Supabase Admin

Thursday, 23 Sep 2021

This is the Supabase equivalent of the Firebase Admin SDK.

Why do I need Supabase Admin?

You need this capability for certain actions in your server side code.

Your server will (generally) not have a valid user session, which means it cannot interact with your database tables with row level security (RLS) implemented.

E.g. you have an endpoint that receives Stripe webhooks and want to persist some details from the webhook to a RLS enabled table.

⚠️ Warning ⚠️

The entire point of the Supabase Admin is to bypass your security. Therefore, ensure the admin is never exposed client-side, and only use the admin if absolutely necessary.

Again, never use the admin in client code.


We need to import a secret key from our environment variables. So add dotenv (or similar) to your project dependencies.

I have a learning snippet on handling secret environment variables with SvelteKit here.

How do I do it?

It’s really simple.

Grab the service_role secret from your Supabase > Settings > API and add it as an environment variable.



Then create a client like normal but use the service_role instead of the anon key.


import { createClient } from '@supabase/supabase-js';
import dotenv from 'dotenv';


const supabaseUrl = import.meta.env.VITE_SUPABASE_URL as string;
const supabaseServiceKey = process.env['SUPABASE_SERVICE_KEY'];

export const supabaseAdmin = createClient(supabaseUrl, supabaseServiceKey);

Now you can use supabaseAdmin in your project’s server-side code to bypass all row level security.

You use supabaseAdmin the same way you use the normal supabase client.


import { supabaseAdmin } from '$lib/utils/supabase-admin';

await supabaseAdmin.from('table_name').select('*');