Supabase (YC S20) raises $80M Series B

supabase ceo here.<p>I want to give a big shout-out to the HN crowd. You have been instrumental in our growth - both from a traction perspective, but even more so for product development.<p>From our initial launch 2 years ago[0], where everyone told us we need auth, to our Auth[1], Storage[2], Functions[3], and GraphQL[4] launches. You are always giving great (and usually tough!) feedback which helps guide the team and product direction.<p>I will be around briefly to answer questions, then back tomorrow to cover anything unanswered (it&#x27;s very late where I am!)<p>[0] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=23319901" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=23319901</a><p>[1] Auth: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=24072051" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=24072051</a><p>[2] Storage: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=26635184" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=26635184</a><p>[3] Functions: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=30868849" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=30868849</a><p>[4] GraphQL: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=30846006" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=30846006</a>

Congratulations, it is well deserved! I have been using SB for the past couple months and its great! In my experience what they excel at is picking really good components (Postgres, PostgREST, Elixir, Kong, Gotrue, Logflare etc) and packaging them with little overhead into something that is much greater than the sum of its parts.<p>There are issues of course (slow dashboard, some inconsistencies in auth, shaky self-hosting story, a little bloated JS client libs) but in general they have a solid offering that is only getting better.<p>I can&#x27;t stress enough how there is really nothing quite like it out there at the moment. I get that HN crowd is always very skeptical esp with the somewhat airy opensource&#x2F;self-hosting story that seems a little deprioritized to handle the (probably insane) growth. The escape hatches might be a bit rusty a bit at the moment but compare that with Firebase and its a little inconvenient in SB vs a prison in FB.<p>I am quite optimistic about Supabase and I wish the team the best of success.

I like the approach Supabase takes in being a light abstraction over Postgres and using OSS.<p>Even in light of the following critiques, I feel like its one of the simplest ways for an <i>experienced</i> developer to start a new project, and it&#x27;s now my go to over spinning up a database, Firebase, ORMs, and other database abstractions.<p>My main critiques are:<p>- As others have said, default security is way too permissive. They should lock everything down by default. At some point, this is going to cause major problems for some company that decides to build off Supabase.<p>- Although they have row-level security, RBAC is completely missing. It&#x27;s not hard to implement yourself through stored procedures and triggers (they have an example repo to copy from), but I don&#x27;t see a lot of junior devs doing this.<p>- Stored procedures are more likely to be utilized in the Supabase paradigm, but I haven&#x27;t felt like they have done much to address the inherent weakness and common critiques of using sprocs instead of application level functions.<p>- Escape hatches are missing in their fork of GoTrue (why did they fork it in the first place - now there are two competing versions?). It&#x27;s still not clear to me how to add data to the JWT or get access to the JWT through their SDK.<p>- Slow dashboard with rendering problems. It doesn&#x27;t render correctly on my Fedora laptop. And the slow speed becomes pretty annoying almost right away.<p>- I have experienced data loss when using their SQL editor. So now I copy all the SQL I write to a local file or just do everything through DBeaver.<p>- Lack of backups on the free tier. They should give this away for free up to a storage limit. Backups are a critical part of development and I don&#x27;t have full trust in Supabase given that I&#x27;ve already experienced data loss through their UI.<p>- Misleading marketing. They make implicit claims all over the place on what they offer but then have disclaimers on their code bases about certain features not being production ready.<p>They clearly have work ahead of them, but I&#x27;m optimistic about the potential for Supabase and I look forward to the improvements!

Congratulations to all!<p>Have used Supabase in several applications; it&#x27;s an amazing product. And what I&#x27;m the most grateful about it is that I came to it as a self-taught front end dev, and it taught me the beauty and power of the relational database itself. Trends and technologies will come and go, but the heart of a software project, as I understood it, will usually lie in its data model. I was intimidated by it, and then, after Supabase, I was not.<p>Now, I&#x27;m especially hyped on on the realtime capabilities showcased in multiplayer.dev: in a recent project we had to implement a chat service quite quickly, an although through supabase we already had an elixir server set up and working, it still revolves around postgres replication, which didn&#x27;t really felt right and did imposed some limitations. This led us to use Centrifugal, a oss go microservice, which has worked great... but it felt a bit like a missed opportunity. I didn&#x27;t found any Elixir based rt-as-a-service product, and it looks like you guys are in a great position to tackle that space. So there&#x27;s that.<p>Anyways, good luck and thanks again for your hard work!!

Amazing product! Started to explore it just a few days ago, as it seems very popular among the Indiehackers community. Got a few nice-to-haves that I&#x27;m sure you&#x27;re already working on :-)<p>1) Auth tokens currently use symmetric signatures, which makes them less useful for zero-latency verification in runtimes like Cloudflare Workers, and also less interchangeable with other auth systems (although it is possible to interchange still by implementing a token minting endpoint ourselves, but that&#x27;s extra effort and latency). This would also be really useful for integrations with Firebase Auth, which is ironically needed for interoperability with other Firebase products not yet in Supabase :-) It would be great if you switched to standard RS256 + .well-known OIDC endpoints..<p>2) Recently added built-in database-driven GraphQL module is ingenious, but would benefit greatly from Realtime capability (and I know that&#x27;s hard!)<p>3) It&#x27;s a bit unclear what the multi-zonal or multi-regional (!) story is for Postgres. This would be very useful not just for HA, but for globally-distributed (reduced latency!) scenarios, like the ones addressed by Fly.io Postgres, for example. I know, global ACID is hard and expensive, but if we could get closer to that (for example, similarly to Fly.io), that would be amazing! Right now, it&#x27;s not clear what the latency story is for users accessing Supabase from half-across the world. If you could document that at least a bit (incl. which region(s) Supabase is deployed in so we could place our backends closer to those), that would be awesome!<p>Thanks so much, this is such an amazing and unique (!) product that really fills the void left over by Firebase, particularly due to the lack of major progress on Firestore in recent years.

For people who have some experience in this, what&#x27;s the best less-code backends? Hasura? Supabase? Prisma? Thin?

I just started using Supabase on a small side project and am very impressed; the ease of setting up realtime was amazing. However, the dashboard is so slow. Every action that has a server request results in a spinner, even if it could be instant, like creating an empty unnamed sql query.

Supabase is featured in the latest episode of the IEEE SE-Radio podcast: <a href="https:&#x2F;&#x2F;www.se-radio.net&#x2F;2022&#x2F;05&#x2F;episode-511-ant-wilson-on-supabase-postgres-as-a-service&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.se-radio.net&#x2F;2022&#x2F;05&#x2F;episode-511-ant-wilson-on-s...</a>

My main critique after trying Google Firestore was: (1) Lack of typed schemas with declarative definitions (2) Read&#x2F;write permissions and write validation was extremely complex<p>From quick glance at the docs, it looks like they make progress towards the first but not sure about the latter: <a href="https:&#x2F;&#x2F;supabase.com&#x2F;docs&#x2F;guides&#x2F;auth&#x2F;row-level-security" rel="nofollow">https:&#x2F;&#x2F;supabase.com&#x2F;docs&#x2F;guides&#x2F;auth&#x2F;row-level-security</a>

&gt; The service can’t, of course, match Firebase on a feature-by-feature basis, but it offers many of the core features that developers would need to get started, including a database, storage and authentication service, as well as the recently launched Supabase Edge Functions, a serverless functions-as-a-service offering.<p>Some glowing reviews there... lol

one of these will finally stick, and more people will be able to build apps

How exactly does the scaling work. Anyone remember Meteor? I wasted months of my life struggling with it, it scaled horribly.

The innovation in managed devops is pretty incredible! Had a question for the Supabase team regarding authorization and PostgREST.<p>Let&#x27;s say I have Customer 1 who owns Document 2, 3. Document will have a foreign key pointing to Customer. How do I ensure that Customer 1 can&#x27;t access Document 1?

Huge congrats to you guys! Have really enjoyed using Supabase with both React and Vue, especially how well things are documented (especially so early on in your product’s maturity.<p>I think the sentiment has been shared here by others, but I think authentication and authorization are going to be your biggest hurdles, yet biggest revenue drivers in the future (e,g., enterprises, startups, etc).<p>I’d honestly love to see you guys come up with a novel OIDC solution, maybe even using Keycloak as the model&#x2F;goal (which also follows the trend of Supabase innovating on existing tech).<p>Excited to see where you all go from here and the sky is the limit!

Congrats on the raise and success to date!<p>When you first launched I recall seeing an advertisement for CEO position at Supabase which I thought was surprising for such an early stage startup. It looks like that never eventuated which I am pleased to see. I am curious about the backstory behind seeking an external CEO and then concluding not to?

Supabase seems cool. Is there something like it if I want to run Rust code as edge functions?

If you&#x27;re looking for something like superbase but with a more end-to-end typesafety approach + optimistic updates, check out Thin Backend <a href="https:&#x2F;&#x2F;thin.dev&#x2F;" rel="nofollow">https:&#x2F;&#x2F;thin.dev&#x2F;</a> It takes a bit more of a higher level approach to database operations than superbase, which allows us to do things like optimistic updates that are hard to do in other tools.

Is there any no-code or low-code application to create a User Interface over Supabase?

Congrats supabase team!! So proud :)

Off-topic (and hope the conversation doesn&#x27;t digress too much): when is it ok for someone to monetize an open source project and when is it not?<p>I&#x27;ve read over the years how people get super upset at Amazon for taking an open source project, (sometimes) adding some code to it and then host and monetize it. The argument being that Amazon is monetizing on the backs of countless open source developers. Hence why the Common Clause has been added to a number of open source projects to prevent this from happening.<p>Supabase seems to be loved by HN (haven&#x27;t tried it yet but looks interesting).<p>Isn&#x27;t Supabase just a wrapper around the open source Postgres database (which is BSD licensed)?

when i tried signing up for their hosted offering they subscribed me to a marketing mail list without my consent<p>i deleted my account immediately after receiving a spam e-mail<p>this practice is illegal in EU

Unfortunately this is the wrong team. I have worked on several Postgres full stack applications over the past few years, and I really wanted Supabase to work, the idea sounded great. The JavaScript SDK, the documentation for getting started, and the user interface are all horrible&#x2F;half-baked. Instead of speeding up my development, Supabase lead me to waste hours in confusion. It is easier to roll your own auth and setup your own database than use Supabase unfortunately.<p>For a product whose whole purpose is to enable developers to move faster, the product misses the mark completely. If I were CEO I would shift all resources to fixing the UI and SDK.<p>I would guess out of all the people who have signed up, less than 1% have actually made a “working” frontend.