Setting Up Supabase with LaunchSaaS

Create a Supabase Project

1. Go to supabase.com and sign in (or create an account).
2. Click New Project.
3. Choose an organization (or create one).
4. Enter a project name (e.g., "myapp-production").
5. Set a database password. Save this somewhere secure — you will need it if you use the Supabase CLI.
6. Choose a region closest to your users. This region should match your Vercel function region for lowest latency.
7. Click Create new project. The project takes about 60 seconds to provision.

Get Your Credentials

Once the project is ready, go to Settings → API. You need three values:

Run Migrations

LaunchSaaS includes all database migration files in supabase/migrations/. You need to run these once to create the tables, functions, and RLS policies.

Option A: Supabase CLI (recommended)

# Install Supabase CLI
npm install -g supabase

# Link to your project
supabase login
supabase link --project-ref your-project-ref

# Run migrations
supabase db push

Your project reference is visible in the Supabase Dashboard URL: supabase.com/dashboard/project/YOUR_PROJECT_REF.

Option B: Supabase Dashboard SQL Editor

In the Supabase Dashboard, go to SQL Editor. Open each migration file from supabase/migrations/ in order (they are numbered by timestamp) and run them. Run them in chronological order — earlier migrations create tables that later ones depend on.

Row Level Security

LaunchSaaS migrations enable RLS on all data tables and create the appropriate policies. You should not need to modify RLS policies unless you are adding new tables.

Verifying RLS is enabled

In the Supabase Dashboard, go to Table Editor. Click on any table (e.g., profiles). In the table details sidebar, you should see "Row Level Security: Enabled." If a table shows RLS disabled, run the migration again or manually enable it:

ALTER TABLE your_table ENABLE ROW LEVEL SECURITY;

Adding RLS to new tables

When you add a new table that should be scoped to a user, add an RLS policy:

-- Enable RLS
ALTER TABLE your_new_table ENABLE ROW LEVEL SECURITY;

-- Allow users to see their own rows
CREATE POLICY "users_own_rows" ON your_new_table
  FOR ALL USING (user_id = auth.uid());

-- For workspace-scoped tables
CREATE POLICY "workspace_access" ON your_new_table
  FOR ALL USING (
    workspace_id IN (
      SELECT workspace_id FROM workspace_members
      WHERE user_id = auth.uid()
    )
  );

Auth Configuration

Site URL and redirect URLs

In Supabase Dashboard → Authentication → URL Configuration:

• Set Site URL to your production domain (e.g., https://myapp.com).
• Add Redirect URLs for: your production domain (https://myapp.com/**), local development (http://localhost:3000/**), and Vercel previews (https://*.vercel.app/**).

Enable email confirmation

Go to Authentication → Settings. Enable "Confirm email" to require users to verify their email before signing in. This reduces fake accounts and improves deliverability.

Enable OAuth providers

Go to Authentication → Providers. Enable the providers you want (Google is pre-wired in LaunchSaaS). Each provider requires an OAuth app created on the provider's platform. Follow the on-screen instructions for each provider.

Frequently Asked Questions

Does LaunchSaaS use Supabase's built-in auth or a custom auth system?

LaunchSaaS uses Supabase Auth exclusively. It does not implement a custom auth system. Authentication is handled by Supabase's managed infrastructure. LaunchSaaS adds application-level logic on top: rate limiting, profile management, and RBAC.

Do I need to run migrations manually or does LaunchSaaS handle database setup automatically?

You need to run migrations once when setting up a new Supabase project. LaunchSaaS includes all migration files in supabase/migrations/. Run them with npx supabase db push (Supabase CLI) or by pasting the SQL files into the Supabase Dashboard SQL Editor.

What is the Supabase service role key used for in LaunchSaaS?

The service role key bypasses Row Level Security and is used exclusively in server-side API routes for administrative operations: creating user records on signup, processing Stripe webhooks, sending team invitations, and admin dashboard queries. It is never exposed to the browser.

Can I use LaunchSaaS with a self-hosted Supabase instance?

Yes. Supabase is open source and can be self-hosted. LaunchSaaS uses standard Supabase client libraries and connects via the project URL and API keys. Set NEXT_PUBLIC_SUPABASE_URL to your self-hosted instance URL and provide the corresponding keys.

How does LaunchSaaS use Supabase Row Level Security?

Every data table in LaunchSaaS has RLS enabled. Policies enforce that users can only access their own data or data within their workspace. The policies use auth.uid() to identify the authenticated user and check workspace_members to verify workspace access — enforced at the PostgreSQL level on every query.

How do I set up email confirmation for new signups in LaunchSaaS?

In Supabase Dashboard → Authentication → Settings → Email, enable "Confirm email." The confirmation email template can be customized under Authentication → Email Templates. If you use Resend for transactional email, configure it under Authentication → SMTP Settings with your Resend SMTP credentials.