Building a backend to talk with databases and manage authentication is a typical way of going about building websites or apps, but it doesn't have to be that way.
Building the backend is hard and requires writing a lot of code. Not only do you have to write code to communicate with databases, but you also have to write code to deal with authentication and authorization (and make sure to keep up with the security updates & patches of whatever library you are using) and if you do decide to use OAuth then you have to write even more code to handle different OAuth providers.
In some cases, you also have to write code for storage buckets to handle the user files.
Supabase eliminates the need for the backend completely out of the picture by providing simple-to-use API directly on the front end. No backend, no headache. You can have a backend if you want by choice. Supabase just removes the compulsion of it.
Supabase is an open-source Firestore alternative that uses Postgres (an open-source relational database management system) behind the scenes.
Supabase service allows developers to create a backend with a Postgres Database on the fly. You don't end up writing all the complicated code manually and have everything auto-generated for you.
It doesn't even matter which database they are using since you never have to deal with it directly. You can use simple API in the front end to request and receive data from the server where data is hosted.
Supabase abstracts all the complicated stuff and makes it super easy for you to work with everything that the backend normally has to deal with. With Supabase you can store data in tables, and files in their storage buckets, and have a login and sign-up authentication and authorization setup including OAuth providers (social logins) done easily.
The main concern of people using the Supabase service is getting hacked.
Since no backend also means code in the front end will be exposed to the world. The way Supabase works is that they provide you with a Supabase URL and a key to create a client.
Both of this information can be shared publicly without any problem since by default the Supabase RLS (Row Level Security) Policies are enabled. These policies let you define who can access your data and how much. This includes their ability to read, update, modify, and delete data.
You can deactivate it if you want (which is not recommended).
Keep in mind these are current features. Since the Supabase team is working hard to bring more awesome features to you in the future.
Database: Supabase comes with a Postgres database, with extensions and daily backups. You can define: a) custom functions based on browser calls and b) triggers to handle database changes. You can also leverage Webhooks to send database changes to any external service, build search functionality using Postgres Full Text Search feature, encrypt sensitive data and store secrets using Supabase Vault Postgres extension, and use migrations to develop locally and push your changes to your production database.
Auth: Supabase helps you build email logins, passwordless logins,
social logins, and phone logins. You can control the data each user can access with Postgres RLS (Row Level Security) Policies. You get access to Serverside Auth Helpers for implementing user authentication and use Auth UI Kits to build login and registration pages with custom themes.
Storage: Supabase makes it easy for you to store and serve files. Use resumable uploads to upload large files. Cache those files using the Supabase CDN. And transform images on the fly.
Edge Functions: Supabase allows you to write globally distributed TypeScript functions to execute custom business logic.
Project Management: Manage your projects programmatically & use Supabase CLI for local project development and deployment to the Supabase platform.
That's it :)
Thanks for reading!
Follow me: @wasimapinjari