Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

Can someone smarter than me explain public vs private buckets?
~~I have a public bucket called `prof-pics` and each folder is the user's `uuid`
I have RLS rules that:
Insert/update/delete if the uuid matches the folder name
Select if authorized

If I use the method `getPublicUrl` I get a URL for the file, but I don't see a token or anything, so how can supabase auth the caller?
If I go to the dashboard and click "Copy URL" I can view this anywhere. Is the token in the URL a super auth token?
And what's the diff between public and private?

Public buckets are for assets and things were anyone can look at them? Does that mean that RLS don't work with public buckets?~~

Public buckets: Allow everyone `SELECT` access but RLS for everything else.
Private buckets: RLS for everything.

Public buckets have a public URL that allows everyone access.  They still enforce RLS on a storage download with path.

Thread was archived by <@160241004899860490>. Anyone can send a message to unarchive it.