Resources/The Agent API Atlas/Data/Supabase

Everything an AI agent can do with the Supabase API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints31
API versionv1
Last updated23 June 2026
Orientation

How the Supabase Management API works.

The Supabase API is how an app or AI agent manages a Supabase account from the outside: listing and creating projects, running SQL against a project's database, deploying Edge Functions, reading and writing secrets, and changing auth settings. Access is granted through an access token, where a personal access token carries the full reach of the user who made it, while an OAuth app is limited to the permissions granted when it was authorized. It manages the projects rather than the data inside them, and it has no event stream to subscribe to.

31Endpoints
10Capability groups
13Read
18Write
25Permissions
Authentication
Every request needs an access token sent as 'Authorization: Bearer '. Two kinds exist. A personal access token is generated by hand in the dashboard and carries the full reach of the account that created it, with no narrowing. An OAuth app token is issued through an authorization flow and is meant to be limited to chosen permissions. There is no anonymous access to the Management API.
Permissions
The API defines fine-grained permissions for each method, such as database_read, database_write, edge_functions_write, and project_admin_write. These are honored for OAuth apps, where each is granted at authorization time. A personal access token ignores them entirely and can call every method the account can reach, so it is all-or-nothing access to the whole account. There is no way to narrow a personal access token to a single project or a single permission.
Versioning
The Management API is served under a single stable major version, v1, reached under the /v1 path prefix. It is not versioned by date, and there is no version header to pin. New endpoints and fields are added over time through the changelog, and an earlier experimental v0 still backs a few endpoints. Some v1 endpoints are themselves marked Beta or Alpha in the reference.
Data model
The API is resource-oriented JSON over HTTPS at https://api.supabase.com. Account-level resources live at /v1/projects and /v1/organizations, while a project's own resources nest under /v1/projects/{ref}, where ref is the project's reference id, covering its database, functions, secrets, config, branches, and API keys. The SQL query endpoint runs arbitrary statements against the project's Postgres database, so it is the widest-reaching write in the API.
Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Supabase determines what it can reach. There are several routes, each governed by the access token behind it and, for an OAuth app, the permissions that token carries.

Ways to connect

Management API (REST)

The Management API answers at https://api.supabase.com under the /v1 path prefix. It is a REST API for managing projects, the database, functions, secrets, and config, and every call carries an access token as a bearer token.

Best forConnecting an app or AI agent to a Supabase account.
Governed byThe access token, and for an OAuth app the permissions it was granted.
Docs ↗

MCP server (Model Context Protocol)

Supabase publishes a first-party MCP server at https://mcp.supabase.com/mcp, which lets an AI assistant manage projects, run SQL, deploy functions, and read logs. It authenticates by OAuth through dynamic client registration by default, and also accepts a personal access token. It supports a read-only mode and a single-project scope, and Supabase recommends pointing it at a development project. The source is at github.com/supabase-community/supabase-mcp.

Best forConnecting an AI assistant to a Supabase account.
Governed byThe access token, plus the server's read-only and project-scope options.
Docs ↗

OAuth2 for the Management API

An OAuth app is authorized through a browser flow and exchanges an auth code for an access and refresh token at https://api.supabase.com/v1/oauth/token. It acts on behalf of a Supabase user and is limited to the fine-grained permissions granted at authorization.

Best forSoftware acting on behalf of other Supabase users.
Governed byThe OAuth permissions granted at authorization.
Docs ↗
Authentication

Personal access token

A personal access token is generated by hand in the dashboard and sent as a bearer token. It carries the full reach of the account that created it, across every project and organization, with no way to narrow it to one project or one permission.

TokenPersonal access token
Best forScripts and automation run by one person
Docs ↗

OAuth app token

An OAuth app token is issued through an authorization flow and is limited to the fine-grained permissions granted when the app was authorized, such as database_read or edge_functions_write. It is the least-privilege choice and the one meant for software acting on behalf of other users.

TokenOAuth access token
Best forIntegrations acting for other Supabase users
Docs ↗
Capability map

What an AI agent can do in Supabase.

The Management API is split into areas an agent can act on, such as projects, the database, Edge Functions, secrets, and auth configuration. Each area has its own methods and its own permission, and some grant access to far more than others.

Projects

6 endpoints

List, read, create, and delete projects, and pause or restore a project.

Writes here create, delete, or pause whole projects.
View endpoints

Organizations

2 endpoints

List the organizations the account belongs to and create a new one.

Writes here create real organizations.
View endpoints

Database

5 endpoints

Run SQL against a project's Postgres database, run read-only SQL, list and apply migrations, and enable Database Webhooks.

The query endpoint can read or write anything in the database.
View endpoints

Edge Functions

5 endpoints

List, read, create, update, deploy, and delete a project's Edge Functions, and read a function's body.

Writes here change the code that runs on a project.
View endpoints

Secrets

3 endpoints

List a project's secrets, bulk-create secrets, and bulk-delete them by name.

Secrets hold the credentials an Edge Function runs with.
View endpoints

Auth config

2 endpoints

Read and update a project's auth configuration, such as sign-up rules and SMTP settings.

Writes here change how users sign in to the project.
View endpoints

Project config

2 endpoints

Read and update a project's Postgres configuration and storage configuration.

Writes here change live database and storage settings.
View endpoints

Storage

1 endpoint

List a project's storage buckets.

Reads here list the buckets that hold files.
View endpoints

API keys

2 endpoints

List and create a project's data-API keys.

These keys grant access to the project's own data API.
View endpoints

Branches

3 endpoints

List, read, create, update, and delete a project's database branches.

Writes here create or remove preview database environments.
View endpoints
Endpoint reference

Every Supabase Management API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

MethodEndpointWhat it doesAccessPermissionVersion

Projects

List, read, create, and delete projects, and pause or restore a project.6

OAuth-app permission. A personal access token ignores permissions and lists every project the account can reach.

Acts onproject
Permission (capability)projects_read
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission. Creating a project incurs billing on a paid organization.

Acts onproject
Permission (capability)organization_projects_create
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission. ref is the project's reference id.

Acts onproject
Permission (capability)project_admin_read
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission. This destroys the project and its database.

Acts onproject
Permission (capability)project_admin_write
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission. A paused project stops serving requests until it is restored.

Acts onproject
Permission (capability)project_admin_write
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission.

Acts onproject
Permission (capability)project_admin_write
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

Organizations

List the organizations the account belongs to and create a new one.2

OAuth-app permission.

Acts onorganization
Permission (capability)organizations_read
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission.

Acts onorganization
Permission (capability)organizations_create
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

Database

Run SQL against a project's Postgres database, run read-only SQL, list and apply migrations, and enable Database Webhooks.5

OAuth-app permissions: database_write and database_read. The statement can read or write anything in the database, so this is the widest-reaching call in the API.

Acts onquery
Permission (capability)database_write
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission. Runs as a read-only Postgres role, so it is the safer choice when an agent only needs to read.

Acts onquery
Permission (capability)database_read
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission.

Acts onmigration
Permission (capability)database_migrations_read
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission. Runs schema changes against the database and keeps a recorded history.

Acts onmigration
Permission (capability)database_migrations_write
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission. This turns on a per-project feature that sends row changes to a URL; it is not an event stream from the Management API.

Acts ondatabase webhook
Permission (capability)database_webhooks_config_write
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

Edge Functions

List, read, create, update, deploy, and delete a project's Edge Functions, and read a function's body.5

OAuth-app permission.

Acts onfunction
Permission (capability)edge_functions_read
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission. A separate body endpoint returns the function's source.

Acts onfunction
Permission (capability)edge_functions_read
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission. This changes the code that runs on the project.

Acts onfunction
Permission (capability)edge_functions_write
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission.

Acts onfunction
Permission (capability)edge_functions_write
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission.

Acts onfunction
Permission (capability)edge_functions_write
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

Secrets

List a project's secrets, bulk-create secrets, and bulk-delete them by name.3

OAuth-app permission. Secrets are the credentials an Edge Function runs with.

Acts onsecret
Permission (capability)edge_functions_secrets_read
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission. Accepts several secrets in one call.

Acts onsecret
Permission (capability)edge_functions_secrets_write
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission.

Acts onsecret
Permission (capability)edge_functions_secrets_write
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

Auth config

Read and update a project's auth configuration, such as sign-up rules and SMTP settings.2

OAuth-app permission.

Acts onauth config
Permission (capability)auth_config_read
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permissions: auth_config_write and project_admin_write. Changes how users sign in to the project.

Acts onauth config
Permission (capability)auth_config_write
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

Project config

Read and update a project's Postgres configuration and storage configuration.2

OAuth-app permission.

Acts ondatabase config
Permission (capability)database_config_read
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission. Changes live database engine settings.

Acts ondatabase config
Permission (capability)database_config_write
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

Storage

List a project's storage buckets.1

OAuth-app permission. The Management API lists buckets; objects inside them are handled by the project's own Storage API.

Acts onbucket
Permission (capability)storage_read
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

API keys

List and create a project's data-API keys.2

OAuth-app permission. These are the keys that grant access to the project's own data API, distinct from the Management API token.

Acts onapi key
Permission (capability)api_gateway_keys_read
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permission.

Acts onapi key
Permission (capability)api_gateway_keys_write
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

Branches

List, read, create, update, and delete a project's database branches.3

OAuth-app permissions: branching_production_read and branching_development_read. Branching is a paid, experimental feature.

Acts onbranch
Permission (capability)branching_development_read
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permissions: branching_production_create and branching_development_create. Creates a separate preview database environment.

Acts onbranch
Permission (capability)branching_development_create
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗

OAuth-app permissions: branching_production_delete and branching_development_delete.

Acts onbranch
Permission (capability)branching_development_delete
VersionAvailable since the API’s base version
Webhook eventNone
Rate limitStandard limits apply
SourceOfficial documentation ↗
No endpoints match those filters.
Webhooks

Webhook events.

The Management API does not push events. It can switch on a project's own Database Webhooks feature, which then sends row changes from that project's tables to a URL, but the Management API itself has no event stream an agent can subscribe to.

EventWhat it signalsTriggered by
No events match that search.
Rate limits & pagination

Rate limits, pagination & request size.

Supabase limits how fast an app or AI agent can call the Management API, through a per-minute request quota that is tracked separately for each user and each project or organization, with stricter caps on a few heavy endpoints.

Request rate

Supabase caps Management API calls per minute, tracked on a per-user, per-scope model, so each user gets an independent quota for each project and each organization, and traffic to one project does not eat into another's. The standard ceiling is 120 requests per minute. A few heavy endpoints are stricter, for example the database metadata endpoint is held to about 10 requests per minute and no more than 1 per second. Going over returns 429 Too Many Requests for the rest of that minute, and the X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset response headers report the current state. The guidance is to back off using X-RateLimit-Reset and to batch operations where an endpoint supports it, such as bulk secret creation.

Pagination

Most Management API list endpoints return the full set in one response rather than paging, since the lists, such as a user's projects or a project's functions, are small. The action-runs list endpoint is the exception and is paginated, with a companion HEAD request that returns the total count.

Request size

Requests and responses are JSON over HTTPS. The SQL query endpoint accepts a statement in the request body and returns its result rows as JSON. Individual endpoints set their own field limits rather than the API enforcing one global payload size.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

StatusCodeMeaningWhat to do
401UnauthorizedThe access token is missing, invalid, or expired.Send a valid token in the Authorization header as 'Bearer '.
403ForbiddenThe token is valid but lacks the permission for this method, which applies to an OAuth app that was not granted the matching fine-grained permission.Re-authorize the OAuth app with the permission the method needs, or use a token with the required reach.
404Not FoundThe project reference id or other resource in the path does not exist, or the token cannot see it.Confirm the project ref and the path, and that the token has access to the resource.
429Too Many RequestsThe per-minute rate limit for this user and scope was exceeded. All further calls return 429 for the rest of the minute.Back off until the X-RateLimit-Reset time, then retry, and batch calls where an endpoint allows it.
500Internal Server ErrorSupabase hit an unexpected error handling the request.Retry with backoff, and check the Supabase status page if it persists.
Versioning & freshness

Version history.

The Management API is served under a single stable major version, v1. Changes ship continuously through the changelog rather than through dated version strings, and an earlier experimental v0 still exists for a few endpoints.

Version history

What changed, and when

Latest versionv1
v1Current version
Stable Management API

The Management API is served under a single stable major version, v1, reached under the /v1 path prefix at https://api.supabase.com. It is not versioned by date and has no version header to pin. New endpoints and fields are added over time through the changelog, and some v1 endpoints are individually marked Beta or Alpha in the reference. An earlier experimental v0 still backs a few endpoints.

What changed
  • Single stable v1 surface for managing projects, database, functions, secrets, config, and branches
  • New endpoints added over time rather than minted as a new dated version
  • Individual endpoints can carry a Beta or Alpha label, such as the SQL query and branch-diff endpoints
  • An earlier experimental v0 remains for a small number of endpoints
Beta
CLI v1 and Management API beta

Supabase announced the Management API in beta alongside CLI v1, opening programmatic management of organizations and projects to all users. It was released in 2022.

What changed
  • Public beta of the Management API for managing organizations and projects
  • Shipped alongside the Supabase CLI v1 release

An integration calls the stable v1 paths; new endpoints are added over time rather than minted as a new version.

Supabase changelog ↗
Questions

Supabase Management API, answered.

Personal access token or OAuth app, which should I use?+
It depends on who the integration acts for. A personal access token is fast to create and suits a script run by one person, but it carries that account's full reach across every project and organization, with no way to narrow it. An OAuth app is the choice for software acting on behalf of other users, because it is issued through an authorization flow and can be limited to chosen fine-grained permissions. For an AI agent, the safest pattern is a token scoped down by a gateway in front of the API rather than a raw personal access token.
Can I limit a token to a single project or a single permission?+
Only for OAuth apps. The Management API defines fine-grained permissions, such as database_read or edge_functions_write, and an OAuth app is granted only the ones it asked for at authorization. A personal access token does not support this at all: it can call every method the account can reach, against every project and organization, so it is all-or-nothing. Narrowing a personal access token to one project or one permission has to be done outside Supabase, by a layer that filters its calls.
Is this the same API my app uses to read and write data?+
No. The Management API manages the projects themselves, like creating a project, deploying a function, or changing auth settings. The data inside a project is read and written through that project's own auto-generated data API, a separate PostgREST endpoint at the project's URL with its own anon and service-role keys. The one overlap is the Management API's SQL query endpoint, which runs statements directly against the project's Postgres database.
How do I run SQL through the Management API?+
Two endpoints run SQL against a project's Postgres database, both still marked Beta. The query endpoint runs arbitrary statements, so it can read or write anything in the database and is the widest-reaching call in the API. The read-only query endpoint runs the same statement as a restricted Postgres user that cannot write, which is the safer choice when an agent only needs to read. Schema changes can also go through the migration endpoints, which keep a recorded history.
What are the rate limits?+
The standard limit is 120 requests per minute, tracked separately for each user and each project or organization, so one project's traffic does not count against another's. A few heavy endpoints are stricter, such as the database metadata endpoint at about 10 per minute and 1 per second. Exceeding a limit returns 429 Too Many Requests for the rest of that minute, and the X-RateLimit-Remaining and X-RateLimit-Reset response headers say how much is left and when the window resets.
Does Supabase have an official MCP server?+
Yes. Supabase publishes a first-party Model Context Protocol server at https://mcp.supabase.com/mcp, which lets an AI assistant manage projects, run SQL, deploy functions, and read logs through the Management API. It authenticates by OAuth through dynamic client registration by default, and also accepts a personal access token. It supports a read-only mode that runs all queries as a read-only Postgres user, and a project scope that limits it to one project and disables account-level tools. Supabase recommends pointing it at a development project, not production.
Does the Management API push events to a webhook?+
No. The Management API has no event stream an agent can subscribe to, so changes are seen by calling it. It can switch on a project's own Database Webhooks feature, which then sends a project's table row changes to a URL, but that is a per-project data feature, not an event feed from the Management API itself.
Related

More data API guides for agents

Fivetran

45 endpoints
View guide

Databricks

40 endpoints
View guide

Snowflake

36 endpoints
View guide

dbt

32 endpoints
View guide

BigQuery

31 endpoints
View guide

Airbyte

27 endpoints
View guide
What is Bollard AI?

Control what every AI agent can do in Supabase.

Bollard AI sits between a team's AI agents and the Supabase Management API. Grant each agent exactly the access it needs, read or write, area by area, and every call is checked and logged.

  • Set read, write, or full access per agent, never a shared Supabase access token.
  • Denied by default, so an agent reaches only what has been explicitly allowed.
  • Every call recorded in plain English: who, what, where, and the decision.
Control Supabase access in BollardBrowse all APIs
Supabase
Ops Agent
Read project details ResourceOffReadFull use
Run read-only SQL queries ActionOffReadFull use
Deploy Edge Functions ActionOffReadFull use
Manage secrets ResourceOffReadFull use
Delete a project ActionOffReadFull use
Per-agent access, set in Bollard AI, not in Supabase