Supabase Basics Cheat Sheet
Introduces Supabase's Postgres database, auto-generated REST API, authentication, Row Level Security, and realtime subscriptions using the CLI and JS client.
2 PagesBeginnerMar 8, 2026
Supabase CLI Setup
Install the CLI, link a project, and run the local dev stack.
bash
# Install the Supabase CLInpm install -g supabase# Log in and link a local project to your Supabase projectsupabase loginsupabase initsupabase link --project-ref <your-project-ref># Start the local dev stack (Postgres, Studio, Auth, Storage) in Dockersupabase start# Generate a migration from schema changes and push itsupabase db diff -f add_orders_tablesupabase db push
Table + Row Level Security
Create a table and lock it down with RLS policies scoped to the logged-in user.
sql
-- Create a tablecreate table public.orders ( id uuid primary key default gen_random_uuid(), user_id uuid references auth.users not null, amount numeric not null, created_at timestamptz default now());-- RLS must be enabled before any policy takes effectalter table public.orders enable row level security;-- Users can only see their own orderscreate policy "Users can view their own orders" on public.orders for select using (auth.uid() = user_id);-- Users can only insert orders for themselvescreate policy "Users can insert their own orders" on public.orders for insert with check (auth.uid() = user_id);
supabase-js Client
Authenticate, query, insert, and subscribe to realtime changes from a JS app.
javascript
import { createClient } from '@supabase/supabase-js'const supabase = createClient( process.env.SUPABASE_URL, process.env.SUPABASE_ANON_KEY)// Sign in a userconst { data: authData, error: authError } = await supabase.auth.signInWithPassword({ email, password })// Query data (RLS policies apply automatically for the logged-in user)const { data, error } = await supabase .from('orders') .select('id, amount, created_at') .order('created_at', { ascending: false }) .limit(10)// Insert a rowawait supabase.from('orders').insert({ amount: 49.99 })// Subscribe to realtime changessupabase .channel('orders-changes') .on('postgres_changes', { event: 'INSERT', schema: 'public', table: 'orders' }, (payload) => console.log('New order:', payload.new)) .subscribe()
Core Features
What you get out of the box with a Supabase project.
- Auth- Built-in authentication (email/password, magic links, OAuth providers, phone OTP) backed by GoTrue, storing users in the auth.users schema.
- Database- A full managed PostgreSQL database — any Postgres feature (extensions, triggers, functions) is available, not a limited subset.
- Auto-generated REST API- PostgREST automatically exposes every table/view as a REST endpoint (/rest/v1/orders) based on your schema and RLS policies.
- Realtime- Subscribe to database changes (insert/update/delete) over WebSockets via logical replication, without building custom pub/sub infrastructure.
- Storage- S3-compatible object storage for files and images, with access controlled by the same RLS-style policies as the database.
- Edge Functions- Deno-based serverless functions deployed globally for custom server-side logic, shipped via supabase functions deploy.
- RLS is the security boundary- Because the REST/GraphQL API is auto-generated from your schema, RLS policies are the primary way to secure data — a table with RLS enabled and no policies denies all access by default.
Pro Tip
Always enable Row Level Security on every table exposed through the auto-generated API — without it, the anon/public API key can read and write every row, since Supabase's REST layer bypasses any app-level authorization you assumed you had.
Was this cheat sheet helpful?
Explore Topics
#SupabaseBasics#SupabaseBasicsCheatSheet#Database#Beginner#SupabaseCLISetup#Table#Row#Level#Databases#Security#APIs#CommandLine#CheatSheet#SkillVeris
Advertisement
Sri Hayavadhana Info-Tech
Professional Web Designing Services
- Responsive Websites
- E-commerce Solutions
- SEO Friendly Design
- Fast & Secure
- Support & Maintenance