Connect Supabase to Definable AI

Supabase is an open-source backend-as-a-service providing a Postgres database, authentication, storage, and real-time subscription APIs for building modern applications

About Supabase

Supabase is a productivity tool. Connect it to Definable AI with one-click OAuth2 — no API keys or custom code required.

What you can automate with Supabase

Use Definable AI's agent platform to trigger workflows from Supabase, process results with 50+ AI models, and sync data across 900+ connected apps.

Tools & Actions (121 available)

  • Activate vanity subdomain for project: Activates a vanity subdomain for the specified Supabase project (e.g., 'my-brand.supabase.co'). Important notes: - Vanity subdomains require a paid plan (Pro/Team/Enterprise) - Usage of vanity subdomains and custom domains is mutually exclusive - After activation, your project's auth services will no longer work on the original {project-ref}.supabase.co hostname - Schedule a downtime window to update client code and OAuth providers before activating
  • Apply a database migration: Tool to apply database migrations to a Supabase project. Use when you need to execute SQL schema changes, create tables, alter columns, or run other DDL/DML operations as part of a tracked migration. This is a Beta feature in the Supabase Management API.
  • Authorize user through OAuth: Generates a Supabase OAuth 2.0 authorization URL for user redirection. IMPORTANT: This action requires a pre-registered OAuth client_id and a redirect_uri that matches one of the pre-registered URIs for that OAuth application. Without a valid registered OAuth application, this endpoint will return a 400 error. To use this action: 1. Register an OAuth application in the Supabase dashboard 2. Use the client_id from the registered application 3. Ensure redirect_uri matches one of the registered callback URLs
  • Beta activate custom hostname for project: Activates a previously configured custom hostname for a Supabase project, assuming DNS settings are verified externally.
  • Beta get project's custom hostname config: Retrieves a Supabase project's custom hostname configuration, including its status, SSL certificate, and ownership verification, noting that availability may depend on the project's plan.
  • Beta update project network restrictions: Updates and applies network access restrictions (IPv4/IPv6 CIDR lists) for a Supabase project, which may terminate existing connections not matching the new rules.
  • Bulk create secrets: Tool to bulk create secrets for a Supabase project. Use when you need to create multiple project secrets at once. Each secret name must not start with SUPABASE_.
  • Bulk delete secrets: Tool to bulk delete secrets from a Supabase project. Use when you need to remove multiple secrets at once. Requires the edge_functions_secrets_write scope.
  • Bulk update functions: Tool to bulk update Edge Functions in a Supabase project. Use when you need to update multiple functions at once with new configurations such as status, version, or other properties.
  • Check vanity subdomain availability: Checks if a specific vanity subdomain is available for a Supabase project; this action does not reserve or assign the subdomain.
  • Count action runs: Counts the number of action runs for a Supabase project using a HEAD request. Use this when you need to retrieve the total count of action runs without fetching the full list of runs.
  • Create CLI login role: Creates a temporary CLI login role for database access with specified permissions; use when setting up CLI authentication for development or administrative tasks.
  • Create SSO provider configuration: Creates a new SAML 2.0 Single Sign-On (SSO) provider for a Supabase project, requiring either `metadata_xml` or `metadata_url` for SAML IdP configuration.
  • Create a database branch: Creates a new, isolated database branch from an existing Supabase project (identified by `ref`), useful for setting up separate environments like development or testing, which can optionally be linked to a Git branch.
  • Create a function: Creates a new serverless Edge Function for a Supabase project (identified by `ref`), requiring valid JavaScript/TypeScript in `body` and a project-unique `slug` identifier.
  • Create a new third-party auth integration: Call this to add a new third-party authentication method (OIDC or JWKS) to a Supabase project for integrating external identity providers (e.g., for SSO); the API may also support `custom_jwks` if sent directly.
  • Create an organization: Creates a new Supabase organization, which serves as a top-level container for projects, billing, and team access.
  • Create new project: Creates a new Supabase project, requiring a unique name (no dots) within the organization; project creation is asynchronous.
  • Create project api key: Creates a 'publishable' or 'secret' API key for an existing Supabase project, optionally with a description; 'secret' keys can have customized JWT templates.
  • Create project signing key: Create a new signing key for JWT authentication in a Supabase project. The key is created in standby status by default and must be activated separately.
  • Delete CLI login roles: [Beta] Deletes existing login roles used by the Supabase CLI for the specified project. Use when you need to remove CLI authentication roles that were previously created for project access.
  • Delete an API key from the project: Permanently deletes a specific API key (identified by `id`) from a Supabase project (identified by `ref`), revoking its access.
  • Delete an edge function by slug: Permanently deletes a specific Edge Function (by `function_slug`) from a Supabase project (by `ref`); this action is irreversible and requires prior existence of both project and function.
  • Delete branch by id: Permanently and irreversibly deletes a specific, non-default database branch by its `branch_id`, without affecting other branches.
  • Delete custom hostname config: Deletes an active custom hostname configuration for the project identified by `ref`, reverting to the default Supabase-provided hostname; this action immediately makes the project inaccessible via the custom domain and requires subsequent updates to client, OAuth, and DNS settings.
  • Delete project by ref: Permanently and irreversibly deletes a Supabase project, identified by its unique `ref` ID, resulting in complete data loss.
  • Delete third party auth config: Removes a third-party authentication provider (e.g., Google, GitHub) from a Supabase project's configuration; this immediately prevents users from logging in via that method.
  • Delete vanity subdomain for project: Permanently and irreversibly deletes an active vanity subdomain configuration for the specified Supabase project, reverting it to its default Supabase URL.
  • Deploy function: Deploys Edge Functions to a Supabase project using multipart upload.
  • Disable preview branching: Disables the preview branching feature for an existing Supabase project, identified by its unique reference ID (`ref`). Note: Preview branching must be enabled on the project for this operation to succeed. If the project does not have preview branching enabled, a 422 error will be returned.
  • Disable project readonly mode: Temporarily disables a Supabase project's read-only mode for 15 minutes to allow write operations (e.g., for maintenance or critical updates), after which it automatically reverts to read-only.
  • Enable project database webhooks: Enables database webhooks for the Supabase project `ref`, triggering real-time notifications for INSERT, UPDATE, or DELETE events.
  • Exchange auth code for access and refresh token: (Beta) Implements the OAuth 2.0 token endpoint to exchange an authorization code or refresh token for access/refresh tokens, based on `grant_type`. This is a standard OAuth 2.0 token endpoint that uses application/x-www-form-urlencoded content type as per OAuth 2.0 specification. Requires a valid registered OAuth application client_id and client_secret. For authorization_code grant type: - Requires valid authorization code obtained from the OAuth authorization flow - Optionally requires code_verifier if PKCE was used during authorization For refresh_token grant type: - Requires valid refresh_token from a previous token exchange
  • Execute project database query: Executes a given SQL query against the project's database; use for advanced data operations or when standard API endpoints are insufficient, ensuring queries are valid PostgreSQL and sanitized. Use the get_table_schemas or generate_type_script_types tool to retrieve the table schema, then base your query on it.
  • Execute read-only database query: [Beta] Run a SQL query as supabase_read_only_user. Use when you need to safely execute SELECT queries without risk of modifying data. Only read operations are allowed.
  • Generate TypeScript types: Generates and retrieves TypeScript types from a Supabase project's database; any schemas specified in `included_schemas` must exist in the project.
  • Get API Health Status: Tool to check the health status of the Supabase API. Use when you need to verify API availability or troubleshoot connectivity issues.
  • Get Available Regions: Tool to get the list of available regions for creating a new Supabase project. Use when you need to determine which regions are available for project deployment, or to get region recommendations based on geographic location and instance size requirements. Note: This is a Beta endpoint.
  • Get Database Metadata: Gets database metadata for the given project. Returns information about databases, schemas, and tables structure. Note: This endpoint is deprecated and may be removed in future versions.
  • Get JIT access config: [Beta] Retrieves the project's just-in-time (JIT) access configuration, including user roles and their expiration settings. Use this to check temporary access grants and their validity periods.
  • Get Project Upgrade Eligibility: Checks a Supabase project's eligibility for an upgrade, verifying compatibility and identifying potential issues; this action does not perform the actual upgrade.
  • Get Security Advisors: Retrieves security advisor findings and recommendations for a Supabase project. Use when you need to audit project security posture, identify SQL-based security issues, or get remediation guidance. Note: This endpoint is deprecated and may be removed in future API versions.
  • Get TUS resumable upload base options: Handles OPTIONS request for TUS Resumable uploads to discover server capabilities. Use when preparing resumable upload requests to verify supported TUS protocol versions and extensions.
  • Get TUS resumable upload options: Handles OPTIONS request for TUS Resumable uploads to discover server capabilities. Use when preparing resumable upload requests to verify supported TUS protocol versions and extensions.
  • Get Table Schemas: Retrieves column details, types, and constraints for multiple database tables to help debug schema issues and write accurate SQL queries. Use the SUPABASE_LIST_TABLES action first to discover available tables, the fetch their detailed schemas.
  • Get a SSO provider by its UUID: Retrieves the configuration details for a specific Single Sign-On (SSO) provider (e.g., SAML, Google, GitHub, Azure AD), identified by its UUID, within a Supabase project.
  • Get a database branch: Retrieves detailed information about a specific database branch by its name and project reference. Use this to check branch status, configuration, and metadata before performing operations on the branch.
  • Get a migration: Retrieves a specific database migration entry from the migration history using its version identifier. Use when you need to inspect migration details, SQL statements, or rollback commands for a specific migration version.
  • Get a specific SQL snippet: Retrieves a specific SQL snippet by its unique identifier.
  • Get a third-party integration: Retrieves the detailed configuration for a specific third-party authentication (TPA) provider, identified by `tpa_id`, within an existing Supabase project specified by `ref`.
  • Get action run logs: Retrieves the execution logs for a specific action run by its ID. Use this to debug action executions, view output messages, and investigate errors that occurred during action runs.
  • Get action run status: Retrieves the status and details of a specific action run, including its steps, timestamps, and configuration. Use this to monitor or check the progress of an action execution.
  • Get current vanity subdomain config: Fetches the current vanity subdomain configuration, including its status and custom domain name, for a Supabase project identified by its reference ID.
  • Get database branch config: Retrieves the read-only configuration and status for a Supabase database branch, typically for monitoring or verifying its settings.
  • Get information about an organization: Fetches comprehensive details for a specific Supabase organization using its unique slug.
  • Get legacy signing key: Retrieves the signing key information for the JWT secret imported as signing key for this project. This endpoint is deprecated and will be removed in the future; check for HTTP 404 Not Found which indicates the endpoint is no longer available.
  • Get performance advisors: Retrieves project performance advisors for a Supabase project. Returns a list of performance lints that identify potential issues and optimization opportunities. Note: This endpoint is deprecated.
  • Get project: Retrieves detailed information about a specific Supabase project by its unique reference ID. Use when you need to get comprehensive project details including status, database configuration, and metadata. Authentication: - Requires a valid Bearer token in the Authorization header. - Token format: 'Bearer <access_token>' where access_token is either: - A Personal Access Token (PAT) generated from https://supabase.com/dashboard/account/tokens - An OAuth2 access token with the 'project_admin_read' scope Required Scope: - project_admin_read: Allows retrieval of project information. Returns: Project object containing id, ref, name, organization details, region, status, database configuration, and created_at timestamp.
  • Get project API key: Retrieves details of a specific API key for a Supabase project by its UUID. Use when you need to inspect a single key's configuration, type, or metadata.
  • Get project API keys: Retrieves all API keys for an existing Supabase project, specified by its unique reference ID (`ref`); this is a read-only operation.
  • Get project PgBouncer config: Retrieves the active PgBouncer configuration (PostgreSQL connection pooler) for a Supabase project, used for performance tuning, auditing, or getting the connection string.
  • Get project SSL enforcement configuration: Retrieves the SSL enforcement configuration for a specified Supabase project, indicating if SSL connections are mandated for its database.
  • Get project Supavisor configuration: Retrieves the Supavisor (connection pooler) configuration for a specified Supabase project, identified by its reference ID.
  • Get project legacy API keys status: Checks whether JWT-based legacy API keys (anon, service_role) are enabled for a Supabase project. This API endpoint is deprecated and may be removed in the future (returns HTTP 404 Not Found when unavailable).
  • Get project logs: Retrieves analytics logs for a Supabase project. Use this to fetch and analyze project logs including edge function logs, database logs, and API logs for monitoring and debugging.
  • Get project network restrictions: Retrieves the network restriction settings (IP allowlists) for a Supabase project. Use this action to: - Check which IPv4/IPv6 CIDR blocks are allowed to connect to the project's database - Verify if network restrictions are enabled (entitlement: "allowed") or disabled ("disallowed") - Audit current network security configuration - Check if network restrictions have been modified (old_config present) Note: Default values 0.0.0.0/0 (IPv4) and ::/0 (IPv6) mean all IPs are allowed. Network restrictions require a Pro, Team, or Enterprise plan.
  • Get project pgsodium config: Retrieves the PGSodium configuration, including the root encryption key, for an existing Supabase project identified by its `ref`.
  • Get project postgres config: Retrieves the current read-only PostgreSQL database configuration for a specified Supabase project's `ref`, noting that some advanced or security-sensitive details might be omitted from the response.
  • Get project signing keys: Tool to list all signing keys for a Supabase project. Use when you need to retrieve JWT signing keys for authentication verification or rotation management.
  • Get project upgrade status: Retrieves the latest status of a Supabase project's database upgrade for monitoring purposes; does not initiate or modify upgrades.
  • Get project's PostgREST config: Retrieves the PostgREST configuration for a specific Supabase project.
  • Get project's auth config: Retrieves the project's complete read-only authentication configuration, detailing all settings (e.g., providers, MFA, email/SMS, JWT, security policies) but excluding sensitive secrets.
  • Get project's read-only mode status: Retrieves the read-only mode status for a specified Supabase project to check its operational state; this action does not change the read-only state.
  • Get project's service health status: Retrieves the current health status for a Supabase project, for specified services or all services if the 'services' list is omitted.
  • Invoke Edge Function: Tool to invoke a deployed Supabase Edge Function over HTTPS. Use for testing and debugging Edge Functions with configurable method, headers, body, and authentication.
  • List Database Tables: Lists all tables and views in specified database schemas, providing a quick overview of database structure to help identify available tables before fetching detailed schemas.
  • List SQL snippets for the logged in user: Retrieves a list of SQL snippets for the logged-in user, optionally filtered by a specific Supabase project if `project_ref` is provided.
  • List all SSO providers: Lists all configured Single Sign-On (SSO) providers for a Supabase project, requiring the project reference ID (`ref`) of an existing project.
  • List all buckets: Retrieves a list of all storage buckets for a Supabase project, without returning bucket contents or access policies.
  • List all database branches: Lists all database branches for a specified Supabase project, used for isolated development and testing of schema changes; ensure the project reference ID is valid.
  • List all functions: Lists metadata for all Edge Functions in a Supabase project (specified by 'ref'), excluding function code or logs; the project must exist.
  • List all organizations: Lists all organizations (ID and name only) associated with the Supabase account, excluding project details within these organizations.
  • List all projects: Retrieves a list of all Supabase projects, including their ID, name, region, and status, for the authenticated user. Authentication: - Requires a valid Bearer token in the Authorization header. - Token format: 'Bearer <access_token>' where access_token is either: - A Personal Access Token (PAT) generated from https://supabase.com/dashboard/account/tokens - An OAuth2 access token with the 'Projects.Read' scope Required Scope: - Projects.Read: Allows retrieval of project metadata. Returns: List of Project objects containing id, name, organization_id, region, status, database info, and created_at.
  • List all secrets: Retrieves all secrets for a Supabase project using its reference ID; secret values in the response may be masked.
  • List members of an organization: Retrieves all members of a Supabase organization, identified by its unique slug, including their user ID, username, email, role, and MFA status.
  • List migration history: Retrieves the list of applied database migration versions for a Supabase project. Use this to track which migrations have been applied to the project's database. This is a read-only operation that requires the project reference ID.
  • List project database backups: Lists all database backups for a Supabase project, providing details on existing backups but not creating new ones or performing restores; availability may depend on plan and configuration.
  • List third-party auth integrations for project: Lists all configured third-party authentication provider integrations for an existing Supabase project (using its `ref`), suitable for read-only auditing or verifying current authentication settings.
  • OPTIONS for resumable upload sign: Handles CORS preflight OPTIONS request for TUS resumable upload signing. Use when preparing cross-origin resumable upload requests to verify allowed methods and headers.
  • OPTIONS for resumable upload sign: Handles CORS preflight OPTIONS request for TUS resumable upload signing endpoints. Use when preparing cross-origin resumable upload requests to verify allowed methods and headers.
  • Patch a migration: [Beta] Patches an existing entry in the project's migration history, updating the name or rollback script. Use this to correct migration metadata after the migration has been created.
  • Patch project network restrictions: Updates project's network restrictions by incrementally adding or removing IPv4/IPv6 CIDR blocks. Use when you need to modify existing restrictions without replacing the entire configuration.
  • Push a database branch: Pushes a database branch, applying migrations and changes to the specified branch. Use when you need to deploy schema changes or migrations to a database branch.
  • Remove an SSO provider: Deletes a specific SSO provider by its ID (`provider_id`) from a Supabase project (`ref`), which disables it and returns its details; ensure this action will not inadvertently lock out users.
  • Remove project network bans: Removes specified IPv4 addresses from a Supabase project's network ban list, granting immediate access; IPs not currently banned are ignored.
  • Remove read replica: Remove a read replica from a Supabase project (Pro plan or higher required). This beta endpoint initiates the removal of a specified read replica database. The operation is irreversible. Before removal, ensure all application traffic is redirected from the replica to the primary database. Requirements: - Project must be on Pro plan or higher - Bearer token with infra_read_replicas_write permission (FGA) - Valid read replica database identifier Note: Returns 201 on success with an empty response body.
  • Reset a database branch: Resets an existing Supabase database branch, identified by `branch_id`, to its initial clean state, irreversibly deleting all its current data and schema changes.
  • Restore database PITR backup: Restores a Supabase project's database to a specific Unix timestamp using Point-in-Time Recovery (PITR), overwriting the current state; requires a paid plan with PITR and physical backups enabled.
  • Retrieve a function: Retrieves detailed information, metadata, configuration, and status for a specific Edge Function using its project reference ID and function slug.
  • Retrieve a function body: Retrieves the source code (body) for a specified serverless Edge Function using its project reference and function slug; this is a read-only operation that does not execute the function or return runtime logs.
  • Retrieve network bans for project: Retrieves the list of banned IPv4 addresses for a Supabase project using its unique project reference string; this is a read-only operation.
  • Reverify custom hostname: Re-verifies DNS and SSL configurations for an existing custom hostname associated with a Supabase project.
  • Select From Table: Tool to select rows from a Supabase/PostgREST table. Use for read-only queries with filtering, sorting, and pagination.
  • Setup read replica for project: Provisions a read-only replica for a Supabase project in a specified, Supabase-supported AWS region to enhance read performance and reduce latency.
  • Update JIT access config: [Beta] Update a Supabase project's just-in-time (JIT) access configuration. Use to enable or disable JIT access features for privileged operations on the project.
  • Update SSL enforcement config: Updates the SSL enforcement configuration (enable/disable) for a specified Supabase project's database.
  • Update a function: Updates an existing Supabase Edge Function's properties (like name, slug, source code, JWT settings, import map) identified by project `ref` and `function_slug`, supporting plain text code or ESZIP for the body. Use RETRIEVE_A_FUNCTION_BODY action first to get the current source code, as this action requires sending the complete function code, not just the changes.
  • Update a project: Updates a Supabase project's configuration (currently supports updating the project name). Use when you need to rename an existing project.
  • Update an API key for the project: Updates an existing Supabase project API key's `description` and/or `secret_jwt_template` (which defines its `role`); does not regenerate the key string.
  • Update an SSO provider by its UUID: Updates an existing SSO provider's SAML metadata, associated email domains, or attribute mappings for a Supabase project, identified by `ref` and `provider_id`.
  • Update database branch config: Updates the configuration of a Supabase database branch, allowing modification of its name, associated Git branch, reset-on-push behavior, persistence, and status. Note: Database branching requires a paid Supabase plan (Pro or higher). This action requires a valid branch_id which must be exactly 20 lowercase alphabetic characters. Authentication: - Requires a valid Bearer token in the Authorization header. - Token format: 'Bearer <access_token>' Required Scope: - Environment:Write
  • Update database password: Updates the database password for a Supabase project. Use when needing to rotate credentials or recover database access.
  • Update database pooler config: Updates the Supavisor (database pooler) configuration, such as `default_pool_size`, for an existing Supabase project identified by `ref`; the `pool_mode` parameter in the request is deprecated and ignored.
  • Update pgsodium root key: Critically updates or initializes a Supabase project's pgsodium root encryption key for security setup or key rotation, requiring secure backup of the new key to prevent irreversible data loss.
  • Update project legacy API keys: Tool to disable or re-enable JWT-based legacy API keys (anon, service_role) for a Supabase project. Use when you need to toggle legacy API key access for security or migration purposes. Note: This API endpoint may be removed in the future - check for HTTP 404 Not Found if the endpoint is no longer available.
  • Update project's PostgREST config: Updates PostgREST configuration settings (e.g., `max_rows`, `db_pool`, `db_schema`, `db_extra_search_path`) for a Supabase project to fine-tune API performance, data exposure, and database resource usage.
  • Update project's auth config: Update Supabase project Auth configuration via the Management API. Use to fix misconfigured Auth redirects, SMTP settings, or other auth parameters. Only provided fields are updated; others remain unchanged. Before updating, confirm the Auth service status is ACTIVE_HEALTHY by checking project health.
  • Update project's custom hostname configuration: Updates the custom hostname for a Supabase project, requiring subsequent DNS changes to a user-controlled domain for SSL certificate issuance and domain ownership.
  • Update project's postgres config: Updates specified PostgreSQL configuration parameters for an existing Supabase project (`ref`) to optimize database performance; note that unspecified parameters remain unchanged, and caution is advised as incorrect settings can impact stability or require a restart.
  • Upgrade the project's PostgreSQL version: Initiates an asynchronous upgrade of a Supabase project's PostgreSQL database to a specified `target_version` from a selected `release_channel`, returning a `tracking_id` to monitor status; the `target_version` must be available in the chosen channel.
  • Upsert migration: Tool to upsert a database migration without applying it. Use when you need to track migration changes for a project. [Beta] This endpoint stores migration metadata without executing the SQL.

How to connect Supabase

  1. Sign in to Definable AI and go to Apps
  2. Search for Supabase and click Connect
  3. Authorize via OAuth2 — takes under 30 seconds
  4. Use Supabase actions in your AI agents and workflows