Complete guide for the Supabase plugin — Management API access for running SQL queries, listing projects, managing edge functions, secrets, migrations, and inspecting project health.
This plugin provides access to the Supabase Management API on the user's behalf, using a stored Personal Access Token (PAT).
Capabilities:
Request the stored Supabase credential. The accessToken field is an opaque placeholder — the sandbox fetch proxy substitutes the real value automatically. Never decode or transform it.
const cred = await API.getCredential('supabase-pat');
if (!cred) {
return 'Supabase credential is not configured. Ask the user to create a Personal Access Token at supabase.com/dashboard/account/tokens, then store it in Settings.';
}
All requests go to https://api.supabase.com/v1/. Always pass the token as a Bearer header:
async function sbGet(path) {
const res = await fetch(`https://api.supabase.com/v1${path}`, {
headers: {
Authorization: `Bearer ${cred.accessToken}`,
'Content-Type': 'application/json',
},
});
if (!res.ok) throw new Error(`Supabase API ${res.status}: ${await res.text()}`);
return res.json();
}
async function sbPost(path, body) {
const res = await fetch(`https://api.supabase.com/v1${path}`, {
method: 'POST',
headers: {
Authorization: `Bearer ${cred.accessToken}`,
'Content-Type': 'application/json',
},
body: JSON.stringify(body),
});
if (!res.ok) throw new Error(`Supabase API ${res.status}: ${await res.text()}`);
return res.json();
}
async function sbPatch(path, body) {
const res = await fetch(`https://api.supabase.com/v1${path}`, {
method: 'PATCH',
headers: {
Authorization: `Bearer ${cred.accessToken}`,
'Content-Type': 'application/json',
},
body: JSON.stringify(body),
});
if (!res.ok) throw new Error(`Supabase API ${res.status}: ${await res.text()}`);
return res.json();
}
async function sbDelete(path) {
const res = await fetch(`https://api.supabase.com/v1${path}`, {
method: 'DELETE',
headers: {
Authorization: `Bearer ${cred.accessToken}`,
'Content-Type': 'application/json',
},
});
if (!res.ok) throw new Error(`Supabase API ${res.status}: ${await res.text()}`);
if (res.status === 204) return null;
return res.json();
}
Most endpoints require a project ref — the unique identifier for a Supabase project (e.g. ypnrbornkuwxlvjkgubi). It appears in the project's dashboard URL: