Ello guys, so I have a react app, how would I go on about sending requests to supabase without exposing my token, and without having to use a node/python backend server

Hi the Anon key is safe, so it's not a real deal to share it publicly. I would recommand you to create policy on your supabase server to avoid that problem

Is that generally okay to do? Could you go creating actual serverless apps by using the anon key + RLS or is there some danger that's just unlikely?

The only problem it could come is to not create any policy so anyone with an anon key can access to any public data

Right, that makes sense. Neat! Thanks!

I c, but how does it work exactly?, because if I can access data with the key, means that anyone with the key can get the data

You should be able to use the auth stuff to verify users

My point is that at some point am gonna have to use some kind of verification as text in my react code

It is not the password which verify the user. Each user has an id. You just need to create a policy like "if author's id is the same than the logged user's id"

So for every user, I can get the data that is specified to him only

Yep you can

Hmm, I c but as for sorting accounts which include the username and the hashed password how would I be able to implement that, because if I want to add a new element to the DB, I can't really verify anything, which means I need to access the complete table at some point to be able to push anything to it

we are trying to make this more explicit but these are the things you need to make sure when you expose the anon key publicly - make sure all the tables in the public schema has proper RLS policies or in a different schema - disable realtime for sensitive tables https://supabase.io/docs/guides/auth#disable-realtime-for-private-tables

Any ETA on realtime tables getting RLS?