Supabase gives you an entire backend in a box — a database, user login system, file storage, and live updates — all without writing server code yourself. This guide explains everything in plain English so you can tell your AI tool exactly what to build.
Supabase is an open-source alternative to Firebase (Google's backend service). Think of it as your app's entire behind-the-scenes system, all in one place. It gives you:
It's built on top of PostgreSQL, the same database that powers companies like Instagram, Spotify, and Netflix. That means it's rock-solid and battle-tested — but Supabase makes it easy to use with a visual dashboard, so you never need to learn database commands.
If your app needs to remember anything (user accounts, posts, orders), you need a database. Supabase gives you one with zero setup.
Need sign-up, sign-in, password reset, or "Sign in with Google"? Supabase handles all of that out of the box.
Profile pictures, document uploads, image galleries — Supabase Storage lets users upload and view files easily.
The free tier is generous. You can build and launch a real app without paying a cent until it grows.
Pricing:Supabase has a generous free tier — 500 MB database, 1 GB file storage, 50,000 monthly active users, and unlimited API requests. The Pro plan is $25/month (8 GB database, 100 GB storage) and the Team plan is $599/month for larger teams. Most AI coders stay on the free tier for months.
Go to supabase.com and sign up with your GitHub account. It takes about 30 seconds.
Click "New Project," give it a name, choose a database password (save this somewhere safe!), and pick a region close to your users. Your project spins up in about two minutes.
Go to Settings > API in your Supabase dashboard. You'll see a Project URL and an anon/public key. These are like your app's address and guest pass — they let your app talk to Supabase.
Paste those two values into your project's .env file and ask your AI tool to set up the Supabase client. From there, your app can read and write data, handle logins, and upload files.
Tables, rows, and columns — like a spreadsheet on steroids. Store users, products, posts, or anything else. The visual Table Editor lets you add and edit data without writing any database commands.
Built-in login system supporting email/password, magic links (passwordless login via email), and social logins like Google, GitHub, Apple, and more. Includes password reset, email verification, and session management.
Upload and serve images, documents, videos, and any other files. Organize them into buckets (folders). Supports image transformations — resize and crop images on the fly without extra tools.
Your app can listen for changes to the database and update instantly — like a live scoreboard or chat room. When someone adds a new message, everyone sees it immediately without refreshing.
Server-side code that runs close to your users for speed. Use these for things like sending emails, processing payments, or calling other APIs. Your AI tool can write these for you.
Control exactly who can see and edit which rows of data. For example: users can only read their own profile, or only admins can delete posts. It's like putting a lock on each row of your spreadsheet.
The moment you create a table, Supabase instantly gives you an API (a way for your app to talk to the database). No extra setup — it just works. Supports both REST and GraphQL.
A visual interface for your database — add tables, edit rows, run queries, and manage users without touching any code. It looks and feels like a spreadsheet.
Test database changes safely before going live. Create a branch (a copy of your database), try things out, and merge only when you're happy. Like a rough draft for your database.
Built-in support for pgvector, which lets you store AI embeddings. This powers features like semantic search ("find products similar to this one") and AI-powered recommendations.
Copy these prompts and paste them into your AI tool (Cursor, Claude Code, Bolt, Lovable, etc.) to get Supabase set up and working in your project.
Set up Supabase in a Next.js project
"Set up Supabase in my Next.js project. Install the @supabase/supabase-js package, create a Supabase client utility file, and add the NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_ANON_KEY environment variables to .env.local. Use the latest Supabase SSR helpers for server components."
Create a users profile table
"Create a 'profiles' table in Supabase with columns for id (linked to auth.users), display_name (text), avatar_url (text), bio (text), and created_at (timestamp). Set up Row Level Security so users can only read and update their own profile. Create a trigger that automatically creates a profile row when a new user signs up."
Add email/password authentication
"Add email and password sign-up and sign-in to my app using Supabase Auth. Create a sign-up form, a sign-in form, and a sign-out button. After successful login, redirect to the dashboard page. Show error messages if the email is already taken or the password is wrong. Include a 'Forgot password' link that sends a reset email."
Add Google OAuth login
"Add 'Sign in with Google' to my app using Supabase Auth. Create a button that starts the Google OAuth flow. After successful login, redirect to the dashboard. Make sure it works alongside the existing email/password login. Show me how to configure the Google provider in the Supabase dashboard."
Upload images to Supabase Storage
"Add image upload functionality using Supabase Storage. Create a storage bucket called 'avatars' with a 2MB file size limit that only accepts image files. Build an upload component that shows a preview of the selected image before uploading. After uploading, save the public URL to the user's profile. Set up storage policies so users can only upload to their own folder."
Set up Row Level Security
"Set up Row Level Security (RLS) on my Supabase tables. For the 'posts' table: anyone can read all posts, but only the author can create, update, or delete their own posts. For the 'profiles' table: anyone can read profiles, but users can only update their own. Enable RLS on both tables and create the security policies."
Build a real-time chat
"Build a real-time chat feature using Supabase Realtime. Create a 'messages' table with columns for id, user_id, content, and created_at. Subscribe to new messages so they appear instantly without refreshing. Display messages in a scrollable list with the sender's name and timestamp. Include an input field to send new messages."
Create a server-side API endpoint
"Create a Supabase Edge Function that sends a welcome email when a new user signs up. Use a database webhook that fires on INSERT to the auth.users table. The function should call an email API (like Resend) to send the welcome email with the user's name."
Database migration for a new feature
"Create a Supabase database migration that adds a 'bookmarks' table. Users should be able to bookmark posts. The table needs: id (uuid primary key), user_id (foreign key to auth.users), post_id (foreign key to posts), created_at (timestamp). Add RLS policies so users can only see and manage their own bookmarks. Create a unique constraint so a user can't bookmark the same post twice."
Connect Supabase to Lovable or Bolt
"Connect my Lovable/Bolt project to Supabase. Add the Supabase client library, configure the environment variables for SUPABASE_URL and SUPABASE_ANON_KEY, and create a simple test page that reads data from a 'posts' table and displays it in a list. Include error handling if the connection fails."
Full-text search
"Add full-text search to my Supabase 'products' table. Create a search function that lets users search across the product name and description fields. Return results ranked by relevance. Build a search bar component that shows results as the user types with a small delay (debounce) so it doesn't search on every keystroke."
Set up authentication middleware
"Set up Supabase Auth middleware in my Next.js app so that protected routes (like /dashboard, /settings, /profile) redirect to /login if the user isn't signed in. Use the Supabase SSR package to handle session refresh automatically. Make sure the middleware runs on every request to protected pages."
Every table you create should have RLS turned on. Without it, anyone with your API key can read and write all your data. RLS is like putting a lock on your door — don't skip it.
Your anon key is safe to use in the browser, but your service_role key bypasses all security. Never put it in client-side code. Only use it on the server (like in Edge Functions or API routes).
Before asking your AI tool to build a feature, create the table manually in the Supabase dashboard. It's faster for experimenting and you can see exactly what the data looks like.
Always include a created_at column with a default value of now(). You'll thank yourself later when you need to sort things by date or debug when something was added.
If a post belongs to a user, add a user_id column to the posts table that links back to the users table. This keeps your data connected and prevents orphaned records.
Customize the confirmation and password-reset emails in Supabase > Authentication > Email Templates. The defaults work, but branded emails look much more professional.
In Authentication > URL Configuration, make sure your Site URL matches your actual domain (not localhost). This fixes most redirect issues with social logins and magic links.
Trigger Edge Functions automatically when data changes. For example: send a notification when someone leaves a comment, or resize an image after it's uploaded.
This almost always means Row Level Security is enabled but you haven't created any policies yet. Go to your table in the Supabase dashboard, click "RLS" and add a policy that allows the operations you need (select, insert, update, delete).
Go to Authentication > URL Configuration in the Supabase dashboard and update your Site URL to your real domain (e.g., https://myapp.vercel.app). Also add it to the Redirect URLs list. This tells Supabase where to send users after they log in.
Double-check that your .env file has the correct NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_ANON_KEY values. Copy them fresh from Settings > API in your Supabase dashboard. Make sure there are no extra spaces or quotes around the values.
You're probably not refreshing the session on the server. Ask your AI tool: "Set up Supabase SSR middleware to refresh the auth session on every request." This keeps users logged in across page navigations.
You need to create the storage bucket first. Go to Storage in the Supabase dashboard and click "New Bucket." Give it a name (like "avatars" or "uploads") and set whether it's public or private.
Make sure the table has "Realtime" enabled. Go to Database > Replication in the Supabase dashboard and toggle on the table you want to listen to. Also check that your RLS policies allow SELECT for the rows you're subscribing to.
If you made changes directly in the dashboard and also have migration files, they can get out of sync. Use the Supabase CLI to pull the current state with 'supabase db diff' and create a new migration from the differences.
Add an index to columns you frequently search or filter by. Ask your AI tool: "Add a database index to the email column on the users table in Supabase." Indexes are like a book's table of contents — they help the database find things faster.
There are other backend tools out there. Here's how Supabase compares to the most popular ones.
Supabase
Open-source, uses PostgreSQL (industry standard), SQL-based, generous free tier, self-hostable, great dashboard.
Firebase
Google-owned, uses NoSQL (document-based), proprietary, slightly more complex pricing, deep integration with Google Cloud.
Choose Supabase if you want a real SQL database and open-source flexibility. Choose Firebase if you're deep in the Google ecosystem or prefer NoSQL.
Supabase
Full backend (auth, storage, real-time, database). PostgreSQL. Visual dashboard. Built-in auth and file storage.
PlanetScale
Database only (MySQL-based). No built-in auth or storage. Excellent branching and scaling features. Developer-focused.
Choose Supabase if you want an all-in-one solution. Choose PlanetScale if you only need a database and your team prefers MySQL.
Supabase
Full backend platform with auth, storage, and real-time. Managed PostgreSQL with a visual editor. More features beyond just the database.
Neon
Serverless PostgreSQL database only. Excellent cold-start performance. Branching support. Very developer-friendly.
Choose Supabase if you want everything in one place. Choose Neon if you only need a fast, serverless PostgreSQL database and will handle auth and storage separately.
Supabase
A complete backend service — it hosts your database, runs your auth, stores your files. You connect to it over the internet.
Prisma
A tool that helps your code talk to any database. It doesn't host anything — it's a translator between your code and your database.
These aren't really competitors. You can actually use Prisma with Supabase! Supabase is where your data lives; Prisma is a tool that makes it easier to work with that data in code.
Now that you understand Supabase, explore these related guides to level up your app:
Database Design
Learn how to plan your tables and relationships
Authentication
Deep dive into login systems and user accounts
File Uploads
Everything about handling images and documents
Real-time Features
Build live updates, chat, and notifications
Security
Protect your app and your users' data
API Integration
Connect your app to external services
