Supabase
AnalyticDB for PostgreSQL Supabase is a fully managed application development platform built on a deeply enhanced version of the open-source Supabase. The platform offers the same development experience as the original Supabase, providing core features like a database, authentication, and Edge Functions. It is integrated with Alibaba Cloud's infrastructure to deliver higher performance, stronger security, and better ecosystem support. Compared to self-hosting the open-source version, AnalyticDB for PostgreSQL allows you to retain ownership of your resources while benefiting from comprehensive management capabilities. You can select compute and storage specifications on demand, and it natively supports third-party OAuth providers such as Alipay and WeChat. It also adds core features like Edge Functions that are missing from the open-source solution, while remaining highly consistent with the Supabase Cloud user experience and API compatibility.
Core features
Feature | Description |
Native Alipay and WeChat OAuth support | Natively integrates third-party login authentication with Alipay and WeChat. This feature is ready to use without adapting the OAuth flow. It is suitable for various application scenarios, including web, apps, and mini programs, significantly reducing integration costs. |
Full-lifecycle experience for Edge Functions | Supports the full lifecycle of Supabase Edge Functions, including development, deployment, and log observability. It provides low-latency invocation, stable execution, and event-triggering capabilities. Additionally, it offers a native secrets management feature to securely manage sensitive information like API keys and tokens. |
End-to-end log observability | Provides a clear and observable logging system for modules such as Edge Functions, database, Auth, and Storage. Developers can view execution logs, debugging information, and error locations in the dashboard. This improves development efficiency and troubleshooting speed, enabling a self-service development experience. |
Ecosystem compatibility and easy migration | With compatible APIs, SDKs, and migration solutions, you can migrate from Supabase Cloud with no changes to your application code. |
Native support for MCP Server | Supports Model Context Protocol (MCP) Server, allowing intelligent applications like LLMs and Agents to directly call resources such as databases, Storage, and Edge Functions. This enables more natural and powerful AI invocation chains, ideal for building intelligent assistants, automated services, and data-driven applications. |
Enterprise-grade security | Provides VPC network isolation, access auditing, encrypted transmission, a robust permission system, and security policies for Object Storage Service. |
Fully managed, maintenance-free experience | Offers multiple instance specifications and supports scaling to meet different business needs. Provides enterprise-grade capabilities such as version upgrades and data backups, allowing developers to focus on business logic instead of cluster management. |
Pricing
Free tier: A 1-core, 2 GB specification is available for free.
ImportantFree projects are for development and testing purposes only. Do not use them in a production environment.
Paid tier: Creating a project incurs costs for compute and storage resources. For the pricing of different compute resource specifications, see Supabase. For a detailed breakdown of project fees, see the purchase page on the console.
Create a Supabase project
Log in to the AnalyticDB for PostgreSQL console.
In the top-left corner of the console, select the region for your project.
In the left-side navigation pane, click Supabase.
In the top-right corner of the page, click Create Project, and select either Create Project (Free Trial) or Create Project (Paid Plan).
Configure the parameters.
Free trial
Parameter
Description
Project Name
The name of the project.
Zone
A zone is a distinct physical location within a region. There are no significant differences between zones.
Specifications
Select the specifications for your project.
Database Account
The account name is fixed as postgres.
Database Password, Confirm Password
The password for the initial account. The password must meet the following requirements:
Be 8 to 32 characters in length.
Contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
The supported special characters are:
!@#$%^&*()_+-=.
NoteAfter the project is created, you can change the database password on the console or call the ResetSupabaseProjectPassword API operation.
VPC
Select the ID of the Virtual Private Cloud (VPC).
A VPC is an isolated network environment that provides higher security and performance than classic networks. You must first create a VPC and a vSwitch in the same region as the project.
VSwitch
Select a vSwitch within the VPC.
If no vSwitches are available, this means that none have been created in the selected zone. You can either switch to another zone or create a vSwitch in the current zone.
Enable whitelist restriction
Select whether to enable whitelist restrictions.
IP Address Whitelist
Enter the IP addresses to add to the whitelist.
Paid plan
Parameter
Description
Product Type
Select a billing method: subscription or pay-as-you-go.
Region and Zone
Select a region and zone. A zone is a distinct physical location within a region. There are no significant differences between zones.
Computing Resource Specifications
Select the compute resource specification. We recommend a specification with 4 GB of memory or more.
Disk Storage Type
Select the disk storage type.
Storage Resource Specifications
Select the storage resource specification.
Project Name
Enter a name for the project.
ImportantThe project name must be unique.
Initial password
Set the password for the database. The password must meet the following requirements:
Be 8 to 32 characters in length.
Contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
The supported special characters are:
!@#$%^&*()_+-=.
NoteThe initial password is for the database, not for logging in to the Supabase Dashboard.
After the project is created, you can change the database password on the console or call the ResetSupabaseProjectPassword API operation.
Virtual Private Cloud (VPC)
Select the ID of the VPC.
A VPC is an isolated network environment that provides higher security and performance than classic networks. You must first create a VPC and a vSwitch in the same region as the project.
VSwitch
Select a vSwitch within the VPC.
If no vSwitches are available, this means that none have been created in the selected zone. You can either switch to another zone or create a vSwitch in the current zone.
Resource Group
Select a resource group.
Confirm the parameter settings and create the project.
Create Project (Free Trial): Click OK.
Create Project (Paid Plan): Click Buy Now, confirm the order details, and then click Create Now.
Use a Supabase project
Log in to the Supabase Dashboard.
In the Actions column for the target project, click Manage.
Copy the logon account and password, and then click OK. You will be redirected to the Supabase Dashboard log in page.
Enter the username and password to log in to the Supabase Dashboard.
Get the API keys.
Get the anon key, which is used for database operations like CRUD (Create, Read, Update, and Delete).
In the top-left corner of the Supabase Dashboard, click Connect.
In the dialog box that appears, click App Frameworks to get the
SUPABASE_URLandSUPABASE_ANON_KEYfor the Supabase project.
Get the service role key, which is used for operations such as authentication and authorization.
In the left-side navigation pane of the Supabase Dashboard, click API Docs.
Click Introduction > Bash, and for Project API Key, select service_role(secret).
Click Authentication to get the SERVICE KEY.
Use the project.
ImportantTo prevent exposing credentials, we recommend storing API keys in environment variables instead of hardcoding them in your application.
Manage the database using the Supabase RESTful API.
You can perform CRUD operations on the database by sending requests to
https://<SUPABASE_URL>/rest/v1/. For example, to query theuserstable in the database, run the following command:curl 'http://<SUPABASE_URL>/rest/v1/users'-H "Authorization: Bearer <anon key>" -H "apikey: <anon key>" -H "Content-Type: application/json"Manage user registration and authentication using the Supabase Auth API.
For example, to query all users in the database, run the following command:
curl 'http://<SUPABASE_URL>/admin/users' -H "Authorization: Bearer <service role key>" -H "apikey: <service role key>" -H "Content-Type: application/json"
For more information, see the official Supabase documentation.
Manage a Supabase project
Change the database password
In the Actions column for the target project, click Change Password. In the dialog box that appears, enter the new password and click OK.
Modify the whitelist
In the Actions column for the target project, click Modify Whitelist. In the dialog box that appears, enter the IP address whitelist and click OK.
Delete a Supabase project
In the Actions column for the target project, click Release. In the dialog box that appears, click OK.
Related APIs
API | Description |
Creates a Supabase project. | |
Queries a list of your Supabase projects. | |
Queries the API keys of a Supabase project, including the anon key and service role key. | |
Resets the database password for a Supabase project. | |
Configures the IP address whitelist for a Supabase project. | |
Deletes a Supabase project. |
FAQ
Direct connection to PostgreSQL
For projects created after August 27, 2024, AnalyticDB for PostgreSQL Supabase supports standard PostgreSQL direct connections. You can use common tools like psql, JDBC, DBeaver, DataGrip, and Tableau to connect to AnalyticDB Supabase.
Procedure:
Log in to the AnalyticDB for PostgreSQL console, select the region where the project is located, and in the left-side navigation pane, click Supabase.
Configure the whitelist.
In the Actions column for the target project, click Modify Whitelist to add the public IP address of your client to the project's IP address whitelist.
(Optional) Set and store the database account password.
In the Actions column for the target project, click Change Password to set the database account password and store it securely.
Get the connection information and connect to the database.
Default port: 5432.
Connection address: In the Actions column for the target project, click Manage, and then click Go to. The connection address is the IP address from the URL of the page that opens. For example, if the URL is
http://<IP>:8000, then<IP>is the database connection address.
Modify Auth configuration
The Auth service provides the PATCH /auth/v1/modify/settings endpoint for dynamically modifying authentication settings at runtime. Changes take effect without restarting the service.
Authentication
You must use the service role key for authentication. Include it in both the Authorization and apikey headers.
Usage notes
The request body is JSON. You only need to include the fields that you want to modify. Fields that are not included remain unchanged.
Changes are hot-reloaded and take effect immediately, without requiring a restart.
Settings are persisted in the database and persist through service restarts.
Example: Modify the JWT expiration time
To change the JWT access token expiration time from the default of 3600 seconds to 7200 seconds:
curl -X PATCH https://<project domain>/auth/v1/modify/settings \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <SERVICE_ROLE_KEY>" \
-H "apikey: <SERVICE_ROLE_KEY>" \
-d '{"jwt_exp": 7200}'View current settings
Use GET /auth/v1/settings to view all current settings:
curl https://<project domain>/auth/v1/settings \
-H "Authorization: Bearer <SERVICE_ROLE_KEY>" \
-H "apikey: <SERVICE_ROLE_KEY>"The response includes all configurable parameters and their current values (sensitive fields such as secrets and passwords are hidden). The JSON field names in the response are the parameter names you can use with the modify/settings endpoint.