metrics

Supabase automatically generates client libraries based on your schema. For example, here’s a JavaScript example using the official @supabase/supabase-js client with auto-generated TypeScript types, querying an e-commerce-style schema with customers, orders, and products:


_15

const { data, error } = await supabase

_15

.from('orders')

_15

.select(

_15

`

_15

id,

_15

created_at,

_15

total,

_15

products (

_15

id,

_15

name,

_15

price

_15

)

_15

`

_15

)

_15

.eq('customer_id', customerId)


Supabase provides two powerful options for building custom API endpoints when you need to go beyond standard CRUD operations: Database Functions and Edge Functions.

Postgres functions#

Database Functions (also called stored procedures) allow you to encapsulate complex SQL logic inside the database itself. They are ideal for multi-step transactions, business rules, or performance-sensitive operations that work across multiple tables.

These functions can be exposed via the Supabase API using the .rpc() call or accessed directly through the REST endpoint at /rpc/<function-name>. Named parameters are passed as a simple JSON payload, making integration clean and declarative.

Here’s an example of a Database Function:


_10

CREATE FUNCTION calculate_customer_discount(customer_id uuid) RETURNS numeric AS $$

_10

DECLARE

_10

discount numeric;

_10

BEGIN

_10

SELECT SUM(amount) * 0.1 INTO discount FROM orders WHERE customer_id = calculate_customer_discount.customer_id;

_10

RETURN discount;

_10

END;

_10

$$ LANGUAGE plpgsql;


And you can call it from the client like this:


_10

POST /rpc/calculate_customer_discount

_10

{

_10

”customer_id”: “uuid-of-customer”

_10

}


Here’s the TypeScript example of calling a Database Function using auto-generated types:


_10

const { data, error } = await supabase.rpc('calculate_customer_discount', {

_10

customer_id: 'uuid-of-customer',

_10

})


Supabase Edge Functions#

Sometimes you need full flexibility outside the database, For example, you might want to integrate with external APIs or write business logic in TypeScript. For this, you’d want to use Supabase Edge Functions. These are custom serverless functions written in TypeScript and deployed globally at the edge, allowing you to define your own logic and expose it via HTTP.

Each function becomes its own endpoint:


_10

https://<project-ref>.functions.supabase.co/<function-name>


For example, suppose you want to send a personalized discount email to a customer. You might create an Edge Function called send-discount that could:

  • Look up the customer by ID
  • Apply business logic to determine eligibility
  • Trigger an email via a third-party service
  • Log the interaction

You would then call the Edge Function from your code like this:


_14

const customerId = 'uuid-of-customer' // Replace with actual customer ID

_14

const projectRef = 'your-project-ref' // e.g. abcdefg.supabase.co

_14

const functionName = 'send-discount'

_14

_14

const response = await fetch(`https://${projectRef}.functions.supabase.co/${functionName}`, {

_14

method: 'POST',

_14

headers: {

_14

'Content-Type': 'application/json',

_14

Authorization: `Bearer your-access-token`, // From Supabase Auth

_14

},

_14

body: JSON.stringify({

_14

customer_id: customerId,

_14

}),

_14

})


Edge Functions give you full flexibility to write this logic with access to Supabase Auth, your database, and any external APIs.

Use cases include:

  • Creating custom checkout flows
  • Handling webhooks (e.g. Stripe, OAuth)
  • Validating orders before submission
  • Integrating with AI tools or internal APIs

Edge Functions complement the auto-generated APIs, offering a path for deeper customization while avoiding the need to host your own backend services.

Supabase’s API layer eliminates the need to manually build and maintain middleware to serve data. Instead of managing a fleet of EC2 instances or containers just to provide an interface between your database and your client, Supabase is that interface.

This enables a radically simplified architecture:

  • No more internal microservices per table or domain object
  • No need to build an API gateway from scratch
  • No separate deployment pipelines for frontend and backend developers

Everything is powered by your schema. Add a table, get an API. Change a column, the API reflects it. Need to restrict access? Just define a row-level security (RLS) policy.

For teams moving from hand-built APIs, this can reduce both technical debt and cloud spend. Customers routinely report that Supabase’s managed API layer simplifies onboarding for new developers and cuts build times. Quilia reduced development time by 75% with the Supabase Data API.

In practice, Supabase becomes a unified data plane: the single, secure interface for your application logic, internal services, and even external integrations.

Auto-generated does not mean exposed. When you use Postgres’s Row Level Security (RLS), Supabase’s APIs are secure by default. This means you write policies at the data layer, enforced by the database itself, not in brittle middleware code.

Want to restrict access to rows where user_id = auth.uid()? One RLS policy handles it. Want public access to a products table but private access to orders? Define policies per table.

Authentication integrates seamlessly via Supabase Auth, which issues JWTs that are passed in every request. These tokens power identity-aware APIs and are validated by PostgREST natively.

Supabase also supports:

  • API keys for service-to-service access
  • Role-based permissions across environments
  • Custom claims and token introspection

From a compliance perspective, Supabase offers regional project hosting (for example, in London or Frankfurt), dedicated infrastructure per project, and a shared responsibility model that supports GDPR-compliant deployments. Your data remains in your selected region, and Supabase provides Data Processing Agreements, Transfer Impact Assessments, and more.

Cost, speed, and maintenance tradeoffs#

Custom API stacks are not just expensive in cloud bills. They are expensive in people hours. Every new endpoint adds scope. Every schema change becomes a deployment task. Every new hire needs to be onboarded into your bespoke architecture.

Supabase flips this equation. You no longer spend time writing endpoints that the platform can generate. You spend it building product.

In terms of cost:

  • You reduce infrastructure: fewer compute nodes, no gateways, minimal DevOps
  • You reduce time: instant APIs, schema-aligned contracts, no Swagger maintenance
  • You reduce risk: fewer moving parts, fewer points of failure, consistent access control

For teams evaluating an architecture consisting of RDS and custom middleware versus Supabase, the total cost of ownership is usually lower with Supabase, though may in some cases converge. But the operational efficiency is not comparable. With Supabase, your backend just works without the constant maintenance burden.

Supabase’s API layer is not just a productivity boost. It is a backend reframe. By removing the need for hand-rolled REST and GraphQL endpoints, Supabase gives developers a secure, scalable, and schema-driven interface to their data.

It reduces infrastructure sprawl. It standardizes how you interact with your backend. And it lets your developers focus on the product, not the plumbing.

Whether you are replacing a fleet of microservices or spinning up a new prototype, Supabase’s auto-generated APIs let you move faster, with fewer errors, and more control.

Ready to try it yourself?