JAICYLAB
Start a Project
SUPABASE

Supabase
Project & Key Setup

A guide for spinning up a backend fast with Supabase, the open-source Firebase alternative. Configure PostgreSQL, Auth, Storage, Realtime, and Edge Functions in one pass.

Open Supabase DashboardView steps

Free plan

2 projects

Paid tier

Pro from $25/mo

Requirements

GitHub account recommended

Overview

Before you begin

Supabase's free plan pauses a project after 1 week of inactivity. Move production workloads to Pro ($25/mo+) for stable uptime. Always enable Row Level Security (RLS) from day one — when disabled, all data is publicly accessible.

GitHub account

Supabase uses GitHub OAuth.

Region selection

Tokyo (ap-northeast-1) for Korea.

RLS policy design

Row Level Security is off by default.

Two key types

anon vs service_role.

Step by Step

Step-by-step Guide

01

SIGNUP

Sign up & create org

Sign up on supabase.com with GitHub.

  • Sign in with GitHub recommended (email also works)
  • An Organization is auto-created — projects are grouped per team
  • Invite teammates at the organization level
  • Free plan: 2 projects per organization
02

PROJECT

Create a new project

Pick the database and region.

  • Click New Project
  • Project name (used as URL slug)
  • Create a strong Database Password and store it safely
  • Region: Northeast Asia (Tokyo) is fastest from Korea
  • Pricing Plan: Free / Pro / Team
  • Provisioning takes 2–3 minutes
03

KEYS

Check API keys

Understand the role of each key clearly.

  • Settings > API menu
  • Project URL: https://${id}.supabase.co
  • anon public key: usable on the frontend, protected by RLS
  • service_role key: server-only, bypasses RLS — never expose
  • JWT Secret: used when issuing custom tokens
  • Store NEXT_PUBLIC_SUPABASE_URL / ANON_KEY in .env.local
04

AUTH

Authentication setup

Enable sign-in methods.

  • Authentication > Providers menu
  • Email (on by default), Phone, Google, Apple, Kakao, etc.
  • Each OAuth provider requires its own Client ID / Secret
  • Redirect URL: https://${id}.supabase.co/auth/v1/callback
  • Customize email templates (e.g., localize to Korean)
  • Check rate limits (free plan is throttled hourly)
05

DATABASE

Tables & RLS policies

Create Postgres tables and set security policies.

  • Use Table Editor (GUI) or run DDL in the SQL Editor
  • Always check Enable RLS on new tables
  • Example RLS policy: "auth.uid() = user_id" (owner-only reads)
  • Enable Realtime — subscribe to INSERT / UPDATE / DELETE events
  • Set up foreign keys (recommended link to auth.users)
06

STORAGE

Configure Storage buckets

Create buckets for uploads.

  • Storage > New Bucket
  • Pick Public or Private
  • Public: accessible by URL to anyone, good for avatars
  • Private: only authenticated users, via signed URLs
  • Control upload / download access with RLS policies
  • Image transformation is a Pro-plan feature
07

FUNCTIONS

Deploy Edge Functions

Build custom APIs with serverless functions.

  • Deno runtime with TypeScript support
  • supabase init → supabase functions new my-func
  • supabase functions deploy my-func
  • Great for external API calls, complex logic, and webhooks
  • Set env vars with `supabase secrets set`
  • Free plan limit: 500K invocations/month
08

OPS

Team invites & backups

Mandatory operational setup.

  • Invite members under Organization Settings > Team
  • Roles: Owner / Developer (fine-grained roles on Pro+)
  • Database > Backups: automatic daily backups
  • Free plan retains 7 days, Pro keeps 30
  • Point-in-time Recovery requires the Team plan
  • Disable automatic Postgres upgrades is recommended

Pitfalls

Common blockers

Shipping with RLS disabled

With Row Level Security off, the anon key can read and write every table. This is the top cause of data leaks.

Leaking service_role to frontend

service_role is the admin key that bypasses RLS. Never prefix it with NEXT_PUBLIC_.

Free plan auto-pauses

After 1 week of inactivity the project is paused and APIs return 404. Production should run on Pro.

Region is permanent

The region is fixed at project creation. A mistake means creating a new project and migrating.

Lost Database Password

It cannot be recovered. Store it in a password manager; otherwise you have to recreate the project.

Resources

Official links

Supabase Dashboard

Project management

Pricing

Plan comparison

Auth docs

Sign-in implementation guide

Row Level Security

How to write RLS policies

JavaScript client

@supabase/supabase-js

Edge Functions

Deno serverless

If setup is a headache, we'll handle it

Projects at JAICYLAB include everything from developer account setup to launch and ops.

Ask us to handle it More guides