Why is Supabase not working?

Common causes: (1) Row Level Security (RLS) enabled but no policy created — all queries return empty or 403; (2) auth session expired — JWT token has 1-hour default expiry; (3) connection pool limit reached on free tier (direct connections: 15); (4) Edge Function cold start timeout; (5) CORS error when calling Supabase from a browser without correct origin setting; (6) Supabase service outage — check prismix.dev/service/supabase.

Supabase query returns empty / 0 rows when data exists?

Almost always a Row Level Security (RLS) issue. If RLS is enabled on a table, no rows are returned unless a matching policy exists for the current user. To debug: (1) disable RLS temporarily to confirm it’s the issue: ALTER TABLE your_table DISABLE ROW LEVEL SECURITY; (2) or create a permissive policy: CREATE POLICY "allow all" ON your_table FOR ALL USING (true); (3) check which user is making the query — anon key uses anon role, service_role key bypasses RLS.

Supabase auth session not persisting?

(1) in client-side apps, call supabase.auth.getSession() to check current session; (2) JWT tokens expire after 1 hour by default — enable auto-refresh: const supabase = createClient(url, key, { auth: { autoRefreshToken: true, persistSession: true } }); (3) if using server-side rendering, ensure the session cookie is being set; (4) check auth.users table in Supabase dashboard to verify the user exists.

Supabase connection pool exhausted?

Free tier allows 15 direct connections. For apps with many serverless functions, use connection pooling via Supabase’s built-in PgBouncer (Transaction mode, port 6543) instead of the direct connection (port 5432): DATABASE_URL=postgresql://postgres.[ref]:[password]@aws-0-[region].pooler.supabase.com:6543/postgres. In Prisma, add ?pgbouncer=true&connection_limit=1 to the connection string.

Supabase Edge Functions not working?

(1) check function logs in Supabase Dashboard — Edge Functions — Logs; (2) cold start can take 1-3 seconds — edge functions spin down after inactivity; (3) env vars set in Supabase dashboard are available as Deno.env.get(‘VAR_NAME’); (4) deploy with: supabase functions deploy function-name --project-ref your-ref; (5) test locally with: supabase functions serve function-name.

Supabase Database Fix 5 min read

Supabase Not Working? Fix Auth, RLS, Connection & Edge Function Errors

Troubleshoot Supabase issues — auth session expired, Row Level Security blocking queries, database connection pool exhausted, Edge Functions cold start, and CORS errors when calling the API from a browser.

Supabase — live status

Updated every 5 minutes · Full incident history →

Full status →

Common errors and fixes

RLS blocking all queries

If Row Level Security is enabled on a table but no policy exists, Supabase returns 0 rows (or a 403) for every query regardless of what data exists. Confirm and fix:

-- Check if RLS is enabled on a table
SELECT tablename, rowsecurity
FROM pg_tables
WHERE schemaname = 'public';

-- Temporarily disable to test (don't leave this in production!)
ALTER TABLE your_table DISABLE ROW LEVEL SECURITY;

-- Create a basic policy for authenticated users
CREATE POLICY "Users can read their own data"
  ON your_table
  FOR SELECT
  USING (auth.uid() = user_id);

-- Create a policy allowing all authenticated users to read
CREATE POLICY "Authenticated users can read"
  ON your_table
  FOR SELECT
  TO authenticated
  USING (true);

anon key: uses the anon role — most restrictive, subject to RLS policies you define.
service_role key: bypasses RLS entirely — use only server-side, never expose to the browser.
Re-enable RLS after testing: ALTER TABLE your_table ENABLE ROW LEVEL SECURITY;

Auth session issues

JWT tokens expire after 1 hour by default. Configure the client to auto-refresh and persist the session:

import { createClient } from '@supabase/supabase-js';

const supabase = createClient(
  process.env.NEXT_PUBLIC_SUPABASE_URL!,
  process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
  {
    auth: {
      autoRefreshToken: true,    // refresh before expiry
      persistSession: true,      // store in localStorage
      detectSessionInUrl: true,  // handle OAuth callbacks
    },
  }
);

// Check current session
const { data: { session }, error } = await supabase.auth.getSession();
if (!session) {
  // User not signed in
  await supabase.auth.signInWithOAuth({ provider: 'github' });
}

// Listen for auth changes
supabase.auth.onAuthStateChange((event, session) => {
  console.log(event, session); // SIGNED_IN, SIGNED_OUT, TOKEN_REFRESHED
});

Server-side rendering: ensure the session cookie is being set correctly — use @supabase/ssr for Next.js / SvelteKit server-side auth.
Verify user exists: check auth.users table in the Supabase Dashboard to confirm the account was created.

Database connection pool exhausted

Free tier allows 15 direct connections. For serverless environments (Vercel, Netlify, Cloudflare Workers), always use the pooled connection:

# Direct connection (port 5432) — max 15 on free tier
postgresql://postgres:[password]@db.[ref].supabase.co:5432/postgres

# Pooled connection via PgBouncer (port 6543) — use this for serverless
postgresql://postgres.[ref]:[password]@aws-0-[region].pooler.supabase.com:6543/postgres

For Prisma, add connection limits to avoid saturating the pool:

# .env
DATABASE_URL="postgresql://[email protected]:6543/postgres?pgbouncer=true&connection_limit=1"
DIRECT_URL="postgresql://...@db.[ref].supabase.co:5432/postgres"

// schema.prisma
datasource db {
  provider  = "postgresql"
  url       = env("DATABASE_URL")
  directUrl = env("DIRECT_URL")  // for migrations
}

Transaction mode (port 6543): each query gets a connection from the pool and releases it immediately — ideal for serverless.
Session mode (port 5432): connection is held for the entire session — use for long-running processes only.

CORS errors on API calls

Supabase handles CORS for its REST API automatically. If you're getting CORS errors, the issue is usually in your setup:

Common mistakes: calling a localhost Supabase URL in production, or proxying through your own API without setting the correct headers. Never expose the service_role key to the browser.

For custom Edge Functions, add CORS headers manually:

// supabase/functions/my-function/index.ts
const corsHeaders = {
  'Access-Control-Allow-Origin': '*',
  'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
};

Deno.serve(async (req) => {
  if (req.method === 'OPTIONS') {
    return new Response('ok', { headers: corsHeaders });
  }
  // ... your function logic
  return new Response(JSON.stringify(data), {
    headers: { ...corsHeaders, 'Content-Type': 'application/json' },
  });
});

Always handle OPTIONS preflight: browsers send a preflight OPTIONS request before any cross-origin POST — return 200 with CORS headers.
Restrict origin in production: replace '*' with your actual domain for tighter security.

Edge Functions — deploy and debug

Cold start can take 1–3 seconds for infrequently called functions. Use the Supabase CLI to deploy and tail logs:

# Install Supabase CLI
npm install -g supabase

# Login
supabase login

# Test locally (starts a local Supabase stack)
supabase start
supabase functions serve my-function --env-file .env.local

# Deploy to production
supabase functions deploy my-function --project-ref your-project-ref

# View logs
supabase functions logs my-function --project-ref your-project-ref

Environment variables: set in Dashboard → Edge Functions → Secrets. Access with Deno.env.get('MY_VAR').
Cold start latency: 1–3s is normal for infrequently-called functions — warm up with a periodic ping if latency matters.
Check logs first: Dashboard → Edge Functions → Logs shows runtime errors, uncaught exceptions, and invocation details.

🔔

Know when Supabase has an outage

Free email alerts. Star Supabase on Prismix — no credit card needed.

View status Sign in free →

FAQ

Supabase vs Firebase — which is more reliable?

Both are managed BaaS platforms. Supabase is Postgres-based (open source, self-hostable). Firebase uses Firestore (NoSQL, Google infrastructure). For reliability comparison, check prismix.dev/service/supabase. Supabase had some growing pains in 2022–2023 but has stabilized significantly.

Supabase free tier limits

Free tier: 500MB database, 1GB storage, 2GB bandwidth, 50MB Edge Function memory, 500K Edge Function invocations/month. Projects pause after 1 week of inactivity (can be resumed manually). No credit card required for free tier.

Supabase AI / pgvector for embeddings

Supabase supports the pgvector extension for storing and querying embeddings. Enable it: CREATE EXTENSION vector; Then create a table: CREATE TABLE documents (id bigint primary key, content text, embedding vector(1536)); Use with OpenAI embeddings or any 1536-dim model for semantic search.

Monitor related services

Supabase status → OpenAI API not working → Anthropic API not working → All AI status → All guides →