Cloud Functions in Supabase are by default protected by JWT and can be called by anyone. Sometimes you want to restrict these functions to be accessible only from within context of your Supabase project. For example, you might want to send a push notification when new entry is inserted into your database. This can be done quite easily in Firebase/Firestore but for Supabase it's a bit more complicated.
Supabase Service Key
Instead, you can use Supabase Service Key (available in your project settings) to verify that the request has been made by you or your internal Supabase services.
Following example uses simple Deno function which requires a Service Key to run.
You can get this key from environment variables. Fortunately,
is automatically available.
To list all the environment variables available run the following command in your CLI.
Now, assuming that your function is deployed and protected behind Supabase Service Key, you can create a database trigger using Supabase Webhooks.
In Database > Webhooks > Create a new webhook open the following dialog and select your table and event type (insert, update, or delete). In Webhook Configuration then select Supabase Edge Functions and pick your function from the list in Edge Functions.
Finally, select Add a new header and choose Add auth header with service key. Your Service Key will be automatically added to the request as Authorization header which you verify in your function.