REST API

Build an API route in less than 2 minutes.

Create your first API route by creating a table called todos to store tasks.

Let's create our first REST route which we can query using cURL or the browser.

We'll create a database table called todos for storing tasks. This creates a corresponding API route /rest/v1/todos which can accept GET, POST, PATCH, & DELETE requests.

1

Set up a Supabase project with a 'todos' table

Create a new project in the Supabase Dashboard.

After your project is ready, create a table in your Supabase database. You can do this with either the Table interface or the SQL Editor.

1
-- Create a table called "todos"
2
-- with a column to store tasks.
3
create table todos (
4
  id serial primary key,
5
  task text
6
);
2

Enable Data API access to Anon Role

Expose the todos table through the Data API so it can be queried over HTTP.

For more control over which tables and functions are exposed, see Expose specific tables and functions.

1
-- Allow read-only access for anonymous clients
2
grant select on public.todos to anon;
3

Configure RLS

Turn on Row Level Security for this table and create the policies that control who can read and write rows.

1
-- Turn on RLS
2
alter table "todos"
3
enable row level security;
4
5
-- Allow anonymous access
6
create policy "Allow public access"
7
  on todos
8
  for select
9
  to anon
10
  using (true);
11
12
-- Allow authenticated users to read and modify todos
13
create policy "Allow authenticated users to manage todos"
14
  on todos
15
  for all
16
  to authenticated
17
  using (true)
18
  with check (true);
4

Enable Data API access for authenticated and service roles

Now that RLS is in place, grant write access to the authenticated and service_role roles.

1
-- Grant write access only after RLS and policies are in place
2
grant select, insert, update, delete on public.todos to authenticated;
3
grant select, insert, update, delete on public.todos to service_role;
5

Insert some dummy data

Now we can add some data to our table which we can access through our API.

1
insert into todos (task)
2
values
3
  ('Create tables'),
4
  ('Enable security'),
5
  ('Add data'),
6
  ('Fetch data from the API');
6

Fetch the data

Find your API URL and Keys in your Dashboard API Settings. You can now query your "todos" table by appending /rest/v1/todos to the API URL.

Copy this block of code, substitute <PROJECT_REF> and <PUBLISHABLE_KEY>, then run it from a terminal.

1
curl 'https://<PROJECT_REF>.supabase.co/rest/v1/todos' \
2
-H "apikey: <PUBLISHABLE_KEY>"

Bonus#

There are several options for accessing your data:

Browser#

You can query the route in your browser, by appending the publishable key as a query parameter:

https://<PROJECT_REF>.supabase.co/rest/v1/todos?apikey=<PUBLISHABLE_KEY>

Curl#

1
curl 'https://<PROJECT_REF>.supabase.co/rest/v1/todos?select=*' \
2
  -H "apikey: <PUBLISHABLE_KEY>" \
3
  -H "Authorization: Bearer <PUBLISHABLE_KEY>"

Client libraries#

We provide a number of Client Libraries.

1
const { data, error } = await supabase.from('todos').select()