Supabase: Open Source Firebase Alternative with PostgreSQL (2026)
Supabase: Open Source Firebase Alternative with PostgreSQL (2026)
Quick Answer
Supabase is an open-source Backend-as-a-Service built on PostgreSQL. Unlike proprietary BaaS solutions, Supabase uses standard PostgreSQL—meaning your data is portable and never locked in. The platform provides auto-generated REST APIs (via PostgREST), authentication, real-time subscriptions, object storage, and Deno-based Edge Functions. Row Level Security (RLS) enables direct database access from client applications while maintaining data isolation.
What is Supabase?
Supabase positions itself as “PostgreSQL for the cloud-native era.” Rather than building a proprietary database, Supabase wraps standard PostgreSQL with developer-friendly tooling:
- PostgreSQL Core: Full, isolated instance per project
- PostgREST: Auto-generated RESTful API from schema
- GoTrue (Supabase Auth): JWT-based authentication
- Realtime: Elixir-based WebSocket server for CDC
- Supavisor: Elixir-based connection pooler for serverless
- Edge Functions: Deno-based serverless compute
The Architecture
┌─────────────────┐ ┌──────────────┐ ┌─────────────┐
│ Client Apps │────▶│ PostgREST │────▶│ PostgreSQL │
│ (Web/Mobile) │ │ (REST) │ │ (with RLS) │
└─────────────────┘ └──────────────┘ └─────────────┘
│ │ │
▼ ▼ ▼
┌─────────────────┐ ┌──────────────┐ ┌─────────────┐
│ Supabase │ │ Realtime │ │ WAL │
│ Auth │ │ (WebSocket) │◀────│ (Replication)│
└─────────────────┘ └──────────────┘ └─────────────┘
Key Features
Row Level Security (RLS)
Supabase’s security model pushes authorization into the database:
-- Enable RLS
ALTER TABLE profiles ENABLE ROW LEVEL SECURITY;
-- Policy: Users can only see their own profile
CREATE POLICY "User can see own profile"
ON profiles
FOR SELECT
USING (auth.uid() = id);
-- Policy: Users can update their own profile
CREATE POLICY "User can update own profile"
ON profiles
FOR UPDATE
USING (auth.uid() = id);
When a client queries via the REST API, Supabase:
- Validates the JWT from the request
- Sets the
auth.uid()session variable - Applies RLS policies before returning data
Auto-Generated REST API
PostgREST introspects the PostgreSQL schema and generates a RESTful API:
# Automatic endpoints from schema
GET /todos # List all todos
GET /todos?id=eq.1 # Filter by id
POST /todos # Create todo
PATCH /todos?id=eq.1 # Update todo
DELETE /todos?id=eq.1 # Delete todo
# Resource embedding (joins)
GET /todos?select=*,users(*)
Supavisor Connection Pooling
Serverless functions create connection storms. Supavisor solves this:
| Mode | Description | Use Case |
|---|---|---|
| Transaction Mode | Lease connection per query | Serverless, HTTP APIs |
| Session Mode | Dedicated connection per client | Prepared statements, temp tables |
Deprecation Note: Session Mode on port 6543 deprecated February 28, 2025.
Realtime Data Synchronization
Three modes of real-time communication:
| Mode | Throughput | Latency | Use Case |
|---|---|---|---|
| Broadcast | 224K msg/sec | 6ms median | Cursors, ephemeral events |
| Presence | High | Low | User status, typing indicators |
| Postgres Changes | ~64 changes/sec | Higher | Chat, notifications |
Vector Search (pgvector)
Supabase integrates pgvector for AI applications:
Index Options:
- HNSW: High recall, fast queries, more memory
- IVFFlat: Faster builds, lower recall
Hybrid Search: Combine keyword (BM25) + semantic (vector):
SELECT title, content,
ts_rank(textsearch, query) AS rank_text,
embedding <=> '[0.1, 0.5, ...]' AS distance_vector
FROM documents,
to_tsquery('english', 'search query') query
WHERE textsearch @@ query
ORDER BY rank_text + distance_vector DESC
LIMIT 10;
Supabase vs Competitors
Supabase vs Firebase
| Feature | Supabase | Firebase |
|---|---|---|
| Database | PostgreSQL (relational) | Firestore (NoSQL) |
| SQL Support | Full SQL | No (NoSQL query syntax) |
| Portability | Standard Postgres dump | Proprietary |
| Realtime | Via WAL replication | Native listeners |
| Pricing | Generous free tier | Usage-based scales quickly |
Supabase vs Neon
| Feature | Supabase | Neon |
|---|---|---|
| Focus | Complete BaaS platform | Database-only |
| Branching | Manual database clones | Instant metadata branching |
| Scale-to-Zero | No (7-day pause on free) | Yes (5-min timeout) |
| Auth/Realtime | Built-in | Via integrations |
Supabase vs Appwrite
| Feature | Supabase | Appwrite |
|---|---|---|
| Database | PostgreSQL | MongoDB/MySQL/PostgreSQL |
| Runtime | Deno (Edge) | Docker containers |
| Storage | S3-compatible | Built-in object storage |
| Mobile SDKs | Official (iOS, Android, Flutter) | Official |
Edge Functions (Deno)
Supabase Edge Functions use the Deno runtime:
// Supabase Function
import { serve } from "https://deno.land/std@0.168.0/http/server.ts";
serve(async (req) => {
const data = await req.json();
return new Response(JSON.stringify(data), {
headers: { "Content-Type": "application/json" }
});
});
Limits:
- Memory: 256MB
- CPU Time: 2 seconds soft limit
- Wall-clock: 400 seconds (paid plans)
Note: Deploying Supabase Edge Functions via Vercel is officially unsupported. Deploy directly to Supabase platform.
Client SDKs
| Platform | Status | Notes |
|---|---|---|
| Web (JS/TS) | Official | SSR support via @supabase/ssr |
| iOS (Swift) | Official | Native concurrency, SwiftUI optimized |
| Flutter (Dart) | Official | First-class support, deep linking |
| Android (Kotlin) | Community | supabase-kt (KMP support) |
| Python | Official (Beta) | Growing for data science |
Server-Side Rendering
The @supabase/ssr package manages authentication cookies:
import { createServerClient } from '@supabase/ssr'
export async function createClient() {
return createServerClient(
process.env.NEXT_PUBLIC_SUPABASE_URL!,
process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
{
cookies: {
getAll() { return cookies().getAll() },
setAll(cookiesToSet) {
cookiesToSet.forEach(({ name, value, options }) =>
cookies().set(name, value, options)
)
}
}
}
)
}
ORM Support
| ORM | Integration | Notes |
|---|---|---|
| Drizzle | First-class | Preferred for Supabase ecosystem |
| Prisma | Supported | Configure for Supavisor pooler |
| Sequelize | Supported | Considered legacy |
Pricing Structure
| Tier | Monthly Cost | Database | MAU | Storage | Log Retention |
|---|---|---|---|---|---|
| Free | $0 | 500 MB | 50K | 1 GB | 1 day |
| Pro | $25 | 8 GB | 100K | 100 GB | 7 days |
| Team | $599 | Dedicated | 100K+ | 100 GB+ | 28 days |
Free Tier Caveat: Projects pause after 1 week of inactivity.
Hidden Costs:
- Compute upgrade: Micro to Large = +$110/month
- IPv4 address: $4/month
- High IOPS disks: io2 storage adds cost
Operational Limits
| Limit | Value |
|---|---|
| Disk IO Baseline | ~87 Mbps (Micro), 500 IOPS |
| Burst Duration | ~30 minutes before throttle |
| Auth Rate Limit | 360 requests/hour per IP (verify endpoint) |
| Max rows returned | 1000 (default), configurable |
Use Cases: Best For
- SaaS Applications: Multi-tenant with RLS isolation
- Next.js Apps: First-class SSR support
- AI Applications: pgvector + relational data in one DB
- Rapid Prototyping: Auto-generated API accelerates development
- Open Source Preference: Data exportable as standard Postgres dump
Use Cases: Avoid For
- Massive Analytics: Use ClickHouse or dedicated OLAP
- High-Frequency Firehose: Postgres Changes limited to ~64 changes/sec
- Teams Needing Firebase Sync: Different real-time model
FAQ
Is Supabase free?
Supabase offers a free tier with 500MB database, 50K MAU, and 1GB storage. Projects pause after 7 days of inactivity. The Pro tier starts at $25/month.
Can I use Supabase with Vercel?
Yes, Supabase integrates well with Vercel. Use @supabase/ssr for server-side rendering in Next.js. However, Supabase Edge Functions must be deployed to Supabase, not Vercel.
Does Supabase support PostgreSQL?
Supabase is built entirely on PostgreSQL. You get a full, isolated PostgreSQL instance with access to all features: extensions, functions, triggers, and standard SQL.
What is the difference between Supabase and Neon?
Supabase is a full BaaS platform (database + auth + realtime + storage). Neon is a database-only service with serverless features like branching and scale-to-zero. Supabase uses Neon-like architecture for some offerings.
Does Supabase support vector search?
Yes, Supabase includes pgvector support. Create HNSW or IVFFlat indexes for vector similarity search. Supabase also provides an Index Advisor AI tool for optimization.
Related Technologies: PostgreSQL, Neon, Firebase, Appwrite, Prisma, Drizzle ORM, Next.js