# Supabase — how to use (mcp.ai)

Supabase is an open-source backend-as-a-service providing a Postgres database, authentication, storage, and real-time subscription APIs for building modern applications

## Option A — via MCP (recommended)
Remote MCP endpoint (HTTP, streamable): `https://api.mcp.ai/p_supabase?ms=1781541900000`
Add it as a custom/remote MCP connector in your client (Claude, Cursor, VS Code…), then authenticate when prompted. Once connected, ask the agent to use the server's tools (e.g. `supabase_alpha_creates_a_new_api_key_for_the_project`).

## Option B — via direct REST API
Base URL: `https://api.mcp.ai/api/supabase`
Auth: `Authorization: Bearer sk_live_…` — create a workspace API key at https://mcp.ai/settings/api-keys
Discover endpoints: `GET https://api.mcp.ai/api/supabase/_endpoints`

### Endpoints
- `POST https://api.mcp.ai/api/supabase/alpha/creates/a/new/api/key/for/the/project` — Creates a 'publishable' or 'secret' api key for an existing supabase project, optionally with a description; 'secret' keys can have customized jwt templates.
  - body: { ref: string, type: string, description?: string }
- `POST https://api.mcp.ai/api/supabase/alpha/deletes/an/api/key/for/the/project` — Permanently deletes a specific api key (identified by `id`) from a supabase project (identified by `ref`), revoking its access.
  - body: { id: string, ref: string }
- `POST https://api.mcp.ai/api/supabase/alpha/get/a/third/party/integration` — Retrieves the detailed configuration for a specific third-party authentication (tpa) provider, identified by `tpa id`, within an existing supabase project specified by `ref`.
  - body: { ref: string, tpa_id: string }
- `POST https://api.mcp.ai/api/supabase/alpha/lists/all/third/party/auth/integrations` — Lists all configured third-party authentication provider integrations for an existing supabase project (using its `ref`), suitable for read-only auditing or verifying current authentication settings.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/alpha/removes/a/third/party/auth/integration` — Removes a third-party authentication provider (e.g., google, github) from a supabase project's configuration; this immediately prevents users from logging in via that method.
  - body: { ref: string, tpa_id: string }
- `POST https://api.mcp.ai/api/supabase/alpha/updates/an/api/key/for/the/project` — Updates an existing supabase project api key's `description` and/or `secret jwt template` (which defines its `role`); does not regenerate the key string.
  - body: { id: string, ref: string, description?: string }
- `POST https://api.mcp.ai/api/supabase/beta/activates/a/custom/hostname/for/a/project` — Activates a previously configured custom hostname for a supabase project, assuming dns settings are verified externally.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/beta/activates/a/vanity/subdomain/for/a/project` — Activates a vanity subdomain for the specified supabase project, requiring subsequent dns configuration for the subdomain to become operational.
  - body: { ref: string, vanity_subdomain: string }
- `POST https://api.mcp.ai/api/supabase/beta/authorize/user/through/oauth` — Generates a supabase oauth 2.0 authorization url for user redirection, requiring a pre-registered `client id` and a `redirect uri` that matches one of its pre-registered uris.
  - body: { scope?: string, state?: string, client_id: string, redirect_uri: string, response_mode?: string, response_type: string, code_challenge?: string, code_challenge_method?: string }
- `POST https://api.mcp.ai/api/supabase/beta/checks/vanity/subdomain/availability` — Checks if a specific vanity subdomain is available for a supabase project; this action does not reserve or assign the subdomain.
  - body: { ref: string, vanity_subdomain: string }
- `POST https://api.mcp.ai/api/supabase/beta/enables/database/webhooks/on/the/project` — Enables database webhooks for the supabase project `ref`, triggering real-time notifications for insert, update, or delete events.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/beta/get/project/s/ssl/enforcement/configuration` — Retrieves the ssl enforcement configuration for a specified supabase project, indicating if ssl connections are mandated for its database.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/beta/gets/current/vanity/subdomain/config` — Fetches the current vanity subdomain configuration, including its status and custom domain name, for a supabase project identified by its reference id.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/beta/gets/project/s/custom/hostname/config` — Retrieves a supabase project's custom hostname configuration, including its status, ssl certificate, and ownership verification, noting that availability may depend on the project's plan.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/beta/gets/project/s/network/bans` — Retrieves the list of banned ipv4 addresses for a supabase project using its unique project reference string; this is a read-only operation.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/beta/gets/project/s/network/restrictions` — Retrieves the current network restriction settings (e.g., ip whitelists) for a supabase project using its reference id; this is a read-only operation for auditing or verifying network security.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/beta/gets/project/s/pgsodium/config` — Retrieves the pgsodium configuration, including the root encryption key, for an existing supabase project identified by its `ref`.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/beta/remove/a/read/replica` — Irreversibly initiates the removal of a specified read replica from an existing supabase project, confirming only the start of the process, not its completion.
  - body: { ref: string, database_identifier: string }
- `POST https://api.mcp.ai/api/supabase/beta/remove/network/bans` — Removes specified ipv4 addresses from a supabase project's network ban list, granting immediate access; ips not currently banned are ignored.
  - body: { ref: string, ipv4_addresses: string[] }
- `POST https://api.mcp.ai/api/supabase/beta/run/sql/query` — Executes a given sql query against the project's database; use for advanced data operations or when standard api endpoints are insufficient, ensuring queries are valid postgresql and sanitized. use th
  - body: { ref: string, query: string }
- `POST https://api.mcp.ai/api/supabase/beta/set/up/a/read/replica` — Provisions a read-only replica for a supabase project in a specified, supabase-supported aws region to enhance read performance and reduce latency.
  - body: { ref: string, read_replica_region: string }
- `POST https://api.mcp.ai/api/supabase/beta/updates/project/s/network/restrictions` — Updates and applies network access restrictions (ipv4/ipv6 cidr lists) for a supabase project, which may terminate existing connections not matching the new rules.
  - body: { ref: string, dbAllowedCidrs?: string[], dbAllowedCidrsV6?: string[] }
- `POST https://api.mcp.ai/api/supabase/beta/upgrades/the/project/s/postgres/version` — Initiates an asynchronous upgrade of a supabase project's postgresql database to a specified `target version` from a selected `release channel`, returning a `tracking id` to monitor status; the `targe
  - body: { ref: string, target_version: string, release_channel: string }
- `POST https://api.mcp.ai/api/supabase/config/pgsodium/update/with/root/key/warning` — Critically updates or initializes a supabase project's pgsodium root encryption key for security setup or key rotation, requiring secure backup of the new key to prevent irreversible data loss.
  - body: { ref: string, root_key: string }
- `POST https://api.mcp.ai/api/supabase/create/a/database/branch` — Creates a new, isolated database branch from an existing supabase project (identified by `ref`), useful for setting up separate environments like development or testing, which can optionally be linked
  - body: { ref: string, region?: string, git_branch?: string, persistent?: boolean, branch_name: string, postgres_engine?: string, release_channel?: string, desired_instance_size?: string }
- `POST https://api.mcp.ai/api/supabase/create/a/function` — Creates a new serverless edge function for a supabase project (identified by `ref`), requiring valid javascript/typescript in `body` and a project-unique `slug 1` identifier.
  - body: { ref: string, body: string, name: string, slug: string, import_map?: boolean, verify_jwt?: boolean, entrypoint_path?: string, import_map_path?: string }
- `POST https://api.mcp.ai/api/supabase/create/a/project` — Creates a new supabase project, requiring a unique name (no dots) within the organization; project creation is asynchronous.
  - body: { name: string, plan?: string, region: string, db_pass: string, kps_enabled?: boolean, template_url?: string, organization_id: string, postgres_engine?: string, release_channel?: string, desired_instance_size?: string }
- `POST https://api.mcp.ai/api/supabase/create/an/organization` — Creates a new supabase organization, which serves as a top-level container for projects, billing, and team access.
  - body: { name: string }
- `POST https://api.mcp.ai/api/supabase/creates/a/new/sso/provider` — Creates a new saml 2.0 single sign-on (sso) provider for a supabase project, requiring either `metadata xml` or `metadata url` for saml idp configuration.
  - body: { ref: string, type: string, domains?: string[], metadata_url?: string, metadata_xml?: string, attribute__mapping__keys?: object }
- `POST https://api.mcp.ai/api/supabase/creates/a/new/third/party/auth/integration` — Call this to add a new third-party authentication method (oidc or jwks) to a supabase project for integrating external identity providers (e.g., for sso); the api may also support `custom jwks` if sen
  - body: { ref: string, jwks_url?: string, oidc_issuer_url?: string }
- `POST https://api.mcp.ai/api/supabase/custom/hostname/dns/verification` — Re-verifies dns and ssl configurations for an existing custom hostname associated with a supabase project.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/delete/a/database/branch` — Permanently and irreversibly deletes a specific, non-default database branch by its `branch id`, without affecting other branches.
  - body: { branch_id: string }
- `POST https://api.mcp.ai/api/supabase/delete/a/function` — Permanently deletes a specific edge function (by `function slug`) from a supabase project (by `ref`); this action is irreversible and requires prior existence of both project and function.
  - body: { ref: string, function_slug: string }
- `POST https://api.mcp.ai/api/supabase/delete/custom/hostname/config` — Deletes an active custom hostname configuration for the project identified by `ref`, reverting to the default supabase-provided hostname; this action immediately makes the project inaccessible via the
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/delete/project/vanity/subdomain` — Permanently and irreversibly deletes an active vanity subdomain configuration for the specified supabase project, reverting it to its default supabase url.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/deletes/the/given/project` — Permanently and irreversibly deletes a supabase project, identified by its unique `ref` id, resulting in complete data loss.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/deploy/function` — Deploys edge functions to a supabase project using multipart upload.
  - body: { ref: string, file: string, slug?: string, bundleOnly?: boolean }
- `POST https://api.mcp.ai/api/supabase/disable/project/readonly` — Temporarily disables a supabase project's read-only mode for 15 minutes to allow write operations (e.g., for maintenance or critical updates), after which it automatically reverts to read-only.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/disables/preview/branching` — Disables the preview branching feature for an existing supabase project, identified by its unique reference id (`ref`).
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/exchange/o/auth/token` — (beta) implements the oauth 2.0 token endpoint to exchange an authorization code or refresh token for access/refresh tokens, based on `grant type`.
  - body: { code?: string, client_id: string, grant_type: string, redirect_uri?: string, client_secret: string, code_verifier?: string, refresh_token?: string }
- `POST https://api.mcp.ai/api/supabase/generate/type/script/types` — Generates and retrieves typescript types from a supabase project's database; any schemas specified in `included schemas` must exist in the project.
  - body: { ref: string, included_schemas?: string }
- `POST https://api.mcp.ai/api/supabase/get/database/branch/config` — Retrieves the read-only configuration and status for a supabase database branch, typically for monitoring or verifying its settings.
  - body: { branch_id: string }
- `POST https://api.mcp.ai/api/supabase/get/project/api/keys` — Retrieves all api keys for an existing supabase project, specified by its unique reference id (`ref`); this is a read-only operation.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/get/project/s/pgbouncer/config` — Retrieves the active pgbouncer configuration (postgresql connection pooler) for a supabase project, used for performance tuning, auditing, or getting the connection string.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/get/project/upgrade/eligibility` — Checks a supabase project's eligibility for an upgrade, verifying compatibility and identifying potential issues; this action does not perform the actual upgrade.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/get/project/upgrade/status` — Retrieves the latest status of a supabase project's database upgrade for monitoring purposes; does not initiate or modify upgrades.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/get/table/schemas` — Retrieves column details, types, and constraints for multiple database tables to help debug schema issues and write accurate sql queries.
  - body: { ref: string, table_names: string[], include_indexes?: boolean, exclude_null_values?: boolean, include_relationships?: boolean }
- `POST https://api.mcp.ai/api/supabase/gets/a/specific/sql/snippet` — Retrieves a specific sql snippet by its unique identifier.
  - body: { id: string }
- `POST https://api.mcp.ai/api/supabase/gets/a/sso/provider/by/its/uuid` — Retrieves the configuration details for a specific single sign-on (sso) provider (e.g., saml, google, github, azure ad), identified by its uuid, within a supabase project.
  - body: { ref: string, provider_id: string }
- `POST https://api.mcp.ai/api/supabase/gets/information/about/the/organization` — Fetches comprehensive details for a specific supabase organization using its unique slug.
  - body: { slug: string }
- `POST https://api.mcp.ai/api/supabase/gets/project/s/auth/config` — Retrieves the project's complete read-only authentication configuration, detailing all settings (e.g., providers, mfa, email/sms, jwt, security policies) but excluding sensitive secrets.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/gets/project/s/postgres/config` — Retrieves the current read-only postgresql database configuration for a specified supabase project's `ref`, noting that some advanced or security-sensitive details might be omitted from the response.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/gets/project/s/postgrest/config` — Retrieves the postgrest configuration for a specific supabase project.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/gets/project/s/service/health/status` — Retrieves the current health status for a supabase project, for specified services or all services if the 'services' list is omitted.
  - body: { ref: string, services: string[], timeout_ms?: integer }
- `POST https://api.mcp.ai/api/supabase/gets/project/s/supavisor/config` — Retrieves the supavisor (connection pooler) configuration for a specified supabase project, identified by its reference id.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/list/all/database/branches` — Lists all database branches for a specified supabase project, used for isolated development and testing of schema changes; ensure the project reference id is valid.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/list/all/functions` — Lists metadata for all edge functions in a supabase project (specified by 'ref'), excluding function code or logs; the project must exist.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/list/all/organizations` — Lists all organizations (id and name only) associated with the supabase account, excluding project details within these organizations.
- `POST https://api.mcp.ai/api/supabase/list/all/projects` — Retrieves a list of all supabase projects, including their id, name, region, and status, for the authenticated user.
- `POST https://api.mcp.ai/api/supabase/list/all/secrets` — Retrieves all secrets for a supabase project using its reference id; secret values in the response may be masked.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/list/members/of/an/organization` — Retrieves all members of a supabase organization, identified by its unique slug, including their user id, username, email, role, and mfa status.
  - body: { slug: string }
- `POST https://api.mcp.ai/api/supabase/lists/all/backups` — Lists all database backups for a supabase project, providing details on existing backups but not creating new ones or performing restores; availability may depend on plan and configuration.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/lists/all/buckets` — Retrieves a list of all storage buckets for a supabase project, without returning bucket contents or access policies.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/lists/all/sso/providers` — Lists all configured single sign-on (sso) providers for a supabase project, requiring the project reference id (`ref`) of an existing project.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/lists/sql/snippets/for/the/logged/in/user` — Retrieves a list of sql snippets for the logged-in user, optionally filtered by a specific supabase project if `project ref` is provided.
  - body: { project_ref?: string }
- `POST https://api.mcp.ai/api/supabase/removes/a/sso/provider/by/its/uuid` — Deletes a specific sso provider by its id (`provider id`) from a supabase project (`ref`), which disables it and returns its details; ensure this action will not inadvertently lock out users.
  - body: { ref: string, provider_id: string }
- `POST https://api.mcp.ai/api/supabase/resets/a/database/branch` — Resets an existing supabase database branch, identified by `branch id`, to its initial clean state, irreversibly deleting all its current data and schema changes.
  - body: { branch_id: string }
- `POST https://api.mcp.ai/api/supabase/restores/a/pitr/backup/for/a/database` — Restores a supabase project's database to a specific unix timestamp using point-in-time recovery (pitr), overwriting the current state; requires a paid plan with pitr and physical backups enabled.
  - body: { ref: string, recovery_time_target_unix: integer }
- `POST https://api.mcp.ai/api/supabase/retrieve/a/function` — Retrieves detailed information, metadata, configuration, and status for a specific edge function using its project reference id and function slug.
  - body: { ref: string, function_slug: string }
- `POST https://api.mcp.ai/api/supabase/retrieve/a/function/body` — Retrieves the source code (body) for a specified serverless edge function using its project reference and function slug; this is a read-only operation that does not execute the function or return runt
  - body: { ref: string, function_slug: string }
- `POST https://api.mcp.ai/api/supabase/returns/project/s/readonly/mode/status` — Retrieves the read-only mode status for a specified supabase project to check its operational state; this action does not change the read-only state.
  - body: { ref: string }
- `POST https://api.mcp.ai/api/supabase/update/a/function` — Updates an existing supabase edge function's properties (like name, slug, source code, jwt settings, import map) identified by project `ref` and `function slug`, supporting plain text code or eszip fo
  - body: { ref: string, body?: string, name?: string, slug?: string, import_map?: boolean, verify_jwt?: boolean, function_slug: string, entrypoint_path?: string, import_map_path?: string }
- `POST https://api.mcp.ai/api/supabase/update/database/branch/config` — Updates the configuration of a supabase database branch, allowing modification of its name, associated git branch, reset-on-push behavior, persistence, and status.
  - body: { status?: string, branch_id: string, git_branch?: string, persistent?: boolean, branch_name?: string, reset_on_push?: boolean }
- `POST https://api.mcp.ai/api/supabase/update/project/custom/hostname/action` — Updates the custom hostname for a supabase project, requiring subsequent dns changes to a user-controlled domain for ssl certificate issuance and domain ownership.
  - body: { ref: string, custom_hostname: string }
- `POST https://api.mcp.ai/api/supabase/update/ssl/enforcement/config` — Updates the ssl enforcement configuration (enable/disable) for a specified supabase project's database.
  - body: { ref: string, requestedConfig__database?: boolean }
- `POST https://api.mcp.ai/api/supabase/updates/a/sso/provider/by/its/uuid` — Updates an existing sso provider's saml metadata, associated email domains, or attribute mappings for a supabase project, identified by `ref` and `provider id`.
  - body: { ref: string, domains?: string[], provider_id: string, metadata_url?: string, metadata_xml?: string, attribute__mapping__keys?: object }
- `POST https://api.mcp.ai/api/supabase/updates/project/s/postgres/config` — Updates specified postgresql configuration parameters for an existing supabase project (`ref`) to optimize database performance; note that unspecified parameters remain unchanged, and caution is advis
  - body: { ref: string, work_mem?: string, max_wal_size?: string, wal_keep_size?: string, shared_buffers?: string, max_connections?: integer, statement_timeout?: string, effective_cache_size?: string, maintenance_work_mem?: string, max_parallel_workers?: integer, max_worker_processes?: integer, max_slot_wal_keep_size?: string, session_replication_role?: string, max_locks_per_transaction?: integer, max_standby_archive_delay?: string, max_standby_streaming_delay?: string, max_parallel_workers_per_gather?: integer, max_parallel_maintenance_workers?: integer }
- `POST https://api.mcp.ai/api/supabase/updates/project/s/postgrest/config` — Updates postgrest configuration settings (e.g., `max rows`, `db pool`, `db schema`, `db extra search path`) for a supabase project to fine-tune api performance, data exposure, and database resource us
  - body: { ref: string, db_pool?: integer, max_rows?: integer, db_schema?: string, db_extra_search_path?: string }
- `POST https://api.mcp.ai/api/supabase/updates/project/s/supavisor/config` — Updates the supavisor (database pooler) configuration, such as `default pool size`, for an existing supabase project identified by `ref`; the `pool mode` parameter in the request is deprecated and ign
  - body: { ref: string, pool_mode?: string, default_pool_size?: integer }

## More
- Page: https://mcp.ai/supabase
- Agent spec (llms.txt): https://mcp.ai/supabase/llms.txt
- Postman collection: https://mcp.ai/supabase/postman.json