Supabase

Executes a given sql query against the project's database; use for advanced data operations or when standard api endpoints are insufficient, ensuring queries are valid postgresql and sanitized.

Creates a new supabase organization, which serves as a top-level container for projects, billing, and team access.

Creates a new supabase project, requiring a unique name (no dots) within the organization; project creation is asynchronous.

Lists all organizations (id and name only) associated with the supabase account, excluding project details within these organizations.

Retrieves a list of all supabase projects, including their id, name, region, and status, for the authenticated user.

Creates a 'publishable' or 'secret' api key for an existing supabase project, optionally with a description; 'secret' keys can have customized jwt templates.

Permanently deletes a specific api key (identified by `id`) from a supabase project (identified by `ref`), revoking its access.

Retrieves the detailed configuration for a specific third-party authentication (tpa) provider, identified by `tpa id`, within an existing supabase project specified by `ref`.

Lists all configured third-party authentication provider integrations for an existing supabase project (using its `ref`), suitable for read-only auditing or verifying current authentication settings.

Removes a third-party authentication provider (e.g., google, github) from a supabase project's configuration; this immediately prevents users from logging in via that method.

Updates an existing supabase project api key's `description` and/or `secret jwt template` (which defines its `role`); does not regenerate the key string.

Activates a previously configured custom hostname for a supabase project, assuming dns settings are verified externally.

Activates a vanity subdomain for the specified supabase project, requiring subsequent dns configuration for the subdomain to become operational.

Generates a supabase oauth 2.0 authorization url for user redirection, requiring a pre-registered `client id` and a `redirect uri` that matches one of its pre-registered uris.

Checks if a specific vanity subdomain is available for a supabase project; this action does not reserve or assign the subdomain.

Enables database webhooks for the supabase project `ref`, triggering real-time notifications for insert, update, or delete events.

Fetches the current vanity subdomain configuration, including its status and custom domain name, for a supabase project identified by its reference id.

Retrieves a supabase project's custom hostname configuration, including its status, ssl certificate, and ownership verification, noting that availability may depend on the project's plan.

Retrieves the list of banned ipv4 addresses for a supabase project using its unique project reference string; this is a read-only operation.

Retrieves the current network restriction settings (e.g., ip whitelists) for a supabase project using its reference id; this is a read-only operation for auditing or verifying network security.

Retrieves the pgsodium configuration, including the root encryption key, for an existing supabase project identified by its `ref`.

Retrieves the ssl enforcement configuration for a specified supabase project, indicating if ssl connections are mandated for its database.

Irreversibly initiates the removal of a specified read replica from an existing supabase project, confirming only the start of the process, not its completion.

Removes specified ipv4 addresses from a supabase project's network ban list, granting immediate access; ips not currently banned are ignored.

Provisions a read-only replica for a supabase project in a specified, supabase-supported aws region to enhance read performance and reduce latency.

Updates and applies network access restrictions (ipv4/ipv6 cidr lists) for a supabase project, which may terminate existing connections not matching the new rules.

Initiates an asynchronous upgrade of a supabase project's postgresql database to a specified `target version` from a selected `release channel`, returning a `tracking id` to monitor status; the `target version` must be available in the chosen channel.

Critically updates or initializes a supabase project's pgsodium root encryption key for security setup or key rotation, requiring secure backup of the new key to prevent irreversible data loss.

Creates a new saml 2.0 single sign-on (sso) provider for a supabase project, requiring either `metadata xml` or `metadata url` for saml idp configuration.

Call this to add a new third-party authentication method (oidc or jwks) to a supabase project for integrating external identity providers (e.g., for sso); the api may also support `custom jwks` if sent directly.

Creates a new, isolated database branch from an existing supabase project (identified by `ref`), useful for setting up separate environments like development or testing, which can optionally be linked to a git branch.

Creates a new serverless edge function for a supabase project (identified by `ref`), requiring valid javascript/typescript in `body` and a project-unique `slug 1` identifier.

Re-verifies dns and ssl configurations for an existing custom hostname associated with a supabase project.

Permanently and irreversibly deletes a supabase project, identified by its unique `ref` id, resulting in complete data loss.

Permanently and irreversibly deletes a specific, non-default database branch by its `branch id`, without affecting other branches.

Permanently deletes a specific edge function (by `function slug`) from a supabase project (by `ref`); this action is irreversible and requires prior existence of both project and function.

Deletes an active custom hostname configuration for the project identified by `ref`, reverting to the default supabase-provided hostname; this action immediately makes the project inaccessible via the custom domain and requires subsequent updates to client, oauth, and dns settings.

Permanently and irreversibly deletes an active vanity subdomain configuration for the specified supabase project, reverting it to its default supabase url.

Deploys edge functions to a supabase project using multipart upload.

Disables the preview branching feature for an existing supabase project, identified by its unique reference id (`ref`).

Temporarily disables a supabase project's read-only mode for 15 minutes to allow write operations (e.g., for maintenance or critical updates), after which it automatically reverts to read-only.

(beta) implements the oauth 2.0 token endpoint to exchange an authorization code or refresh token for access/refresh tokens, based on `grant type`.

Generates and retrieves typescript types from a supabase project's database; any schemas specified in `included schemas` must exist in the project.

Retrieves a specific sql snippet by its unique identifier.

Retrieves the configuration details for a specific single sign-on (sso) provider (e.g., saml, google, github, azure ad), identified by its uuid, within a supabase project.

Fetches comprehensive details for a specific supabase organization using its unique slug.

Retrieves the project's complete read-only authentication configuration, detailing all settings (e.g., providers, mfa, email/sms, jwt, security policies) but excluding sensitive secrets.

Retrieves the postgrest configuration for a specific supabase project.

Retrieves the current read-only postgresql database configuration for a specified supabase project's `ref`, noting that some advanced or security-sensitive details might be omitted from the response.

Retrieves the current health status for a supabase project, for specified services or all services if the 'services' list is omitted.

Retrieves the supavisor (connection pooler) configuration for a specified supabase project, identified by its reference id.

Retrieves the read-only configuration and status for a supabase database branch, typically for monitoring or verifying its settings.

Retrieves all api keys for an existing supabase project, specified by its unique reference id (`ref`); this is a read-only operation.

Retrieves the active pgbouncer configuration (postgresql connection pooler) for a supabase project, used for performance tuning, auditing, or getting the connection string.

Checks a supabase project's eligibility for an upgrade, verifying compatibility and identifying potential issues; this action does not perform the actual upgrade.

Retrieves the latest status of a supabase project's database upgrade for monitoring purposes; does not initiate or modify upgrades.

Lists all database backups for a supabase project, providing details on existing backups but not creating new ones or performing restores; availability may depend on plan and configuration.

Retrieves a list of all storage buckets for a supabase project, without returning bucket contents or access policies.

Lists all configured single sign-on (sso) providers for a supabase project, requiring the project reference id (`ref`) of an existing project.

Retrieves a list of sql snippets for the logged-in user, optionally filtered by a specific supabase project if `project ref` is provided.

Lists all database branches for a specified supabase project, used for isolated development and testing of schema changes; ensure the project reference id is valid.

Lists metadata for all edge functions in a supabase project (specified by 'ref'), excluding function code or logs; the project must exist.

Retrieves all secrets for a supabase project using its reference id; secret values in the response may be masked.

Retrieves all members of a supabase organization, identified by its unique slug, including their user id, username, email, role, and mfa status.

Deletes a specific sso provider by its id (`provider id`) from a supabase project (`ref`), which disables it and returns its details; ensure this action will not inadvertently lock out users.

Resets an existing supabase database branch, identified by `branch id`, to its initial clean state, irreversibly deleting all its current data and schema changes.

Restores a supabase project's database to a specific unix timestamp using point-in-time recovery (pitr), overwriting the current state; requires a paid plan with pitr and physical backups enabled.

Retrieves detailed information, metadata, configuration, and status for a specific edge function using its project reference id and function slug.

Retrieves the source code (body) for a specified serverless edge function using its project reference and function slug; this is a read-only operation that does not execute the function or return runtime logs.

Retrieves the read-only mode status for a specified supabase project to check its operational state; this action does not change the read-only state.

Updates an existing sso provider's saml metadata, associated email domains, or attribute mappings for a supabase project, identified by `ref` and `provider id`.

Updates postgrest configuration settings (e.g., `max rows`, `db pool`, `db schema`, `db extra search path`) for a supabase project to fine-tune api performance, data exposure, and database resource usage.

Updates specified postgresql configuration parameters for an existing supabase project (`ref`) to optimize database performance; note that unspecified parameters remain unchanged, and caution is advised as incorrect settings can impact stability or require a restart.

Updates the supavisor (database pooler) configuration, such as `default pool size`, for an existing supabase project identified by `ref`; the `pool mode` parameter in the request is deprecated and ignored.

Updates an existing supabase edge function's properties (like name, slug, source code, jwt settings, import map) identified by project `ref` and `function slug`, supporting plain text code or eszip for the body.

Updates the custom hostname for a supabase project, requiring subsequent dns changes to a user-controlled domain for ssl certificate issuance and domain ownership.

Updates the configuration of a supabase database branch, allowing modification of its name, associated git branch, reset-on-push behavior, persistence, and status.

Updates the ssl enforcement configuration (enable/disable) for a specified supabase project's database.