All Products
Search
Document Center

AnalyticDB:Supabase

Last Updated:Jun 08, 2026

AnalyticDB for PostgreSQL Supabase is a fully managed application development platform based on the open-source Supabase. It is enhanced with Alibaba Cloud infrastructure to provide high performance, robust security, and a comprehensive ecosystem. AnalyticDB for PostgreSQL lets you retain resource ownership while providing full management capabilities, flexible compute and storage configurations, and native support for third-party OAuth providers, such as Alipay and WeChat. It also adds core features, such as Edge Routines, which are not available in the open-source version, and is highly consistent with the Supabase Cloud user experience and API.

Core features

Feature

Description

Native Alipay/WeChat OAuth support

Natively integrates third-party logon authentication with Alipay and WeChat. This feature is ready to use without adapting the OAuth flow. It applies to various scenarios, such as web, apps, and miniapps, and greatly reduces integration costs.

Full-lifecycle Edge Routines experience

Supports the full lifecycle of Supabase Edge Routines, including development, deployment, and log observation. It provides low-latency calls, stable execution, and event trigger capabilities. It also offers a native Secrets management feature to securely manage sensitive information, such as API keys, tokens, and keys.

Full-link log observability

Modules such as Edge Routines, database, Auth, and Storage all have a clear and observable log system. Developers can view execution logs, debug information, and locate errors on the dashboard. This significantly improves development efficiency and troubleshooting speed, enabling a true self-service development experience.

Ecosystem compatibility and easy migration

The API and software development kit (SDK) are compatible. A migration solution is provided for easy migration from the official Supabase without modifying application code.

Native MCP Server support

Supports Model Context Protocol (MCP) Server. This allows intelligent applications, such as LLM and Agent, to directly call resources like databases, Storage, and Edge Routines. This enables more natural and powerful AI call links, suitable for building intelligent assistants, automated services, and data-driven applications.

Enterprise-grade security

Provides VPC network isolation, access auditing, encrypted transmission, a permission system, and security policies for Object Storage Service.

Fully managed and maintenance-free experience

Offers multiple instance types and supports scaling to meet different business needs. Provides enterprise-grade features, such as version upgrades and data backups, so developers can focus on their business without building their own clusters.

Pricing

  • Free Edition: A free tier with 1 vCPU and 2 GB of memory is available.

    Important

    The free project is for development and testing only. Do not use it in a production environment.

  • Paid Edition: Creating a project incurs fees for compute and storage resources. For the pricing of different compute resource specifications, see Supabase. For a detailed breakdown of project charges, see the purchase page on the console.

Create a Supabase project

  1. Log on to the AnalyticDB for PostgreSQL console.

  2. In the upper-left corner of the console, select the region where the instance is located.

  3. In the navigation pane on the left, click Supabase.

  4. In the upper-right corner of the page, click Create Project, and select Create Project (Free Trial) or Create Project (Paid Plan).

  5. Set the parameters.

    Create a free trial

    Parameter

    Description

    Project Name

    The name of the project.

    Zone

    A zone is an independent physical area within a region. There is no significant difference between zones.

    Specifications

    Select the project specifications.

    Database Account

    Fixed at postgres.

    Database Password, Confirm Password

    The password for the initial account. The password must meet the following requirements:

    • Be 8 to 32 characters in length.

    • Contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.

    • The supported special characters are: !@#$%^&*()_+-=.

    Note

    After you create an instance, you can change the database password in the console or by calling the ResetSupabaseProjectPassword operation.

    VPC

    Select the ID of the virtual private cloud (VPC).

    A VPC is an isolated network environment that offers higher security and better performance than a classic network. You must first create a VPC and a vSwitch in the same region as the instance.

    VSwitch

    Select a vSwitch in the VPC.

    If no vSwitches are available, no vSwitch resources are available in the zone. You can switch to another zone or create a vSwitch in the current zone.

    Enable Whitelist Restriction

    Select whether to enable the whitelist restriction.

    IP Address Whitelist

    Set the IP addresses to add to the whitelist.

    Create with payment

    Parameter

    Description

    Product Type

    Select subscription or pay-as-you-go.

    Region and Zone

    Select the region and zone. A zone is an independent physical area within a region. There is no significant difference between zones.

    Computing Resource Specifications

    Select the size of the compute resource specifications. A specification with 4 GB of memory or more is recommended.

    Disk Storage Type

    Select the disk storage class.

    Storage Resource Specifications

    Select the size of the storage resource specifications.

    Project Name

    Enter a project name.

    Important

    The project name must be unique.

    Reset Password

    Set the password for the database. The password must meet the following requirements:

    • Be 8 to 32 characters in length.

    • Contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.

    • The supported special characters are: !@#$%^&*()_+-=.

    Note

    Virtual Private Cloud (VPC)

    Select the ID of the VPC.

    A VPC is an isolated network environment that offers higher security and better performance than a classic network. You must first create a VPC and a vSwitch in the same region as the instance.

    VSwitch

    Select a vSwitch in the VPC.

    If no vSwitches are available, no vSwitch resources are available in the zone. You can switch to another zone or create a vSwitch in the current zone.

    Resource Group

    Select a resource group.

  6. Confirm the parameter configuration and complete the project creation.

    • For a free test project: Click OK.

    • For a paid project: Click Buy Now, confirm the order information, and click Activate Now.

Use a Supabase project

  1. Log on to the Supabase Dashboard.

    1. In the Actions column of the target instance, click Manage.

    2. Copy the logon account and logon password, and then click Go to. You are redirected to the Supabase Dashboard logon window.

    3. Enter the username and password to log on to the Supabase Dashboard.

    image

  2. Obtain API keys.

    • Obtain the anon key for database operations such as create, read, update, and delete (CRUD).

      1. In the upper-left corner of the Supabase Dashboard, click Connect.

      2. In the pop-up window, click App Frameworks to obtain the SUPABASE_URL and SUPABASE_ANON_KEY of the Supabase instance.

      image

    • Obtain the service role key for operations such as identity verification and authorization.

      1. In the navigation pane on the left of the Supabase Dashboard, click API Docs.

      2. Click Introduction > Bash, and set Project API Key to service_role(secret).

        image

      3. Click Authentication to obtain the SERVICE KEY.

        image

  3. Use the instance.

    Important

    Store API keys in environment variables to avoid hardcoding them in your code and reduce the risk of leaks.

    • Manage the database using the Supabase RESTful API.

      You can perform CRUD operations on the database at https://<SUPABASE_URL>/rest/v1/. For example, to query the users table in the database, run the following command:

      curl 'http://<SUPABASE_URL>/rest/v1/users'-H "Authorization: Bearer <anon key>" -H "apikey: <anon key>" -H "Content-Type: application/json"
    • Manage features such as user registration and identity verification using the Supabase Auth API.

      For example, to query all users in the database, run the following command:

      curl 'http://<SUPABASE_URL>/admin/users' -H "Authorization: Bearer <service role key>" -H "apikey: <service role key>" -H "Content-Type: application/json"
Note

For more information about features, see the official Supabase documentation.

Manage a Supabase project

Change the database password

In the Actions column of the target instance, click Change Password. In the pop-up window, enter the new password and click OK.

Modify the whitelist

In the Actions column of the target instance, click Modify Whitelist. In the pop-up window, enter the IP whitelist and click OK.

Delete a Supabase project

In the Actions column of the target instance, click Release. In the pop-up window, click OK.

Related APIs

API

Description

CreateSupabaseProject - Creates a Supabase project

Creates a Supabase project.

ListSupabaseProjects - Lists Supabase projects

Queries a list of Supabase projects.

GetSupabaseProjectApiKeys

Queries the API keys of a Supabase project, including the anon key and the service role key.

ResetSupabaseProjectPassword - Resets the database password for a Supabase project

Resets the database password of a Supabase project.

ModifySupabaseProjectSecurityIps – Modify the IP whitelist of a Supabase project

Sets the whitelist of a Supabase project.

DeleteSupabaseProject - Deletes a Supabase project

Deletes a Supabase project.

FAQ

How do I connect directly to a PostgreSQL database?

For instances created after August 27, 2025, AnalyticDB for PostgreSQL Supabase supports standard PostgreSQL direct connections. You can use common tools such as psql, Java Database Connectivity (JDBC), DBeaver, DataGrip, and Tableau to connect to AnalyticDB Supabase.

Procedure:

  1. Log on to the AnalyticDB for PostgreSQL console, select the region where the instance is located, and then in the navigation pane on the left, click Supabase.

  2. Set the whitelist.

    Click Modify Whitelist in the Actions column of the target project to add the public IP address of your client to the Supabase project whitelist.

    image

  3. (Optional) Set and save the database account password.

    Click Modify Password in the Actions column of the target project, and then set and securely store the database account password.

  4. Obtain the connection information and connect to the database.

    • Default port: 5432.

    • Connection address: Click Manage in the Actions column of the target project, and then click Go To. You are redirected to a URL in the format http://<IP>:8000. The <IP> part of this URL is the database connection address.

How do I modify Auth configuration?

The Auth service provides the PATCH /auth/v1/modify/settings endpoint for dynamically modifying authentication configurations at runtime without restarting the service.

Authentication

You must use the Service Role Key for authentication by including it in both the Authorization and apikey headers.

Usage notes

  • The request body is JSON. You only need to include the fields that you want to modify. Fields that are not included remain unchanged.

  • Configuration changes take effect immediately through hot reloading without requiring a restart.

  • Configurations are persisted in the database and are not lost after a service restart.

Example: Modify the JWT expiration time

Change the JWT access token expiration time from the default 3600 seconds to 7200 seconds:

curl -X PATCH https://<project_domain>/auth/v1/modify/settings \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <SERVICE_ROLE_KEY>" \
  -H "apikey: <SERVICE_ROLE_KEY>" \
  -d '{"jwt_exp": 7200}'

View current configuration

Use the GET /auth/v1/settings endpoint to view all current configuration values:

curl https://<project_domain>/auth/v1/settings \
  -H "Authorization: Bearer <SERVICE_ROLE_KEY>" \
  -H "apikey: <SERVICE_ROLE_KEY>"

The response contains all configurable parameters and their current values. Sensitive fields such as secrets and passwords are hidden. The JSON field names in the response are the parameter names accepted by the modify/settings endpoint.