// Advertisement

Automate with Supabase Webhooks: Quickstart Guide

published on 06 December 2023

Most website owners will likely agree:

It's challenging to automate workflows and integrate databases without coding.

With Supabase webhooks, you can easily set up automation flows between your database and other services without writing any code.

In this guide, you'll learn how to create and handle Supabase webhooks to instantly notify external services of database changes. We'll cover payload processing in Node.js, Python, and PHP, plus see examples of automating workflows with Supabase Edge functions.

Introduction to Supabase Webhooks

Webhooks allow you to automate workflows and take actions based on events in your Supabase database. When certain database events occur, like inserts, updates or deletes, Supabase can make an HTTP request to a URL of your choice.

Here are some of the key benefits of using Supabase webhooks:

  • Realtime Integration - Get notified immediately when data changes so you can take action. No need to poll the database.
  • Decoupled Architecture - Separate your business logic from the database. Keep things modular and easier to maintain.
  • Scalability - Handle large volumes of database events efficiently.
  • Reliability - Supabase queues webhook events if destinations are unavailable and retries later.
  • Security - Webhooks include signatures so you can verify they actually came from Supabase servers.

With just a few lines of code you can start receiving webhook events from your Supabase database. This guide will walk through how to:

  • Set up a basic Supabase webhook to log data changes
  • Secure webhooks with signature validation
  • Process webhook data to trigger custom actions

Let's dive in and see just how easy it is to get started with Supabase webhooks!

What is the difference between webhook and Pubsub?

Webhooks and pub/sub are two common patterns used for integrating applications and exchanging data between systems. The key differences are:

Webhooks

  • Direct communication between two applications - the producer makes an HTTP request to a pre-configured endpoint on the consumer side when an event occurs.
  • Tight coupling - the consumer needs to implement the endpoint and handle the data sent via the webhook. The producer needs to know the URL to send data to.
  • Real-time data flow - events trigger webhooks to execute immediately with low latency.
  • Can be complex to implement and debug compared to pub/sub.

Pub/Sub

  • Uses a message broker that decouples the publisher from subscribers. Publishers emit events without knowledge of what systems will consume them.
  • The broker routes event data to subscribers asynchronously using topic/queue paradigms.
  • Adds reliability & buffers against system failures. Messages persist until processed.
  • Subscribers can consume events on their own schedule rather than in real-time.
  • More moving pieces makes pub/sub better suited for enterprise scale vs webhooks.

In summary, webhooks facilitate direct peer-to-peer messaging while pub/sub uses a middleman message broker to asynchronously dispatch events from publishers to subscriber queues. Webhooks emphasize real-time data flow and tight integration, while pub/sub focuses on decoupled architecture and reliable delivery.

What is the difference between API and webhook?

Webhooks and APIs serve different purposes when it comes to automating workflows and processes. While they can work together, understanding the key differences is important:

Webhooks

  • One-way communication triggered by an event
  • Send data from application A to application B when something happens in app A
  • Passive, app B receives updates without having to poll app A
  • Often used to update data, sync records, or trigger actions

For example, Supabase webhooks can notify your app whenever data is inserted, updated, or deleted in a Supabase database table.

APIs

  • Two-way communication between applications
  • App B can request or submit data to App A on demand via API calls
  • Active, app B initiates communication and requests data
  • Robust endpoints to create, read, update, delete data

Supabase provides a RESTful API for CRUD operations on your database tables. You can query data on demand rather than rely on webhook triggers.

So in summary - webhooks automatically push data when something changes, while APIs give you more control to request data as needed. They solve related but distinct needs for integrating applications.

What is webhooks used for?

Webhooks typically are used to connect two different applications. When an event happens on the trigger application, it serializes data about that event and sends it to a webhook URL from the action application—the one you want to do something based on the data from the first application.

For example, Supabase webhooks can automatically send data to external APIs when certain database events occur, like updates or inserts. This allows you to build complex workflows and connect systems without writing much new code.

Some common uses of Supabase webhooks include:

  • Sending push notifications when new data is added
  • Updating analytics dashboards when metrics change
  • Triggering serverless functions to process data
  • Syncing data across applications
  • Automating business processes

With just a few lines of code, Supabase webhooks open up many possibilities for automation and integration. They let you focus on building your application instead of plumbing.

By setting up webhooks to respond to database events, you can create realtime APIs and stream data to external services effortlessly. This saves significant development time and cost.

Overall, Supabase webhooks shine for synchronizing data, connecting disparate systems, and reducing manual processes. If you need to trigger actions outside your database based on data changes, Supabase webhooks are a perfect fit.

How do I create a webhook in a database?

YOU MUST BE A DATABASE ADMINISTRATOR TO CREATE A WEBHOOK FOR A DATABASE.

To create a webhook in your Supabase database:

  • Navigate to your database's settings page and click on the "Webhooks" tab.

  • Click the "Add webhook" button.

  • Add a unique URL for the webhook to send events to. The URL must:

  • Be publicly accessible over the internet

  • Listen for POST requests from Supabase

  • Validate the Supabase request using the signatures header

Here is an example of adding a webhook in Supabase using JavaScript:

const { createClient } = supabase;

const supabase = createClient(url, key);

const webhookUrl = 'https://my-api.com/webhooks'; 

const { error } = await supabase
  .from('users')
  .addWebhook(webhookUrl, {
    headers: { 'Authorization': 'Bearer MY_API_KEY' }, 
    tables: ['users', 'profiles'],
  })

This will send webhook events to webhookUrl whenever data is inserted, updated, or deleted in the users and profiles tables.

Some key things to note about Supabase webhooks:

  • Webhooks are assigned per database, not per table
  • You can filter events to specific tables using the tables option
  • The payload contains details about the database event
  • Requests are signed with the Authorization header for security

Webhooks open up many possibilities like synchronizing data, sending notifications, calling serverless functions, and more. By automating tasks with Supabase webhooks, you can simplify app development tremendously.

sbb-itb-5683811

Setting Up Database Webhooks with Supabase

Supabase webhooks allow you to set up automation that reacts to database changes. For example, you could send an email notification whenever a new user signs up or trigger a serverless function when data is inserted.

This guide will walk through the steps to enable webhooks and configure webhook URLs in a Supabase project.

Enabling Database Webhooks in Supabase

To start using Supabase webhooks, you first need to enable them for your project. Here's how:

  • Log in to your Supabase Dashboard and select the project you want to work with.

  • Click on the "Settings" tab in the sidebar, then scroll down and click "Database" under the Features section.

  • Toggle the "Database Webhooks" switch on. This will enable webhooks at a global level for your Supabase project.

  • Now you can configure individual webhook URLs for specific tables in your database.

Keep in mind, enabling webhooks at the project level doesn't automatically send payloads - you still need to set up URLs per table to start receiving webhook data.

Configuring Webhook URLs

With Supabase webhooks turned on, the next step is setting webhook URLs to receive payload information when database changes occur.

There are a few options for webhook URLs depending on your use case:

  • Send data to an external API endpoint
  • Trigger a Supabase Edge Function
  • Pass payloads to a messaging queue like Kafka
  • Insert to another database table

Here is an example webhook URL to POST data to a Node.js API server listening on port 5000:

http://api.example.com:5000/webhooks

And a webhook URL to trigger a Supabase Edge Function:

https://myproject.supabase.co/rest/v1/functions/myfunction

To configure a webhook URL for a table:

  • In the Supabase Dashboard, open the table view.
  • Click on the "Webhooks" tab.
  • Enter your desired Webhook URL and click "Add Webhook".

Now when a relevant event like an INSERT occurs, your webhook URL will receive a JSON payload with data about the database change. From there, you can process it however you need!

With Supabase webhooks set up, you've opened the doors to all kinds of database automation. Stream table changes to external systems, send notifications, run algorithms, and more. The possibilities are endless!

Handling Payloads with Supabase Realtime

Supabase webhooks allow you to listen for database changes and trigger serverless functions. By processing webhook payloads with Supabase Realtime, you can build highly scalable, real-time apps.

Webhook Handlers in Node.js

Here is example Node.js code for parsing Supabase webhook payload data:

const express = require('express')
const app = express()

app.post('/webhooks', (req, res) => {
  const { data, event } = req.body

  // Handle inserted data
  if (event === 'INSERT') {
    console.log('New row inserted:', data)
    
    // Do something with inserted data
    
  }

  res.status(200).end()
})

This extracts the data and event from the webhook payload. You can then handle the data based on the event type like INSERT, UPDATE, DELETE.

Leveraging Supabase Realtime in Webhook Handlers

By combining webhooks with Realtime subscriptions, you can build real-time apps that sync data instantly:

const { createClient } = require('@supabase/supabase-js')

const supabase = createClient(url, key)

app.post('/webhooks', (req, res) => {

  // Inserted data from webhook 
  const newData = req.body.data 

  supabase
    .from('profiles')
    .on('INSERT', payload => {
      // Data inserted in database
      console.log('New profile:', payload.new)
    })
    .subscribe()

})  

This leverages Realtime to get instant updates when data changes.

Python and PHP: Processing Webhook Payloads

Here is sample code for handling webhooks in Python:

from flask import Flask, request
import json

app = Flask(__name__)

@app.route('/webhooks', methods=['POST'])
def handle_webhook():
    data = request.get_json()
    
    if data['event'] == 'INSERT':
        new_row = data['data']
        print(f"New row: {new_row}")

    return "OK" 

And in PHP:

<?php
$data = json_decode(file_get_contents('php://input'), true);

$event = $data['event'];
$row = $data['data'];

if($event == 'INSERT') {
  echo "New row inserted: " . print_r($row);  
}

http_response_code(200);

This shows parsing the JSON payload and handling different database events.

With the flexibility of Supabase webhooks and Realtime, you can build scalable apps that react to changes instantly across various languages.

Automating with Supabase Edge Functions

Supabase Edge Functions provide a serverless environment to run code in response to database events through webhooks. This guide covers how to create and connect Edge Functions to enable automated workflows triggered by changes in your Supabase database.

Creating and Connecting Supabase Edge Functions

Getting started with Supabase Edge Functions requires just a few steps:

  • Log into your Supabase Dashboard and navigate to the Edge Functions page
  • Click "New Function" and give your function a name
  • Select the database table you want to listen to for changes
  • Choose "Webhook" as the invocation type
  • Pick the events you want to trigger the function (e.g. Insert, Update, Delete)
  • Write the function code in JavaScript to handle the webhook payload

Here is a simple example that logs the payload data whenever a new row is inserted:

export default async (req, res) => {
  console.log(JSON.stringify(req.body, null, 2))  
}
  • Click save and your function will be deployed and listening for the database events you configured!

Now whenever the chosen table changes, your function will execute with the webhook payload containing details like the new record values, updated fields, etc.

Edge Function Examples for Automated Workflows

Supabase Edge Functions open up many possibilities for automation by responding to database changes:

Welcome Emails

Send a customized welcome email whenever a new user signs up:

import sendgrid from '@sendgrid/mail'

sendgrid.setApiKey(process.env.SENDGRID_KEY)

export default async (req, res) => {
  const { email, username } = req.body
  await sendgrid.send({
    to: email,
    from: 'welcome@myapp.com',
    subject: `Welcome ${username}!`,
    text: `Thanks for signing up! Feel free to browse around.`
  })
}  

Data Validation

Validate entries and prevent bad data from entering your tables:

export default async (req, res) => {

  if(!validData(req.body)) {
    res.status(400).json({error: 'Invalid data'})
    return
  }

  // Continue saving valid data
  res.status(200)

}

function validData(data) {
  // custom validation logic
  return true 
}

Third-Party Integrations

Sync data, trigger notifications, update related systems:

import { Client } from 'third-party-api'

const client = new Client()

export default async (req, res) => {
  await client.updateRecord({
    id: req.body.id,
    ...req.body
  })  
}

The options are endless for what you can build by connecting Edge Functions to your Supabase webhook events!

Securing Your Webhooks and Supabase API Integration

Webhooks can be a powerful tool for building automated workflows, but they also introduce security considerations. This section covers best practices for securing your webhook endpoints and payloads when integrating with Supabase.

Ensuring Payload Verification with Signatures

To verify that webhook payloads actually originated from Supabase, you can check the X-Supabase-Signature header that's included with each request. This contains a HMAC hex digest that's calculated from the payload body using your project's secret API key.

Here's an example of how to verify signatures in a Supabase webhook endpoint:

const crypto = require('crypto') 

app.post('/my-webhook', (req, res) => {

  // Extract signature from header
  const signature = req.headers['x-supabase-signature']  

  // Generate hash using API secret
  const hash = crypto.createHmac('sha256', API_SECRET)
                   .update(req.rawBody)
                   .digest('hex')

  // Compare values  
  if (hash === signature) {
    // Signature matches, payload is valid
  } else {
    // Signature invalid, reject request
  }

})

This verifies that the payload has not been tampered with in transit before processing it further. Always validate signatures to prevent malicious requests to your endpoints.

End-to-End Encryption Best Practices

For sensitive data, you may want to encrypt payloads end-to-end so they are opaque to Supabase. This ensures only your app can decrypt the actual content.

Encryption should happen before the payload reaches Supabase, with the decryption key stored securely in your environment. Here is one method:

// Encrypt payload before sending to Supabase
const encryptedData = encrypt(data, ENCRYPTION_KEY) 

supabase.functions.invoke('my-function', {
  data: encryptedData 
})

// Decrypt in function using same key 
const decrypt = (encryptedData) => {
  const decrypted = decrypt(encryptedData, ENCRYPTION_KEY)
  // Process decrypted data
}

This guarantees data remains fully encrypted until your function processes it. Combine encryption with the signature validation above for a fully secured integration.

Following security best practices will ensure your payloads and data remain protected when leveraging Supabase's webhook and automation capabilities. Let me know if you have any other questions!

Debugging Supabase Webhooks: Tips and Tools

Common issues when working with webhooks and how to troubleshoot them.

Utilizing Monitoring and Logging for Webhooks

Webhooks can be tricky to debug when things go wrong. Enabling logging and monitoring is key to catching errors early.

Here are some tips for setting up logging with Supabase webhooks:

  • Enable Realtime subscription logs in your Supabase project to see a detailed trail of all webhook deliveries. This allows you to inspect errors and debug issues.
  • Set up heartbeat monitoring to continually check the health of your webhook endpoint. Services like Healthchecks.io can alert you if your endpoint goes down.
  • Log payload data on arrival to your endpoint. This creates an audit trail you can query to trace problems. For example:
app.post("/webhooks", async (req, res) => {
  const payload = req.body;
  
  // Log payload 
  console.log(payload); 
  
  // Additional logic
  // ...
})
  • Use a structured logging library like Winston or Pino to create readable webhook logs you can filter through later.

Following these best practices helps you react quickly if your supabase webhooks stop functioning as expected.

Inspecting Payloads: Tools and Techniques

When debugging, it's often useful to directly inspect raw payload data coming from supabase webhooks.

Here are some helpful tools:

  • Use a proxy like Beeceptor during development. This captures payloads for inspection before they hit your endpoint.
  • Validate payloads with JSON tools like JSONLint. This checks if the structure is valid.
  • Format the payload into an easy-to-read JSON structure using a tool like jsonformatter.org.
  • Compare payloads against your schema expectations using a JSON schema validator like JSON Schema Lint.
  • Pretty print the payload with code formatting tools like jsbeautifier.org to improve readability.
  • Search and filter payload content using JSON command line tools like jq.

Getting visibility into webhook payloads is crucial for diagnosing issues with your supabase integration. By tapping into these inspection tools, you can simplify debugging workflows.

Innovating with Webhooks: Supabase Use Cases Illustrated

Webhooks allow developers to build automated workflows that react to database changes. With Supabase's realtime database and serverless functions, you can create sophisticated applications that scale.

Here are some use cases that demonstrate innovative ways to leverage Supabase webhooks:

Notify users of new content

When new content is added to your database, use a webhook to call a Supabase function that sends push notifications to your users in realtime.

// Database trigger webhook
const { data } = supabase
  .from('posts')
  .on('INSERT', (payload) => {
    sendPushNotifications(payload)  
  })
  .subscribe()

// Send notifications function  
async function sendPushNotifications(post) {
  await supabase
    .from('users') 
    .update({ hasUnread: true })
} 

Automate data pipelines

Sync your Supabase data to other databases automatically with webhooks. When data changes, webhook to functions that transform and pipe data where you need it.

// New user webhook
supabase
  .from('profiles')
  .on('INSERT', async (payload) => {
    const transformedData = transformProfile(payload)  
    await externalDb.insert(transformedData)
  })
  .subscribe()

Queue resource intensive work

Offload heavy processing from your app and API. Webhook database changes to functions that add jobs to a queue for asynchronous background processing.

// New data webhook  
supabase
  .from('dataset') 
  .on('INSERT', (payload) => {
    addJobToQueue(payload) 
  })
  .subscribe()

// Process queue
async function processQueue() {
  const job = await getNextJob()
  await transformData(job)  
}

With Supabase's instant realtime sync and serverless functions, innovative applications are just a webhook away. What will you build?

Related posts

Read more

Built on Unicorn Platform