Supabase is an open-source backend-as-a-service providing a Postgres database, authentication, storage, and real-time subscription APIs for building modern applications
Supabase is an open-source backend-as-a-service providing a Postgres database, authentication, storage, and real-time subscription APIs for building modern applications On Nagent, Supabase is exposed as a fully-configurable developer tools integration that any agent can call — 121 actions, and OAUTH2, API_KEY authentication. No code is required to wire Supabase into your workflow — connect it once via the External Integrations panel and reuse it across every agent you build.
Agent builders use Supabase to automate the kinds of tasks developer tools teams previously handled manually. Concrete examples — each one is a single agent step in Nagent — include:
Every action and trigger is paired with a structured input/output schema (visible in the sections below), so when you wire Supabase into Helix — our agentic agent builder — the editor knows exactly what each step expects and produces. Configure once, deploy anywhere across your Nagent agents.
Every operation an agent can call against Supabase, with input parameters and output schema. Drop these into any step of an agent built in Helix.
SUPABASE_ALPHA_CREATE_API_KEYCreates a 'publishable' or 'secret' API key for an existing Supabase project, optionally with a description; 'secret' keys can have customized JWT templates.
Input parameters
The unique reference ID of the Supabase project.
Name for the API key. Must start with a lowercase letter or underscore, followed only by lowercase alphanumeric characters or underscores. Example: 'my_api_key_01'.
Specifies the type of API key: 'publishable' for client-side use or 'secret' for server-side operations.
Optional human-readable description for the API key.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_ALPHA_DELETE_API_KEYPermanently deletes a specific API key (identified by `id`) from a Supabase project (identified by `ref`), revoking its access.
Input parameters
The unique identifier of the API key that needs to be deleted from the project.
The unique reference ID of the Supabase project from which the API key is to be deleted.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_ALPHA_DELETE_THIRD_PARTY_AUTH_INTEGRATIONRemoves a third-party authentication provider (e.g., Google, GitHub) from a Supabase project's configuration; this immediately prevents users from logging in via that method.
Input parameters
The unique reference ID of the Supabase project.
The unique identifier (ID) of the third-party authentication provider configuration to be removed.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_ALPHA_GET_THIRD_PARTY_INTEGRATIONRetrieves the detailed configuration for a specific third-party authentication (TPA) provider, identified by `tpa_id`, within an existing Supabase project specified by `ref`.
Input parameters
The unique identifier (reference) of the Supabase project.
The unique identifier of the specific third-party authentication provider configuration to retrieve.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_ALPHA_LIST_THIRD_PARTY_AUTH_INTEGRATIONSLists all configured third-party authentication provider integrations for an existing Supabase project (using its `ref`), suitable for read-only auditing or verifying current authentication settings.
Input parameters
The unique identifier of the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_ALPHA_UPDATE_API_KEYUpdates an existing Supabase project API key's `description` and/or `secret_jwt_template` (which defines its `role`); does not regenerate the key string.
Input parameters
The unique identifier of the API key that needs to be updated.
The unique reference ID of the Supabase project to which the API key belongs.
Optional new description for the API key.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_APPLY_A_MIGRATIONTool to apply database migrations to a Supabase project. Use when you need to execute SQL schema changes, create tables, alter columns, or run other DDL/DML operations as part of a tracked migration. This is a Beta feature in the Supabase Management API.
Input parameters
The unique reference ID of the Supabase project (e.g., 'pamqaklsszmjzugtywow'). Found in Project Settings > General > Reference ID.
A unique name for the migration to track it in the migration history. If not provided, a default name will be assigned.
The SQL migration query to execute against the project's database. Must be at least 1 character long.
Optional SQL query to rollback/undo this migration if needed.
A unique key to ensure the same migration is tracked only once. If provided, prevents duplicate migrations with the same key from being applied.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_ACTIVATE_CUSTOM_HOSTNAMEActivates a previously configured custom hostname for a Supabase project, assuming DNS settings are verified externally.
Input parameters
The unique identifier (project ID) of the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_ACTIVATE_VANITY_SUBDOMAINActivates a vanity subdomain for the specified Supabase project (e.g., 'my-brand.supabase.co'). Important notes: - Vanity subdomains require a paid plan (Pro/Team/Enterprise) - Usage of vanity subdomains and custom domains is mutually exclusive - After activation, your project's auth services will no longer work on the original {project-ref}.supabase.co hostname - Schedule a downtime window to update client code and OAuth providers before activating
Input parameters
Unique reference ID of the Supabase project.
Vanity subdomain to activate (e.g., 'my-example-brand'). Must be 1-63 alphanumeric characters or hyphens; cannot start or end with a hyphen.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_AUTHORIZE_USER_THROUGH_OAUTHGenerates a Supabase OAuth 2.0 authorization URL for user redirection. IMPORTANT: This action requires a pre-registered OAuth client_id and a redirect_uri that matches one of the pre-registered URIs for that OAuth application. Without a valid registered OAuth application, this endpoint will return a 400 error. To use this action: 1. Register an OAuth application in the Supabase dashboard 2. Use the client_id from the registered application 3. Ensure redirect_uri matches one of the registered callback URLs
Input parameters
Space-separated list of OAuth scopes for requested permissions on user resources (e.g., 'email profile', 'storage.objects.read').
Opaque value to maintain state between request and callback; returned unmodified to aid CSRF prevention.
Unique identifier for the OAuth client application, registered with Supabase. Must be a valid client_id from a registered OAuth application.
URI where Supabase redirects the user after authorization; must exactly match a registered URI for the client application.
Specifies how authorization response parameters are returned (e.g., 'query', 'fragment', 'form_post'). Default is determined by `response_type` if not specified.
Specifies the authorization flow type: 'code' for Authorization Code Grant; 'token' for Implicit Grant (access token); 'id_token token' for OIDC hybrid flows (ID and access tokens).
PKCE code challenge to secure authorization code grants, typically a BASE64URL-encoded SHA256 hash of `code_verifier`.
Method to derive `code_challenge` for PKCE: 'S256'/'sha256' for SHA256 hashing; 'plain' sends verifier as is (not for production if hashing possible). Required if `code_challenge` is provided.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_CHECK_VANITY_SUBDOMAIN_AVAILABILITYChecks if a specific vanity subdomain is available for a Supabase project; this action does not reserve or assign the subdomain.
Input parameters
The unique reference ID of the Supabase project.
The desired vanity subdomain to check for availability (e.g., 'my-app'). Must be 1-63 alphanumeric characters or hyphens; cannot start or end with a hyphen.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_CREATE_READ_REPLICAProvisions a read-only replica for a Supabase project in a specified, Supabase-supported AWS region to enhance read performance and reduce latency.
Input parameters
Unique reference ID of the Supabase project.
AWS region for the read replica; selecting one closer to users improves performance and reduces latency.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_ENABLE_DATABASE_WEBHOOKSEnables database webhooks for the Supabase project `ref`, triggering real-time notifications for INSERT, UPDATE, or DELETE events.
Input parameters
The unique identifier for the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_GET_PROJECT_CUSTOM_HOSTNAME_CONFIGRetrieves a Supabase project's custom hostname configuration, including its status, SSL certificate, and ownership verification, noting that availability may depend on the project's plan.
Input parameters
The unique reference ID of the Supabase project. This ID can typically be found in your project's dashboard URL.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_GET_PROJECT_NETWORK_BANSRetrieves the list of banned IPv4 addresses for a Supabase project using its unique project reference string; this is a read-only operation.
Input parameters
The unique project reference identifier for the Supabase project. Must be a valid 20-character project ref. You can retrieve valid project refs using the 'List all projects' action.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_GET_PROJECT_NETWORK_RESTRICTIONSRetrieves the network restriction settings (IP allowlists) for a Supabase project. Use this action to: - Check which IPv4/IPv6 CIDR blocks are allowed to connect to the project's database - Verify if network restrictions are enabled (entitlement: "allowed") or disabled ("disallowed") - Audit current network security configuration - Check if network restrictions have been modified (old_config present) Note: Default values 0.0.0.0/0 (IPv4) and ::/0 (IPv6) mean all IPs are allowed. Network restrictions require a Pro, Team, or Enterprise plan.
Input parameters
The unique project reference ID (also called project ID or ref). This is a 20-character alphanumeric string that identifies the Supabase project. Can be found in the project URL or retrieved via SUPABASE_LIST_ALL_PROJECTS.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_GET_PROJECT_PGSODIUM_CONFIGRetrieves the PGSodium configuration, including the root encryption key, for an existing Supabase project identified by its `ref`.
Input parameters
The unique identifier of the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_GET_PROJECT_SSL_ENFORCEMENT_CONFIGRetrieves the SSL enforcement configuration for a specified Supabase project, indicating if SSL connections are mandated for its database.
Input parameters
The unique identifier of the Supabase project. This can typically be found in your project's dashboard URL (e.g., `https://supabase.com/dashboard/project/<project-ref>`).
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_GET_VANITY_SUBDOMAIN_CONFIGFetches the current vanity subdomain configuration, including its status and custom domain name, for a Supabase project identified by its reference ID.
Input parameters
The unique reference ID of the Supabase project for which to fetch the vanity subdomain configuration.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_REMOVE_NETWORK_BANSRemoves specified IPv4 addresses from a Supabase project's network ban list, granting immediate access; IPs not currently banned are ignored.
Input parameters
The unique reference ID of the Supabase project.
A list of IPv4 addresses to be removed from the project's network ban list.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_REMOVE_READ_REPLICARemove a read replica from a Supabase project (Pro plan or higher required). This beta endpoint initiates the removal of a specified read replica database. The operation is irreversible. Before removal, ensure all application traffic is redirected from the replica to the primary database. Requirements: - Project must be on Pro plan or higher - Bearer token with infra_read_replicas_write permission (FGA) - Valid read replica database identifier Note: Returns 201 on success with an empty response body.
Input parameters
The unique project reference ID (20 lowercase characters, e.g. 'abcdefghijklmnopqrst'). Found in project settings or URL.
The unique identifier of the read replica database to remove. Obtain from the project's database settings or read replica listing.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_RUN_SQL_QUERYExecutes a given SQL query against the project's database; use for advanced data operations or when standard API endpoints are insufficient, ensuring queries are valid PostgreSQL and sanitized. Use the get_table_schemas or generate_type_script_types tool to retrieve the table schema, then base your query on it.
Input parameters
The unique reference ID of the Supabase project (used in the URL path). Must be exactly 20 lowercase letters (a-z). Can be found in Project Settings > General > Reference ID in the Supabase Dashboard, or from the dashboard URL: https://supabase.com/dashboard/project/<project-ref>. Can also be provided as 'project_ref'.
The SQL query to be executed against the project's database. Can also be provided as 'sql'. CRITICAL - Single Quote Handling: Single quotes that delimit SQL string literals (e.g., 'John', '3 days') work normally when transmitted via JSON. However, apostrophes and single quotes WITHIN string content MUST be escaped using PostgreSQL's standard escaping (doubling the quote: ''). Examples: ✓ CORRECT: SELECT 'I''m here' (apostrophe in content is escaped as '') ✓ CORRECT: INSERT INTO users (bio) VALUES ('She said ''hello''') ✓ CORRECT: SELECT '{ "msg": "I''m ready" }'::jsonb (apostrophe inside JSON string is escaped) ✗ WRONG: SELECT 'I'm here' (syntax error - apostrophe breaks the string) ✗ WRONG: SELECT '{ "msg": "I'm ready" }'::jsonb (syntax error in JSON content) IMPORTANT - PostgreSQL Array Syntax: For columns of type text\[\], integer\[\], etc., do NOT use JSON array syntax like '\["item1", "item2"\]' as PostgreSQL will reject it. Use PostgreSQL array syntax instead: (1) ARRAY constructor: ARRAY\['item1', 'item2'\], or (2) Curly brace literal: '{"item1", "item2"}'. IMPORTANT - PostgreSQL Configuration Parameters: To reference Supabase secrets or config parameters, use current_setting() with the correct parameter name (e.g., current_setting('app.settings.my_secret')). Parameter names must not contain sanitization placeholders like '<URL>', '<IP_ADDRESS>', etc. Note: Complex DDL operations (CREATE TABLE with multiple indexes, CREATE VIEW with joins, large data migrations) may timeout if they exceed the Supabase API's internal timeout limit (~60 seconds). For long-running operations, consider breaking them into smaller queries or using a direct database connection.
If true, executes the query in a read-only transaction. Useful for safety when only fetching data without modifying the database. IMPORTANT: This parameter is incompatible with data modification statements. For INSERT, UPDATE, and DELETE statements, if set to true, it will be automatically overridden to false to allow the operation to proceed. For DDL statements (CREATE, ALTER, DROP, etc.), read_only=true will cause an error - you must set it to false or omit it.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_UPDATE_PROJECT_NETWORK_RESTRICTIONSUpdates and applies network access restrictions (IPv4/IPv6 CIDR lists) for a Supabase project, which may terminate existing connections not matching the new rules.
Input parameters
Unique reference ID of the Supabase project.
List of IPv4 addresses or CIDR notations for database access; `\[\]` removes all IPv4 restrictions, `null`/omitted leaves current IPv4 restrictions unchanged.
List of IPv6 addresses or CIDR notations for database access; `\[\]` removes all IPv6 restrictions, `null`/omitted leaves current IPv6 restrictions unchanged.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_BETA_UPGRADE_PROJECT_POSTGRES_VERSIONInitiates an asynchronous upgrade of a Supabase project's PostgreSQL database to a specified `target_version` from a selected `release_channel`, returning a `tracking_id` to monitor status; the `target_version` must be available in the chosen channel.
Input parameters
The project's unique reference ID.
Target PostgreSQL version (e.g., '15.1.0.123'); must be available in the specified `release_channel`.
Release channel for selecting the PostgreSQL version.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_COUNT_ACTION_RUNSCounts the number of action runs for a Supabase project using a HEAD request. Use this when you need to retrieve the total count of action runs without fetching the full list of runs.
Input parameters
The unique reference ID (20 alphanumeric characters) of your Supabase project. You can find this in your project's dashboard URL or by calling the List All Projects action.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_CREATE_A_PROJECTCreates a new Supabase project, requiring a unique name (no dots) within the organization; project creation is asynchronous.
Input parameters
Name for the new project; must be unique within the organization and not contain dots.
Subscription plans (now set at the organization level).
Geographical region for the project's server and database.
Password for the new database (required). Must be a secure password. IMPORTANT: Store this password securely as it cannot be retrieved later via the API and is needed for direct database connections.
Deprecated and ignored.
Optional URL to a Supabase project template (e.g., from Git) to initialize the project.
The actual organization ID or slug from your Supabase account. IMPORTANT: 'personal' is NOT a valid value - you must use the real organization ID returned by the 'List All Organizations' API endpoint (GET /v1/organizations) or found in your Supabase dashboard settings.
Supported major versions of the PostgreSQL engine.
Available release channels for Supabase software.
Available compute instance sizes for a Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_CREATE_BULK_SECRETSTool to bulk create secrets for a Supabase project. Use when you need to create multiple project secrets at once. Each secret name must not start with SUPABASE_.
Input parameters
The unique reference ID (ref) of the Supabase project where secrets will be created.
List of secrets to create. Each secret must have a unique name that doesn't start with SUPABASE_.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_CREATE_DATABASE_BRANCHCreates a new, isolated database branch from an existing Supabase project (identified by `ref`), useful for setting up separate environments like development or testing, which can optionally be linked to a Git branch.
Input parameters
The unique reference ID of the parent Supabase project.
Geographical region for the new database branch.
Git branch name to associate with this database branch, linking database states to code branches.
Specifies if the branch is persistent (true) or ephemeral (false); ephemeral branches might be auto-deleted.
A unique name for the new database branch.
Desired PostgreSQL engine version for the new branch.
Release channel for Supabase features on this branch, determining feature stability.
Compute instance size for the new database branch.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_CREATE_FUNCTIONCreates a new serverless Edge Function for a Supabase project (identified by `ref`), requiring valid JavaScript/TypeScript in `body` and a project-unique `slug` identifier.
Input parameters
Project's unique identifier (path parameter).
JavaScript or TypeScript source code for the Edge Function.
Human-readable name for the function.
URL-friendly identifier for the function's route prefix. Must be unique within the project.
If true, enable import map for ES module resolution.
If true, verify JWT in Authorization header before invoking the function. Set to false for public endpoints like webhooks.
Path to main function code, relative to project's functions directory. Defaults to `./index.ts` or `./index.js` in function's slug directory.
Path to import map JSON, relative to project's functions directory; used if `import_map` is true. Defaults to `import_map.json` in function's slug directory.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_CREATE_LOGIN_ROLECreates a temporary CLI login role for database access with specified permissions; use when setting up CLI authentication for development or administrative tasks.
Input parameters
Project reference ID (unique identifier for the Supabase project).
Whether the login role should have read-only permissions. Set to true for read-only access, false for full access.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_CREATE_ORGANIZATIONCreates a new Supabase organization, which serves as a top-level container for projects, billing, and team access.
Input parameters
The name for the new organization.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_CREATE_PROJECT_SIGNING_KEYCreate a new signing key for JWT authentication in a Supabase project. The key is created in standby status by default and must be activated separately.
Input parameters
The unique reference ID of the Supabase project. Can also be provided as 'project_ref'.
Status of a signing key in request.
The cryptographic algorithm to use for the signing key. HS256 is recommended for most use cases.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_CREATE_SSO_PROVIDERCreates a new SAML 2.0 Single Sign-On (SSO) provider for a Supabase project, requiring either `metadata_xml` or `metadata_url` for SAML IdP configuration.
Input parameters
Unique reference ID of the Supabase project.
Type of the SSO provider; 'saml' (SAML 2.0) is the only supported value.
Email domains to associate with this SSO provider; users from these domains will be directed here for authentication.
URL to fetch SAML 2.0 metadata XML. Provide this or `metadata_xml`.
SAML 2.0 metadata XML document as a string. Provide this or `metadata_url`.
Maps SAML assertion attributes to custom Supabase JWT claims. Keys are JWT claim names; values specify SAML attribute extraction rules (e.g., `name`, `names`, `default`, `array`).
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_CREATE_THIRD_PARTY_AUTH_INTEGRATIONCall this to add a new third-party authentication method (OIDC or JWKS) to a Supabase project for integrating external identity providers (e.g., for SSO); the API may also support `custom_jwks` if sent directly.
Input parameters
The unique identifier of the Supabase project.
URL of the JSON Web Key Set (JWKS) for public key verification. Required if `oidc_issuer_url` is not provided.
URL of the OpenID Connect (OIDC) issuer. Required if `jwks_url` is not provided.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_DELETE_CUSTOM_HOSTNAME_CONFIGDeletes an active custom hostname configuration for the project identified by `ref`, reverting to the default Supabase-provided hostname; this action immediately makes the project inaccessible via the custom domain and requires subsequent updates to client, OAuth, and DNS settings.
Input parameters
The unique reference ID of the Supabase project for which the custom hostname configuration will be deleted.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_DELETE_DATABASE_BRANCHPermanently and irreversibly deletes a specific, non-default database branch by its `branch_id`, without affecting other branches.
Input parameters
The unique identifier of the database branch to be deleted.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_DELETE_FUNCTIONPermanently deletes a specific Edge Function (by `function_slug`) from a Supabase project (by `ref`); this action is irreversible and requires prior existence of both project and function.
Input parameters
The unique identifier of the Supabase project from which the function will be deleted.
The unique identifier (slug) of the Edge Function to be deleted. This is typically the name given to the function upon creation.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_DELETE_LOGIN_ROLES\[Beta\] Deletes existing login roles used by the Supabase CLI for the specified project. Use when you need to remove CLI authentication roles that were previously created for project access.
Input parameters
The unique project reference identifier for the Supabase project from which CLI login roles will be deleted.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_DELETE_PROJECTPermanently and irreversibly deletes a Supabase project, identified by its unique `ref` ID, resulting in complete data loss.
Input parameters
Unique reference ID of the Supabase project to delete, typically a short alphanumeric string assigned upon creation.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_DELETE_PROJECT_VANITY_SUBDOMAINPermanently and irreversibly deletes an active vanity subdomain configuration for the specified Supabase project, reverting it to its default Supabase URL.
Input parameters
The unique reference ID of the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_DELETE_SECRETSTool to bulk delete secrets from a Supabase project. Use when you need to remove multiple secrets at once. Requires the edge_functions_secrets_write scope.
Input parameters
The unique reference ID (ref) of the Supabase project whose secrets should be deleted.
List of secret names to delete. Each name must match an existing secret in the project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_DELETE_SSO_PROVIDERDeletes a specific SSO provider by its ID (`provider_id`) from a Supabase project (`ref`), which disables it and returns its details; ensure this action will not inadvertently lock out users.
Input parameters
The unique identifier for your Supabase project.
The unique identifier (UUID) of the SSO provider to be removed.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_DEPLOY_FUNCTIONDeploys Edge Functions to a Supabase project using multipart upload.
Input parameters
Supabase project reference ID (e.g. `qftqfrxipqlzcmjcatfc`).
File uploaded to Composio (via SDK/MCP). Supports both single TypeScript/JavaScript files and pre-built .zip archives. Use this for large files, binary content, or complex multi-file functions. NOTE: Provide ONLY ONE of file_content, file_url, or file - not multiple.
Slug of the function to deploy.
Public URL to download the function code from. Supports GitHub raw URLs and other publicly accessible file URLs. NOTE: Provide ONLY ONE of file_content, file_url, or file - not multiple.
If true, only bundle the function without publishing it.
Raw TypeScript/JavaScript source code as a string. Ideal for simple functions or when code is generated dynamically. NOTE: Provide ONLY ONE of file_content, file_url, or file - not multiple.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_DISABLE_PREVIEW_BRANCHINGDisables the preview branching feature for an existing Supabase project, identified by its unique reference ID (`ref`). Note: Preview branching must be enabled on the project for this operation to succeed. If the project does not have preview branching enabled, a 422 error will be returned.
Input parameters
The unique reference ID of the Supabase project for which preview branching is to be disabled.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_DISABLE_PROJECT_READONLYTemporarily disables a Supabase project's read-only mode for 15 minutes to allow write operations (e.g., for maintenance or critical updates), after which it automatically reverts to read-only.
Input parameters
Unique reference ID of the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_EXCHANGE_OAUTH_TOKEN(Beta) Implements the OAuth 2.0 token endpoint to exchange an authorization code or refresh token for access/refresh tokens, based on `grant_type`. This is a standard OAuth 2.0 token endpoint that uses application/x-www-form-urlencoded content type as per OAuth 2.0 specification. Requires a valid registered OAuth application client_id and client_secret. For authorization_code grant type: - Requires valid authorization code obtained from the OAuth authorization flow - Optionally requires code_verifier if PKCE was used during authorization For refresh_token grant type: - Requires valid refresh_token from a previous token exchange
Input parameters
Authorization code from the server; required if `grant_type` is 'authorization_code'.
Application's client ID.
OAuth 2.0 grant type that dictates the token exchange flow.
Redirect URI from the initial authorization; required if `grant_type` is 'authorization_code' and it was part of the original request.
Application's client secret.
PKCE code verifier; required if PKCE was used with an 'authorization_code' grant type.
Refresh token for acquiring a new access token; required if `grant_type` is 'refresh_token'.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GENERATE_TYPESCRIPT_TYPESGenerates and retrieves TypeScript types from a Supabase project's database; any schemas specified in `included_schemas` must exist in the project.
Input parameters
The unique reference ID of the Supabase project for which to generate TypeScript types.
Comma-separated database schema names to include in the generated TypeScript types.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_ACTION_RUNRetrieves the status and details of a specific action run, including its steps, timestamps, and configuration. Use this to monitor or check the progress of an action execution.
Input parameters
The unique reference ID of the Supabase project. Must be exactly 20 lowercase alphanumeric characters.
The unique identifier of the action run to retrieve.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_ACTION_RUN_LOGSRetrieves the execution logs for a specific action run by its ID. Use this to debug action executions, view output messages, and investigate errors that occurred during action runs.
Input parameters
The unique reference ID of the Supabase project. This is visible in your Supabase project URL (e.g., https://supabase.com/dashboard/project/{ref}).
The unique identifier for the action run. This is returned when an action is triggered or can be retrieved from the actions list.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_AVAILABLE_REGIONSTool to get the list of available regions for creating a new Supabase project. Use when you need to determine which regions are available for project deployment, or to get region recommendations based on geographic location and instance size requirements. Note: This is a Beta endpoint.
Input parameters
Continent codes for regional recommendations.
Slug of your organization. This is required to retrieve available regions for project creation.
Available instance sizes for Supabase projects.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_BRANCHRetrieves detailed information about a specific database branch by its name and project reference. Use this to check branch status, configuration, and metadata before performing operations on the branch.
Input parameters
The unique reference identifier (project ref) of the parent Supabase project. This ID can be found in your project's dashboard URL.
The unique name of the database branch to retrieve (e.g., 'test-branch-fix', 'staging', 'feature-x').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_DATABASE_BRANCH_CONFIGRetrieves the read-only configuration and status for a Supabase database branch, typically for monitoring or verifying its settings.
Input parameters
Project reference (ref) for the database branch. Must be exactly 20 lowercase alphabetic characters.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_DATABASE_METADATAGets database metadata for the given project. Returns information about databases, schemas, and tables structure. Note: This endpoint is deprecated and may be removed in future versions.
Input parameters
Project ref. The unique reference ID of the Supabase project (visible in your Supabase project URL).
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_FUNCTIONRetrieves detailed information, metadata, configuration, and status for a specific Edge Function using its project reference ID and function slug.
Input parameters
The unique reference ID of the Supabase project. Must be exactly 20 lowercase alphanumeric characters (letters a-z and digits 0-9 only, no hyphens, underscores, or special characters). You can find this in your Supabase project URL (e.g., https://supabase.com/dashboard/project/<ref>) or by using the 'List all projects' API.
The unique identifier (slug) for the Edge Function.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_FUNCTION_BODYRetrieves the source code (body) for a specified serverless Edge Function using its project reference and function slug; this is a read-only operation that does not execute the function or return runtime logs.
Input parameters
The unique reference ID of the Supabase project.
The unique identifier (slug) of the serverless Edge Function whose body is to be retrieved. This is typically the function's name.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_HEALTHTool to check the health status of the Supabase API. Use when you need to verify API availability or troubleshoot connectivity issues.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_JIT_ACCESS_CONFIG\[Beta\] Retrieves the project's just-in-time (JIT) access configuration, including user roles and their expiration settings. Use this to check temporary access grants and their validity periods.
Input parameters
The unique reference ID of the Supabase project. Can also be provided as 'project_ref'.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_LEGACY_SIGNING_KEYRetrieves the signing key information for the JWT secret imported as signing key for this project. This endpoint is deprecated and will be removed in the future; check for HTTP 404 Not Found which indicates the endpoint is no longer available.
Input parameters
The unique reference ID (20 alphanumeric characters) of your Supabase project. You can find this in your project's dashboard URL or by calling the List All Projects action.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_MIGRATIONRetrieves a specific database migration entry from the migration history using its version identifier. Use when you need to inspect migration details, SQL statements, or rollback commands for a specific migration version.
Input parameters
The unique reference ID of the Supabase project. Must be exactly 20 lowercase alphanumeric characters (letters a-z and digits 0-9 only, no hyphens, underscores, or special characters). You can find this in your Supabase project URL (e.g., https://supabase.com/dashboard/project/<ref>) or by using the 'List all projects' API.
The version identifier of the migration to fetch. Typically a timestamp-based identifier (e.g., '20260216042751').
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_ORGANIZATIONFetches comprehensive details for a specific Supabase organization using its unique slug.
Input parameters
The unique, URL-friendly identifier of the organization.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_PERFORMANCE_ADVISORSRetrieves project performance advisors for a Supabase project. Returns a list of performance lints that identify potential issues and optimization opportunities. Note: This endpoint is deprecated.
Input parameters
The unique reference ID (20 alphanumeric characters) of your Supabase project. You can find this in your project's dashboard URL or by calling the List All Projects action. The project must belong to the authenticated user.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_PROJECTRetrieves detailed information about a specific Supabase project by its unique reference ID. Use when you need to get comprehensive project details including status, database configuration, and metadata. Authentication: - Requires a valid Bearer token in the Authorization header. - Token format: 'Bearer <access_token>' where access_token is either: - A Personal Access Token (PAT) generated from https://supabase.com/dashboard/account/tokens - An OAuth2 access token with the 'project_admin_read' scope Required Scope: - project_admin_read: Allows retrieval of project information. Returns: Project object containing id, ref, name, organization details, region, status, database configuration, and created_at timestamp.
Input parameters
Project ref - unique identifier (20 lowercase letters) for the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_PROJECT_API_KEYRetrieves details of a specific API key for a Supabase project by its UUID. Use when you need to inspect a single key's configuration, type, or metadata.
Input parameters
UUID of the API key (must be UUID format from publishable/secret type keys, not legacy key names like 'anon' or 'service_role'). You can get this ID from the List Project API Keys action.
The unique reference ID (20 alphanumeric characters) of your Supabase project. You can find this in your project's dashboard URL or by calling the List All Projects action.
If true, reveals the full API key value in the response. If false or omitted, secret key values will be partially redacted. Per Supabase's security model, secrets are hidden by default.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_PROJECT_API_KEYSRetrieves all API keys for an existing Supabase project, specified by its unique reference ID (`ref`); this is a read-only operation.
Input parameters
The unique reference ID (20 alphanumeric characters) of your Supabase project. You can find this in your project's dashboard URL or by calling the List All Projects action. The project must belong to the authenticated user.
If true, reveals the full API key values in the response. If false or omitted, secret key values will be partially redacted. Per Supabase's security model, secrets are hidden by default.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_PROJECT_LEGACY_API_KEYSChecks whether JWT-based legacy API keys (anon, service_role) are enabled for a Supabase project. This API endpoint is deprecated and may be removed in the future (returns HTTP 404 Not Found when unavailable).
Input parameters
The unique reference ID (20 alphanumeric characters) of your Supabase project. You can find this in your project's dashboard URL or by calling the List All Projects action. The project must belong to the authenticated user.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_PROJECT_LOGSRetrieves analytics logs for a Supabase project. Use this to fetch and analyze project logs including edge function logs, database logs, and API logs for monitoring and debugging.
Input parameters
The unique reference ID (20 alphanumeric characters) of your Supabase project. You can find this in your project's dashboard URL or by calling the List All Projects action.
Custom SQL query to execute on the logs. Allows filtering, aggregation, and transformation of log data. See Supabase docs for querying logs for more details.
End timestamp for filtering logs in ISO 8601 format (e.g., '2024-01-31T23:59:59Z'). Only logs before or at this timestamp will be included.
Start timestamp for filtering logs in ISO 8601 format (e.g., '2024-01-01T00:00:00Z'). Only logs on or after this timestamp will be included.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_PROJECT_PGBOUNCER_CONFIGRetrieves the active PgBouncer configuration (PostgreSQL connection pooler) for a Supabase project, used for performance tuning, auditing, or getting the connection string.
Input parameters
The unique ID of the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_PROJECT_POSTGRES_CONFIGRetrieves the current read-only PostgreSQL database configuration for a specified Supabase project's `ref`, noting that some advanced or security-sensitive details might be omitted from the response.
Input parameters
The unique reference ID of the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_PROJECT_POSTGREST_CONFIGRetrieves the PostgREST configuration for a specific Supabase project.
Input parameters
The unique identifier of the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_PROJECT_READONLY_MODE_STATUSRetrieves the read-only mode status for a specified Supabase project to check its operational state; this action does not change the read-only state.
Input parameters
Project reference ID, found in your project's dashboard URL (e.g., `https://supabase.com/dashboard/project/<project-ref>`).
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_PROJECT_SIGNING_KEYSTool to list all signing keys for a Supabase project. Use when you need to retrieve JWT signing keys for authentication verification or rotation management.
Input parameters
The unique reference ID (20 alphanumeric characters) of your Supabase project. You can find this in your project's dashboard URL or by calling the List All Projects action.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_PROJECT_SUPAVISOR_CONFIGRetrieves the Supavisor (connection pooler) configuration for a specified Supabase project, identified by its reference ID.
Input parameters
The unique reference ID of the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_PROJECT_UPGRADE_ELIGIBILITYChecks a Supabase project's eligibility for an upgrade, verifying compatibility and identifying potential issues; this action does not perform the actual upgrade.
Input parameters
Unique identifier of the Supabase project (e.g., 'opntiysxcrktmaarzjhz'). Can be obtained from the Supabase dashboard URL or by listing all projects.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_PROJECT_UPGRADE_STATUSRetrieves the latest status of a Supabase project's database upgrade for monitoring purposes; does not initiate or modify upgrades.
Input parameters
The unique reference ID of the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_RESUMABLE_UPLOAD_BASE_OPTIONSHandles OPTIONS request for TUS Resumable uploads to discover server capabilities. Use when preparing resumable upload requests to verify supported TUS protocol versions and extensions.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_RESUMABLE_UPLOAD_OPTIONSHandles OPTIONS request for TUS Resumable uploads to discover server capabilities. Use when preparing resumable upload requests to verify supported TUS protocol versions and extensions.
Input parameters
The wildcard path parameter representing the upload ID or file path for the TUS resumable upload. Used to identify the specific upload resource for CORS preflight requests.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_SECURITY_ADVISORSRetrieves security advisor findings and recommendations for a Supabase project. Use when you need to audit project security posture, identify SQL-based security issues, or get remediation guidance. Note: This endpoint is deprecated and may be removed in future API versions.
Input parameters
The unique reference ID (20 alphanumeric characters) of your Supabase project. You can find this in your project's dashboard URL or by calling the List All Projects action.
Type of linting to perform for security advisors.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GETS_PROJECT_S_AUTH_CONFIGRetrieves the project's complete read-only authentication configuration, detailing all settings (e.g., providers, MFA, email/SMS, JWT, security policies) but excluding sensitive secrets.
Input parameters
The unique reference ID of the Supabase project. Can also be provided as 'project_ref'.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GETS_PROJECT_S_SERVICE_HEALTH_STATUSRetrieves the current health status for a Supabase project, for specified services or all services if the 'services' list is omitted.
Input parameters
The unique identifier (ref) of the Supabase project.
A list of specific services for which to retrieve health status. If omitted, returns health status for all services. Valid values: auth, db, db_postgres_user, pg_bouncer, pooler, realtime, rest, storage.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_SQL_SNIPPETRetrieves a specific SQL snippet by its unique identifier.
Input parameters
The unique identifier of the SQL snippet to retrieve.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_SSO_PROVIDERRetrieves the configuration details for a specific Single Sign-On (SSO) provider (e.g., SAML, Google, GitHub, Azure AD), identified by its UUID, within a Supabase project.
Input parameters
The unique reference ID of the Supabase project.
The unique identifier (UUID) of the SSO provider whose configuration is to be fetched.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_GET_TABLE_SCHEMASRetrieves column details, types, and constraints for multiple database tables to help debug schema issues and write accurate SQL queries. Use the SUPABASE_LIST_TABLES action first to discover available tables, the fetch their detailed schemas.
Input parameters
The unique reference ID of the Supabase project. This is visible in your Supabase project URL (e.g., https://supabase.com/dashboard/project/{project_ref}).
List of table names to retrieve schemas for. At least one table name is required (empty lists are not allowed). Tables can be from different schemas (e.g., 'public.users', 'operations.call_queue_items'). Without schema prefix, 'public' is assumed. Maximum 20 tables per request.
Whether to include index information in the response
Whether to exclude properties with null values from the response for cleaner output
Whether to include foreign key relationships in the response
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_HANDLE_RESUMABLE_UPLOAD_SIGN_OPTIONSHandles CORS preflight OPTIONS request for TUS resumable upload signing. Use when preparing cross-origin resumable upload requests to verify allowed methods and headers.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_HANDLE_RESUMABLE_UPLOAD_SIGN_OPTIONS_WITH_IDHandles CORS preflight OPTIONS request for TUS resumable upload signing endpoints. Use when preparing cross-origin resumable upload requests to verify allowed methods and headers.
Input parameters
The full path to the object for resumable upload signing, typically in format 'bucket-name/path/to/file'. This wildcard path segment is used for CORS preflight OPTIONS requests before the actual upload signing request.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_INVOKE_EDGE_FUNCTIONTool to invoke a deployed Supabase Edge Function over HTTPS. Use for testing and debugging Edge Functions with configurable method, headers, body, and authentication.
Input parameters
Request body to send to the function. Can be a JSON object (dict) or a raw string.
HTTP method to use when invoking the function.
Optional additional headers to send with the request (e.g., Content-Type).
Authorization mode: 'anon' uses the anon key, 'service_role' uses the service role key, 'custom_bearer' requires a custom Authorization header in the headers parameter.
Unique reference ID of the Supabase project (used in the hostname).
Name/slug of the Edge Function to invoke.
Expected response format: 'json' parses as JSON, 'text' returns raw text, 'auto' attempts JSON first then falls back to text.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_LIST_ALL_ORGANIZATIONSLists all organizations (ID and name only) associated with the Supabase account, excluding project details within these organizations.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_LIST_ALL_PROJECTSRetrieves a list of all Supabase projects, including their ID, name, region, and status, for the authenticated user. Authentication: - Requires a valid Bearer token in the Authorization header. - Token format: 'Bearer <access_token>' where access_token is either: - A Personal Access Token (PAT) generated from https://supabase.com/dashboard/account/tokens - An OAuth2 access token with the 'Projects.Read' scope Required Scope: - Projects.Read: Allows retrieval of project metadata. Returns: List of Project objects containing id, name, organization_id, region, status, database info, and created_at.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_LIST_BACKUPSLists all database backups for a Supabase project, providing details on existing backups but not creating new ones or performing restores; availability may depend on plan and configuration.
Input parameters
The unique identifier (reference string) of the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_LIST_BUCKETSRetrieves a list of all storage buckets for a Supabase project, without returning bucket contents or access policies.
Input parameters
The unique identifier of the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_LIST_DATABASE_BRANCHESLists all database branches for a specified Supabase project, used for isolated development and testing of schema changes; ensure the project reference ID is valid.
Input parameters
The unique identifier (reference ID) of the Supabase project. This ID can be found in your project's dashboard URL (e.g., `https://supabase.com/dashboard/project/<project_id>`).
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_LIST_FUNCTIONSLists metadata for all Edge Functions in a Supabase project (specified by 'ref'), excluding function code or logs; the project must exist.
Input parameters
The unique identifier of the Supabase project.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_LIST_MIGRATION_HISTORYRetrieves the list of applied database migration versions for a Supabase project. Use this to track which migrations have been applied to the project's database. This is a read-only operation that requires the project reference ID.
Input parameters
The unique reference ID (20 alphanumeric characters) of your Supabase project. You can find this in your project's dashboard URL or by calling the List All Projects action. The project must belong to the authenticated user.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_LIST_ORGANIZATION_MEMBERSRetrieves all members of a Supabase organization, identified by its unique slug, including their user ID, username, email, role, and MFA status.
Input parameters
The unique identifier (slug) of the organization for which to list members.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_LIST_SECRETSRetrieves all secrets for a Supabase project using its reference ID; secret values in the response may be masked.
Input parameters
The unique reference ID (ref) of the Supabase project whose secrets are to be retrieved.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_LIST_SQL_SNIPPETSRetrieves a list of SQL snippets for the logged-in user, optionally filtered by a specific Supabase project if `project_ref` is provided.
Input parameters
The unique identifier for your Supabase project. It is a 20-digit string used to reference and manage your project in API endpoints. This can be found in Supabase Studio under Settings > General > Project Settings > Reference ID.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_LIST_SSO_PROVIDERSLists all configured Single Sign-On (SSO) providers for a Supabase project, requiring the project reference ID (`ref`) of an existing project.
Input parameters
The project's reference ID. Typically found in dashboard settings or the API URL.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_LIST_TABLESLists all tables and views in specified database schemas, providing a quick overview of database structure to help identify available tables before fetching detailed schemas.
Input parameters
List of schemas to search for tables (maximum 10). If not provided, lists tables from all non-system schemas. Specify schema names to limit the search to specific schemas.
The unique reference ID of the Supabase project. Must be exactly 20 lowercase letters (a-z only, no numbers or hyphens). This is visible in your Supabase project URL (e.g., https://supabase.com/dashboard/project/{project_ref}).
Whether to include views along with tables in the results
Whether to include basic metadata like estimated row count and table size
Whether to include system schemas (pg_catalog, information_schema, etc.) when listing all schemas. When set to false, temporary and internal schemas such as pg_temp_*, pg_toast_temp_* and pgbouncer are excluded from the results.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_PATCH_MIGRATION\[Beta\] Patches an existing entry in the project's migration history, updating the name or rollback script. Use this to correct migration metadata after the migration has been created.
Input parameters
The unique reference ID of the Supabase project (used in the URL path). Must be exactly 20 lowercase letters (a-z).
New name for the migration entry. Updates the display name in migration history.
The version identifier of the migration to patch (typically a timestamp like '20260216042751'). This is found in the migration history.
SQL rollback script for the migration. Defines how to revert the migration changes.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_PATCH_NETWORK_RESTRICTIONSUpdates project's network restrictions by incrementally adding or removing IPv4/IPv6 CIDR blocks. Use when you need to modify existing restrictions without replacing the entire configuration.
Input parameters
Modification request for adding or removing network restriction CIDRs.
Unique reference ID of the Supabase project (visible in project URL).
Modification request for adding or removing network restriction CIDRs.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_PUSH_BRANCHPushes a database branch, applying migrations and changes to the specified branch. Use when you need to deploy schema changes or migrations to a database branch.
Input parameters
The unique identifier or reference of the database branch to push.
Optional migration version to push to the branch. Format: timestamp like '20260216000000'.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_RESET_DATABASE_BRANCHResets an existing Supabase database branch, identified by `branch_id`, to its initial clean state, irreversibly deleting all its current data and schema changes.
Input parameters
The unique identifier of the database branch to reset.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_RESTORE_PITR_BACKUPRestores a Supabase project's database to a specific Unix timestamp using Point-in-Time Recovery (PITR), overwriting the current state; requires a paid plan with PITR and physical backups enabled.
Input parameters
Unique identifier of the Supabase project.
Unix timestamp (seconds) for the desired database restoration point.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_RUN_READ_ONLY_QUERY\[Beta\] Run a SQL query as supabase_read_only_user. Use when you need to safely execute SELECT queries without risk of modifying data. Only read operations are allowed.
Input parameters
The unique reference ID of the Supabase project (used in the URL path). Must be exactly 20 lowercase letters (a-z). Can be found in Project Settings > General > Reference ID in the Supabase Dashboard, or from the dashboard URL: https://supabase.com/dashboard/project/<project-ref>. Can also be provided as 'project_ref'.
The SQL query to be executed as supabase_read_only_user. Only SELECT and other read-only operations are allowed. Write operations (INSERT, UPDATE, DELETE, CREATE, etc.) will be rejected. Can also be provided as 'sql'. IMPORTANT - Single Quote Handling: DO NOT double or escape single quotes in your SQL. The query is transmitted as a JSON string body, so standard SQL single quotes work directly. For example, write WHERE name = 'John' NOT WHERE name = ''John''.
Optional array of parameters for parameterized queries. Use $1, $2, etc. in the query to reference parameters.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_SELECT_FROM_TABLETool to select rows from a Supabase/PostgREST table. Use for read-only queries with filtering, sorting, and pagination.
Input parameters
Maximum number of rows to return (must be >= 1)
Ordering expression in the form `column.asc` or `column.desc`
Table or view name to select from
Number of rows to skip before returning results (must be >= 0)
Comma-separated list of columns to return. Supports nested/related selections and JSON path selectors (e.g., address->postcode).
Optional list of filters. Each filter will be rendered as `<column>_<operator>=<value>` in the query string (e.g., id_eq=123). Can be provided as a list of FilterItem objects. Each FilterItem must have: column (string), operator (one of: eq, neq, gt, gte, lt, lte, like, ilike, is, in, cs, cd, sl, sr, nxl, nxr, adj, ov, fts, plfts, phfts, wfts), and value (the comparison value).
Unique reference ID of the Supabase project (used in the hostname)
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_A_FUNCTIONUpdates an existing Supabase Edge Function's properties (like name, slug, source code, JWT settings, import map) identified by project `ref` and `function_slug`, supporting plain text code or ESZIP for the body. Use RETRIEVE_A_FUNCTION_BODY action first to get the current source code, as this action requires sending the complete function code, not just the changes.
Input parameters
The unique reference ID of the Supabase project.
New source code (e.g., Deno/TypeScript) or base64-encoded ESZIP content for the function, sent in the request body.
Optional new name for the function. This value is sent in the request body as 'name'.
Optional new slug for the function. If provided as a query parameter, this changes the function's access URL.
Whether to use an import map for the function (query parameter).
Specifies whether JWT verification should be enabled. This value is sent in the request body as 'verify_jwt'.
The current slug (unique identifier) of the Edge Function to be updated.
Path to the main Deno script for the function (query parameter).
Path to the import map file (query parameter).
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_DATABASE_BRANCH_CONFIGUpdates the configuration of a Supabase database branch, allowing modification of its name, associated Git branch, reset-on-push behavior, persistence, and status. Note: Database branching requires a paid Supabase plan (Pro or higher). This action requires a valid branch_id which must be exactly 20 lowercase alphabetic characters. Authentication: - Requires a valid Bearer token in the Authorization header. - Token format: 'Bearer <access_token>' Required Scope: - Environment:Write
Input parameters
Status values that can be set when updating a branch.
Unique identifier of the database branch to update. Must be exactly 20 lowercase alphabetic characters.
Name of the Git branch to associate with this database branch. If not provided, the association remains unchanged.
If true, the database branch is persistent; non-persistent branches may be auto-cleaned. If not provided, this setting remains unchanged.
New name for the database branch. If not provided, the name remains unchanged.
If true, resets the database branch on new push to the linked Git branch. If not provided, this setting remains unchanged.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_DATABASE_PASSWORDUpdates the database password for a Supabase project. Use when needing to rotate credentials or recover database access.
Input parameters
The unique reference ID of the Supabase project.
The new database password to set. Must be at least 4 characters long.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_FUNCTIONSTool to bulk update Edge Functions in a Supabase project. Use when you need to update multiple functions at once with new configurations such as status, version, or other properties.
Input parameters
Supabase project reference ID.
List of functions to update. Each function must have id, slug, name, status, and version.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_JIT_ACCESS_CONFIG\[Beta\] Update a Supabase project's just-in-time (JIT) access configuration. Use to enable or disable JIT access features for privileged operations on the project.
Input parameters
Unique reference ID of the Supabase project.
Desired just-in-time access state for the project. 'enabled' activates JIT access, 'disabled' deactivates it, 'unavailable' marks the feature as unavailable.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_PGSODIUM_CONFIGCritically updates or initializes a Supabase project's pgsodium root encryption key for security setup or key rotation, requiring secure backup of the new key to prevent irreversible data loss.
Input parameters
The unique identifier (ref ID) of the Supabase project.
The new root encryption key for pgsodium. Must be a cryptographically strong key.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_PROJECTUpdates a Supabase project's configuration (currently supports updating the project name). Use when you need to rename an existing project.
Input parameters
Project reference identifier (unique identifier for the project). This is typically a 20-character alphanumeric string found in your project URL or via the List All Projects endpoint.
New name for the project. Must be between 1 and 256 characters. This is the human-readable display name that will appear in the Supabase dashboard.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_PROJECT_AUTH_CONFIGUpdate Supabase project Auth configuration via the Management API. Use to fix misconfigured Auth redirects, SMTP settings, or other auth parameters. Only provided fields are updated; others remain unchanged. Before updating, confirm the Auth service status is ACTIVE_HEALTHY by checking project health.
Input parameters
The unique reference ID of the Supabase project. Can also be provided as 'project_ref'.
JWT access token expiration time in seconds.
Primary site URL used in email links and redirects. Critical for Auth redirect flows.
SMTP server host for sending auth emails.
SMTP password for authentication.
SMTP server port.
SMTP username for authentication.
Disable new signups via email/password and OAuth providers.
Email OTP expiration time in seconds.
Comma-separated allowlist of redirect URIs/patterns for OAuth callbacks.
Maximum session lifetime in seconds. 0 means disabled.
Admin email address used as the sender for SMTP notifications.
Display name for the SMTP sender.
Email OTP length (number of digits).
Rate limit for verification attempts (generic).
Azure OAuth issuer or discovery URL.
Automatically confirm new signups (no email confirmation required).
Rate limit for SMTP sends (emails per minute).
Minimum required password length.
Rate limit for sending SMS (messages per minute).
Apple OAuth client secret.
Azure OAuth client secret.
Enable HaveIBeenPwned check during password set/change.
Rate limit for sending emails (emails per minute).
Enable Apple as an external OAuth provider.
Enable Azure as an external OAuth provider.
Enable email sign-in/up.
GitHub OAuth client secret.
Google OAuth client secret.
Enable phone (SMS) sign-in/up.
Enable GitHub as an external OAuth provider.
Enable Google as an external OAuth provider.
Enable enrolling TOTP as an MFA factor.
Enable TOTP verification as MFA.
CAPTCHA provider secret key.
Apple OAuth client ID.
Azure OAuth client ID.
Maximum number of MFA factors a user can enroll.
Enable CAPTCHA verification for risky flows.
Restrict to a single active session per user.
GitHub OAuth client ID.
Google OAuth client ID.
CAPTCHA provider (e.g., hcaptcha, turnstile).
Rate limit for anonymous users (requests per minute).
Session inactivity timeout in seconds. 0 means disabled.
Character class requirements for passwords (e.g., regex or flags).
Enable refresh token rotation to reduce token replay risk.
Enable manual linking of identities to accounts.
Enable creation of anonymous users (no credentials).
Require secure email change flow (confirm both old and new emails).
Allowed reuse interval (seconds) for rotated refresh tokens.
Allow sign-ins from users with unverified emails.
Enable notification emails when a user's email is changed.
Enable notification emails when a phone number is changed.
Enable notification emails when an identity is linked.
Enable notification emails when a password is changed.
Enable notification emails when an identity is unlinked.
Enable notification emails when an MFA factor is enrolled.
Require reauthentication before updating password.
Enable notification emails when an MFA factor is unenrolled.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_PROJECT_CUSTOM_HOSTNAMEUpdates the custom hostname for a Supabase project, requiring subsequent DNS changes to a user-controlled domain for SSL certificate issuance and domain ownership.
Input parameters
The unique identifier of the Supabase project.
Desired custom hostname (e.g., 'api.example.com') to associate with the project's services.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_PROJECT_LEGACY_API_KEYSTool to disable or re-enable JWT-based legacy API keys (anon, service_role) for a Supabase project. Use when you need to toggle legacy API key access for security or migration purposes. Note: This API endpoint may be removed in the future - check for HTTP 404 Not Found if the endpoint is no longer available.
Input parameters
The unique reference ID (20 alphanumeric characters) of your Supabase project. You can find this in your project's dashboard URL or by calling the List All Projects action.
Enable or disable JWT-based legacy API keys (anon, service_role). Set to true to enable, false to disable.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_PROJECT_POSTGRES_CONFIGUpdates specified PostgreSQL configuration parameters for an existing Supabase project (`ref`) to optimize database performance; note that unspecified parameters remain unchanged, and caution is advised as incorrect settings can impact stability or require a restart.
Input parameters
The unique reference ID of the Supabase project.
Memory for internal sorts and hash tables before writing to temp disk files (e.g., '4MB', '64MB').
WAL size that triggers a checkpoint (e.g., '1GB', '2048MB').
Minimum size of past WAL log segments in pg_wal for standby servers (e.g., '128MB', '512MB'); replaces older wal_keep_segments.
Memory for shared memory buffers (e.g., '128MB', '1GB').
Maximum concurrent database connections. Typically between 1 and 262143.
Maximum allowed duration for any SQL statement (e.g., '10000ms', '30s'); '0' typically disables timeout.
Estimated disk cache size for a single query (e.g., '4GB', '512MB').
Maximum memory for maintenance operations like VACUUM, CREATE INDEX (e.g., '64MB', '1GB').
Maximum workers the system can support for parallel queries. Typically between 0 and 1024.
Maximum background processes the system can support. Typically between 0 and 262143.
Maximum WAL file size replication slots can retain in pg_wal (e.g., '1GB', '512MB'). '0' might mean unlimited; check PostgreSQL docs.
Controls firing of replication-related triggers and rules for the current session.
Controls the average number of object locks allocated per transaction. Typically between 10 and 2147483640.
Maximum delay before canceling queries on a hot standby server processing archived WAL data (e.g., '30s', '0ms' to disable).
Maximum delay before canceling queries on a hot standby server processing streamed WAL data (e.g., '30s', '0ms' to disable).
Maximum workers for a single Gather or Gather Merge node in a parallel query. Typically between 0 and 1024.
Maximum parallel processes for a single maintenance utility command. Typically between 0 and 1024.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_PROJECT_POSTGREST_CONFIGUpdates PostgREST configuration settings (e.g., `max_rows`, `db_pool`, `db_schema`, `db_extra_search_path`) for a Supabase project to fine-tune API performance, data exposure, and database resource usage.
Input parameters
The unique identifier (reference) of the Supabase project.
The maximum number of connections in the PostgreSQL connection pool for PostgREST. If `null` or not provided, the pool size may be automatically configured based on compute size.
The maximum number of rows PostgREST can return in a single response; this setting helps control payload size and query performance.
A comma-separated string of PostgreSQL schemas to be exposed through the PostgREST API (e.g., 'public,api').
A comma-separated string of additional PostgreSQL schemas to search for objects if not found in the primary schema(s) defined by `db_schema`. An empty string can be used to clear existing paths.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_PROJECT_SUPAVISOR_CONFIGUpdates the Supavisor (database pooler) configuration, such as `default_pool_size`, for an existing Supabase project identified by `ref`; the `pool_mode` parameter in the request is deprecated and ignored.
Input parameters
The unique identifier of the Supabase project.
This field is deprecated and is ignored in this request. It previously controlled the pooling mode (session or transaction).
Default number of connections per user for the connection pool; helps manage concurrent database connections and performance. Optimal value depends on project's compute add-on size and workload.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_SSL_ENFORCEMENT_CONFIGUpdates the SSL enforcement configuration (enable/disable) for a specified Supabase project's database.
Input parameters
The unique identifier of the Supabase project.
Desired SSL enforcement state for the project's database (`true` to enable, `false` to disable).
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPDATE_SSO_PROVIDERUpdates an existing SSO provider's SAML metadata, associated email domains, or attribute mappings for a Supabase project, identified by `ref` and `provider_id`.
Input parameters
Unique reference ID of the Supabase project.
Email domains to associate with this SSO provider for user authentication.
UUID of the SSO provider to update.
URL pointing to the SAML metadata XML. Use either this or `metadata_xml`.
SAML metadata XML content from the identity provider. Use either this or `metadata_url`.
Defines mapping of SAML assertion attributes to Supabase user attributes (e.g., 'email', 'full_name'). Values specify IdP attribute mapping using 'name', 'names' (for concatenation), or 'default'.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_UPSERT_MIGRATIONTool to upsert a database migration without applying it. Use when you need to track migration changes for a project. \[Beta\] This endpoint stores migration metadata without executing the SQL.
Input parameters
Project's unique reference identifier (20 lowercase letters).
Optional name for the migration. Used for tracking and identification purposes.
The SQL migration query to be stored. This query will be tracked but not executed. Must be non-empty.
Optional rollback SQL query to undo this migration if needed.
A unique key to ensure the same migration is tracked only once. If provided, prevents duplicate migrations with the same key.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
SUPABASE_VERIFY_CUSTOM_HOSTNAME_DNSRe-verifies DNS and SSL configurations for an existing custom hostname associated with a Supabase project.
Input parameters
The unique reference ID of the Supabase project for which the custom hostname is being re-verified.
Output
Data from the action execution
Error if any occurred during the execution of the action
Whether or not the action execution was successful or not
No publicly available marketplace agent is found using this tool yet. There are 90 agents privately built on Nagent that already use Supabase.
Build on Nagent
Connect Supabase to any Nagent agent in minutes — no API key management, no boilerplate. Just configure and deploy.
The five questions agent builders ask before adopting a new integration.
Open the External Integrations panel inside Nagent (app.nagent.ai/externalIntegration), find Supabase, and click "Connect Now." You'll authenticate with OAUTH2, API_KEY — Nagent handles credential storage and refresh automatically. Once connected, Supabase is available to any agent in your workspace.
No. Nagent provides no-code integration for every tool. Once Supabase is connected, you configure its 121 actions directly in the agent builder UI — no API calls, no boilerplate, no schema management.
Helix — Nagent's agentic agent builder — lets you drop Supabase steps into any workflow visually. Pick an action (e.g., one of those listed above), fill in the inputs (Helix knows the required vs. optional schema for each parameter), and connect it to upstream/downstream steps. Triggers run as the entry point of an agent, so when a Supabase event fires, the agent kicks off automatically.
Every Supabase action and trigger ships with a fully-typed schema — input parameters with name, type, required flag, and description, plus the output payload shape. The schemas are documented in the sections above. Helix uses these schemas to validate your configuration at build time and to type-check the data flowing between steps.
Yes. While Supabase ships with 121 pre-built developer tools actions, you can layer custom logic around them inside Helix — pre/post-processing steps, conditional branches, retries, or stitching Supabase together with other connected tools. For deeper customization, talk to our team about Nagent's Agentic AI Lab — forward-deployed engineers who build Supabase-based workflows tailored to your business.