Supabase

Use Supabase for PostgreSQL, authentication, storage, realtime features, and APIs when the generated app needs a hosted backend.

Example apps

Supabase works well for:

CRM systems with clients, projects, and notes.
Ecommerce apps with products, orders, and customers.
Social apps with posts, comments, likes, and profiles.
Booking systems with appointments and calendars.
Content apps with files, images, and published pages.

Decide what Supabase owns

Before implementation, decide whether Supabase will provide:

PostgreSQL tables.
Authentication.
Storage buckets.
Row Level Security policies.
Realtime subscriptions.
Edge functions.

Supabase public product page — Plan the Supabase project and data model before connecting it to a generated app.

Recommended environment variables

SUPABASE_URL=
SUPABASE_ANON_KEY=
SUPABASE_SERVICE_ROLE_KEY=

Use SUPABASE_ANON_KEY only with Row Level Security policies that protect data correctly. Keep SUPABASE_SERVICE_ROLE_KEY on the server only.

Create a Supabase project

Create a Supabase account.
Choose New project.
Give the project a clear development name.
Generate and store the database password securely.
Choose the region closest to your users.
Start on the free plan while validating the app.
Wait for the project to finish provisioning.

After provisioning, collect the project URL and API keys from project settings. Do not publish screenshots that reveal service-role keys or database passwords.

Database setup

Ask Cocoding AI to generate SQL for the app data model, then review it before running it in Supabase.

Create Supabase SQL tables for customers, projects, tasks, comments, and files.
Enable Row Level Security.
Add policies so users can only read and update their own workspace records.
Use server-side operations for admin-only actions.

Storage setup

When the generated app needs images, PDFs, invoices, or avatars:

Create a storage bucket.
Decide whether files are public or private.
Add MIME type and file size validation.
Add RLS/storage policies.
Store file URLs or object paths in the database.

Prompt Cocoding AI

Connect this app to Supabase.
Use SUPABASE_URL and SUPABASE_ANON_KEY for browser-safe reads that respect RLS.
Use SUPABASE_SERVICE_ROLE_KEY only on the server for admin operations.
Create tables for customers, tickets, and ticket comments.
Add setup errors when Supabase variables are missing.

Test Supabase

Create development tables and policies.
Store the Supabase URL and keys in runtime configuration.
Open the Cocoding AI preview.
Create one safe test record.
Confirm the record appears in Supabase.
Test unauthorized access if Row Level Security is enabled.

Troubleshooting

Symptom	Likely cause	What to check
Request denied	RLS policy missing or too strict	Review table policies for the current user role.
Data visible to everyone	RLS disabled or policy too broad	Enable RLS and use least-privilege policies.
Service role exposed	Unsafe client code	Move service-role operations to backend routes.
Storage upload fails	Bucket policy mismatch	Check bucket permissions and allowed MIME types.

Example apps​

Decide what Supabase owns​

Recommended environment variables​

Create a Supabase project​

Database setup​

Storage setup​

Prompt Cocoding AI​

Test Supabase​

Troubleshooting​