Published Jan 17, 2024 ⦁ 16 min read
Supabase REST API Quickstart

Supabase REST API Quickstart

Developers looking to build applications with Supabase will likely agree that leveraging its REST API can accelerate development.

This post provides a comprehensive REST API quickstart guide to simplify interacting with Supabase using CRUD operations, authentication, rate limits, and more.

You'll walk through practical examples of creating, reading, updating, and deleting data with Supabase's REST API using Postman, gaining foundational knowledge to start building your own applications.

Introduction to Supabase REST API

Supabase is an open-source backend-as-a-service platform that provides developers with a comprehensive set of features to build their applications. This includes authentication, databases, storage, and more through simple REST APIs.

Using Supabase's REST APIs offers many advantages:

  • Ease of use: The APIs are designed for simplicity and ease of integration. There is excellent documentation available as well.
  • Scalability: Supabase handles scaling of bandwidth and databases automatically. You don't need to worry about capacity planning.
  • Security: Supabase secures all sensitive data and provides granular access controls.

In this quickstart tutorial, we will learn how to:

  • Set up a Supabase project
  • Perform basic CRUD operations through the Supabase REST APIs
  • Understand and leverage the Supabase API documentation

By the end, you will have hands-on experience working with Supabase's robust and developer-friendly REST API capabilities.

Exploring the Supabase API

Supabase refers to its complete platform of products and features as the Supabase Stack. This includes databases, authentication, storage, functions, and more.

The Supabase Stack is exposed through a comprehensive REST API that allows you to harness these capabilities directly from your application code.

Some of the key things you can do with the Supabase REST APIs include:

  • Perform CRUD operations on your Postgres databases
  • Manage user authentication with OAuth providers
  • Upload and retrieve files from Supabase Storage
  • Execute serverless functions
  • Fetch data with RPCs

There is excellent API reference documentation available covering all aspects of the Supabase REST API.

Advantages of Supabase REST API

As mentioned earlier, using the Supabase REST APIs provides some major advantages:

  • Simplicity: The APIs are designed for developers. The interface allows you to get started quickly.
  • Scalability: Supabase handles all hosting, scaling, and optimizations automatically.
  • Security: Supabase secures sensitive data and provides row-level access controls.

This enables developers to focus on building their applications rather than worrying about backend complexities.

Learning Objectives of the Supabase REST API Quickstart

In this quickstart guide, we will walk through:

  • Creating a Supabase project
  • Inserting, updating, retrieving, and deleting rows in a Postgres table through the REST API
  • Leveraging the Supabase API reference docs

By the end, you will understand how to integrate the core Supabase REST API capabilities into an application. This will equip you with the fundamentals to start building full-stack apps powered by Supabase's robust backend features.

Does Supabase have a REST API?

Supabase provides a robust REST API using PostgREST for convenient CRUD (Create, Read, Update, Delete) operations. This API layer sits on top of Postgres to expose database functionality through simple RESTful endpoints.

The Supabase REST API offers several key benefits:

  • Simplicity: The API is intuitive and easy to use. Just make standard HTTPS requests to perform CRUD operations.
  • Flexibility: All common HTTP methods are supported including GET, POST, PUT, PATCH, DELETE.
  • Security: Authentication and fine-grained authorization controls are built-in.
  • Scalability: The API scales seamlessly as your app and data grows.

You can access the Supabase REST API at this base URL, replacing <project_ref> with your actual project ref:


This exposes the Postgres schemas and tables in your project. For example, to retrieve all rows from a "users" table, you'd make a GET request to:


So in summary, the Supabase REST API provides a simple yet robust way to integrate CRUD database operations into your application. With just basic HTTP requests, you can query, insert, update, and delete data as needed.

How to use Supabase API in Postman?

Supabase provides a REST API that allows you to perform CRUD operations on your database tables. This can be useful for testing purposes or integrating Supabase into an external application.

Here are the steps to get started with the Supabase REST API using Postman:

1. Generate an API key

First, you'll need to generate an API key in your Supabase project dashboard. This will authenticate your API requests.

To generate a key:

  • Go to the Settings tab
  • Click API in the side menu
  • Create a new API key

Make sure to save this key in a secure place - it effectively functions as a password.

2. Import the Supabase API collection

To make API requests easy, you can import the Supabase Postman collection. This contains pre-made requests for each endpoint.

To import:

3. Configure the authorization

With the collection imported, you need to add your API key to the authorization header.

To configure:

  • Select any request
  • Click the "Authorization" tab
  • Choose type "API Key"
  • Paste in your Supabase API key into the appropriate field

Now your API requests will be authenticated when sending them.

4. Make API requests

With the previous steps complete, you can now make requests to the Supabase API. For example to insert data:

  • Select the insert endpoint
  • Configure the JSON body with your table name, column names and row data
  • Click Send to execute the request

The response body will contain the newly inserted record, including auto-generated ids.

And that's it! By following these steps you can now access your Supabase data using the REST API and Postman. Let me know if you have any other questions!

Does SAP have a REST API?

SAP Document Center provides a proprietary REST API that allows apps to make server calls that cannot be mapped to CMIS services.

This REST API gives developers more flexibility when building apps that integrate with SAP Document Center. Some key things to know about the SAP Document Center REST API:

  • It uses JSON for request and response payloads
  • Supports CRUD operations for documents and folders
  • Authentication via API Key
  • Document renditions can be downloaded
  • Search documents by metadata and full text
  • Get notifications for document events

The REST API opens up capabilities beyond the standard CMIS specification. Developers can leverage the API to enable custom workflows, metadata editing, version control, and more tailored integration scenarios.

Overall the proprietary REST API complements the CMIS services and expands what is possible when building apps on top of SAP Document Center. It provides a direct interface into lower-level server functions.

What is difference between REST API and RESTful API?

REST (Representational State Transfer) API is an architectural style for designing web services. RESTful API is an API that follows the design principles of REST architecture.

Here are some key differences between REST API and RESTful API:

  • REST API uses web services and is based on request and response over HTTP protocol. RESTful API works completely based on REST principles and architecture constraints like having a uniform interface, stateless communication, cacheability etc.
  • REST apps have strong protocols and pre-configured architecture layers as security measures. RESTful apps have multi-layered transport protocols and focus more on component roles.
  • REST APIs use multiple types of calls like GET, POST, PUT, PATCH, DELETE. RESTful APIs use these uniformly and treat everything as a resource.
  • REST API focuses only on component data exchange. RESTful API focuses on component roles and data exchange.

In summary, REST is an architectural style while RESTful refers to an API that closely follows REST design principles. While REST APIs can be considered RESTful, not all RESTful APIs are truly REST compliant.


Getting Started with Supabase Project Setup

Creating Your Supabase Project

To get started with the Supabase REST API, you'll first need to create a Supabase project. This can easily be done by signing up on the Supabase website.

Once signed in, click on "New Project" to initialize a blank project. Give your project a name and select the server location nearest to your users. Then click "Create New Project".

That's it! Your Supabase project is now ready to be used with the REST API.

Acquiring Your Supabase API URL

To interact with the Supabase REST API, you'll need the API URL from your Supabase project settings.

Navigate to the "Settings" tab and scroll down to the API section. Here you'll find your unique API URL - it will have a format like

Copy this API URL and save it somewhere convenient - you'll need it to make requests to the REST API.

Securing Your Supabase API Key

In order to authenticate with the Supabase REST API, you'll also need an API key.

Go to the "API" section of your project settings and click "New API key". Give this key a name like "My App" and set the permissions it needs.

Once created, you'll see the new API key value. Copy and save this securely - it authenticates your API requests.

Don't share your API key! Be sure to keep it private.

With your Supabase API URL and key, you're now ready to start interacting with the REST API programmatically.

Authenticating with Supabase REST API Auth

Supabase provides a simple REST API that allows developers to build applications with user authentication and data storage/retrieval capabilities. To access the Supabase API, applications need to authenticate using API keys.

Understanding Supabase REST API Auth

The Supabase REST API uses API keys to authenticate requests. There are two types of keys:

  • Service role keys - Used by an application to access data or make changes on behalf of users. This key has permissions set via database roles.
  • User keys - Tied to individual user accounts, can only access data that the user has access to. Used for user-specific actions.

By using the appropriate keys and roles, developers can build secure applications leveraging Supabase's authentication and database functionality.

Setting Up Authentication

To get started with Supabase API authentication:

  • Sign up for a Supabase project
  • Go to the Project Settings page to find your API keys
  • Choose the correct key type for your use case:
  • Service role keys for general API access
  • User keys for user-specific actions
  • Pass the API key in requests using the Authorization header

For example:

Authorization: Bearer <your-api-key>
  • Set up roles and policies to manage permissions for service keys.

With API keys configured, your application can now make authenticated requests to Supabase's API!

Managing API Keys and Roles

Here are some best practices for managing Supabase API access:

  • Restrict service key permissions using policies to only allow needed actions. Apply principle of least privilege.
  • Rotate API keys periodically to reduce risk from exposed keys.
  • Delete expired user keys that are no longer needed.
  • Use user keys sparingly to avoid reaching concurrency limits.
  • Monitor API usage for suspicious activity indicating compromised keys.

Properly managing keys and roles lets you build secure, scalable applications with Supabase's REST API.

Performing CRUD Operations

Detailed examples of how to perform Create, Read, Update, and Delete operations using the Supabase REST API.

Creating Records with POST Requests

To insert new data into a Supabase table, you can make a POST request to the table endpoint.

Here is an example POST request to insert a new user record:

POST https://<project-ref>
  "full_name": "John Doe",
  "email": "" 

The JSON payload contains the data for the new record. Supabase will automatically generate a unique id for the inserted row.

To authenticate the request, you need to set the API key in the Authorization header:

Authorization: Bearer <api-key>

You can find your API key in the Supabase dashboard project settings.

Reading Data with GET Requests

To fetch data from a Supabase table, make a GET request to the table endpoint. For example, to get all users:

GET https://<project-ref>
Authorization: Bearer <api-key>

You can filter data by adding query parameters:

GET https://<project-ref>

This will return only records where full_name equals "John Doe".

See Supabase REST API documentation for more details on filtering and querying data.

Updating Data with PUT Requests

To update an existing record, make a PUT request to the record's endpoint using its id. Include a JSON payload with the updated data:

PUT https://<project-ref>
  "full_name": "John A. Doe"

This will update the full_name of the user with id 123.

You can also use the special * wildcard instead of id to update all records:

PUT https://<project-ref>*
  "email": "" 

Deleting Records with DELETE Requests

To delete records, make a DELETE request to the table endpoint. Filter by id to remove a specific record:

DELETE FROM https://<project-ref>

Or use the * wildcard to delete all records in a table:

DELETE FROM https://<project-ref>*  

That covers the basics of performing CRUD operations with the Supabase REST API. Refer to the Supabase docs for more examples and usage details.

Supabase REST API Documentation and Best Practices

The Supabase REST API documentation provides detailed references for all available endpoints and usage. It's organized by resource type like Auth, Storage, Database, etc. making it easy to find what you need.

When viewing a specific endpoint, the docs clearly explain:

  • The endpoint path and available methods (GET, POST, etc.)
  • The request parameters it accepts
  • Sample request headers
  • The response format it returns
  • Error codes

They also provide curl examples to test out requests.

Understanding Rate Limits and Error Handling

Supabase enforces rate limits on API requests to prevent abuse. Limits vary based on your project's database size. Exceeding these limits will result in 429 Too Many Requests errors.

It's important to handle these errors gracefully in your application code. When you receive a 429, you should stop sending requests for a brief period before resuming.

See Supabase's rate limiting guide for details on limits and strategies to avoid hitting them.

Other common errors like 400 Bad Request or 403 Forbidden indicate issues with your credentials, permissions, or request formatting. Consult the docs for troubleshooting.

Optimizing API Requests

Here are some tips for efficient use of the Supabase API:

  • Limit requests: Fetch only the data you need instead of over-fetching. Use filters, ranges, and pagination.
  • Batch requests: Combine multiple requests into a single API call to reduce total round trips.
  • Cache responses: Store Supabase API responses to avoid duplicate requests. Manage cache invalidation appropriately.
  • Tune page sizes: Adjust the count parameter when pagination to balance response size and round trips.
  • Request compression: Enable gzip compression on requests and responses to reduce payload size.
  • Use POST instead of GET for large parameters: POST has no size limits unlike GET.

Optimizing your API usage will ensure high performance and reduce cost/latency.

Building a Simple CRUD Application: A Supabase REST API Tutorial

Designing the Data Model

Supabase provides a PostgreSQL database that we can design our data model in. For this simple CRUD application, we will have a posts table to store blog posts.

The posts table will contain these columns:

  • id: primary key column that will automatically increment for each record
  • title: string for the blog post title
  • content: text for the body content of the post
  • created_at: timestamp for when the record was created

By having this simple data model in place, we can focus on using the Supabase REST API to perform CRUD operations on this posts table.

Implementing Create Functionality

To create a new post, we need to make a POST request to the Supabase REST API. Specifically, we will make a POST request to:


With a JSON body containing the title and content for the new post:

  "title": "My Awesome Blog Post",
  "content": "This is my first post using Supabase!" 

On the server, Supabase will automatically insert this as a new record into the posts table, including generating the id and created_at timestamp.

The response payload will contain the newly inserted record, including the assigned id.

Reading Data and Displaying Results

To retrieve posts stored in the database, we can make a GET request to:


This will return an array of post records in JSON format that we can display in our app's UI.

For example, we could loop through the array and display each post:

posts.forEach(post => {
  // display post title and content

We can also retrieve a single post by its id using:


Updating Existing Records

To update an existing post, we can make a PATCH request to the post's endpoint using its id, along with a JSON body containing the updated data:

PATCH https://<supabase-project-id><id>

  "title": "My Awesome Updated Blog Title" 

This will update only the title field for that record in the database.

Deleting Data through the Application

To delete a record, we can make a DELETE request using the post's id:

DELETE https://<supabase-project-id><id> 

And Supabase will remove that record from the posts table.

By combining these CRUD operations, we can build a full web application that creates, reads, updates, and deletes data from the Supabase Postgres database using the REST API.

Conclusion: Mastering Supabase REST APIs

Summary of Supabase REST API Essentials

This tutorial provided a quickstart guide to using Supabase's REST APIs to build CRUD functionality. We covered:

  • Authenticating with the REST API using API keys
  • Creating, reading, updating, and deleting data using POST, GET, PUT, and DELETE requests
  • Examples of basic CRUD operations like creating a new user
  • Using Postman to test Supabase REST API endpoints

The key takeaways are:

  • Supabase's REST APIs allow you to access and modify database content
  • API keys provide secure access without needing user login credentials
  • Common patterns like CRUD make building web apps fast and simple

Overall, Supabase's REST APIs offer a straightforward way to integrate robust data capabilities into applications.

Exploring Advanced Features and Next Steps

From here, you may want to explore some of Supabase's more advanced features such as:

  • Real-time subscriptions for live data updates
  • OAuth and social logins for simplified auth flows
  • Storage for managing user-generated content
  • Functions for running serverless jobs

The Supabase documentation provides in-depth guidance on integrating these capabilities using the REST APIs.

As you build more complex projects, studying Supabase's auth patterns and permissions systems will help you manage secure access. Examining example apps can also provide inspiration for what's possible.

With this initial foundation, you now have the essentials to start building feature-rich apps powered by Supabase's APIs!