What Is Supabase?
Supabase is an open-source Backend-as-a-Service (BaaS) built on top of PostgreSQL. It positions itself as a Firebase alternative, but with a relational database at its core instead of a NoSQL document store. Supabase provides authentication, a Postgres database with real-time subscriptions, file storage, Edge Functions, and auto-generated REST and GraphQL APIs.
As of 2026, Supabase has official SDKs for JavaScript, Flutter, Swift, and Kotlin, making it viable for all major mobile platforms.
Core Services
Authentication
Supabase Auth supports email/password, magic links, phone OTP, and over 20 OAuth providers including Google, Apple, GitHub, and Discord. User sessions are managed through JWT tokens with configurable expiry. Multi-factor authentication (MFA) with TOTP is supported natively.
Database (PostgreSQL)
The biggest differentiator from Firebase is a full PostgreSQL database:
- Full SQL support - Joins, aggregations, window functions, CTEs
- Auto-generated APIs - Every table gets instant REST and GraphQL endpoints via PostgREST
- Database functions - Write server-side logic in SQL or PL/pgSQL
- Full-text search - Built-in tsvector search without third-party tools
- Foreign keys and constraints - Enforce data integrity at the database level
Real-time
Supabase Realtime listens to PostgreSQL changes and broadcasts them to connected clients via Postgres Changes, Broadcast (pub/sub), and Presence (online status tracking).
Edge Functions
Edge Functions are server-side TypeScript functions deployed to Deno runtime globally with sub-50ms cold starts. Ideal for webhooks, payment processing, and third-party API integrations.
Row Level Security (RLS)
RLS is the cornerstone of Supabase security. Instead of writing middleware to check permissions, you define policies directly on database tables:
- Enable RLS on every table - Tables without RLS are publicly accessible through the API
- Use auth.uid() in policies to reference the current user
- Create separate policies for SELECT, INSERT, UPDATE, and DELETE operations
Supabase vs Firebase
| Feature | Supabase | Firebase |
|---|---|---|
| Database | PostgreSQL (relational) | Firestore (NoSQL) |
| Query language | SQL | Proprietary SDK methods |
| Offline support | Limited (community solutions) | Built-in offline persistence |
| Self-hosting | Yes (Docker Compose) | No |
| Vendor lock-in | Low (standard Postgres) | High (proprietary format) |
| Pricing model | Predictable tiers | Pay-per-operation |
Pricing in 2026
| Plan | Price | Database | Storage | Edge Functions |
|---|---|---|---|---|
| Free | $0/month | 500 MB, 2 projects | 1 GB | 500K invocations |
| Pro | $25/month | 8 GB | 100 GB | 2M invocations |
| Team | $599/month | 8 GB + addons | 100 GB + addons | 2M + addons |
Supabase pricing is more predictable than Firebase because it is tier-based rather than per-operation.
Offline Support Considerations
The primary weakness of Supabase for mobile apps is limited offline support. Unlike Firebase, which has built-in offline persistence, Supabase requires you to implement your own caching layer. Use the PowerSync integration for automated offline-first sync, or combine SQLite/WatermelonDB locally with Supabase sync logic.
Getting Started
Create a project at supabase.com and grab your project URL and anon key. Install the Supabase client SDK for your platform. Start by setting up authentication, then create your database tables through the dashboard or SQL migrations. Enable RLS on every table before going to production.