What is the `anon public key` in Supabase?

Supabase is a cloud-based database service built on PostgreSQL. To access this database externally, an API key is required as an authentication method.

By default, Supabase enforces strict security measures, meaning that all tables are initially protected. Among these, tables that are explicitly allowed for anonymous users (i.e., publicly accessible tables) can be accessed using the anon public key. This key is typically assigned read-only or limited write permissions and can be used directly in the frontend.

Creating a Supabase Client

To interact with Supabase, a client object (supabase) needs to be created, which establishes a connection with the Supabase API and allows data retrieval or storage.

import { createClient } from '@supabase/supabase-js'

const supabaseUrl = 'https://project-url.supabase.co'
const supabaseAnonKey = 'anon-public-key'

const supabase = createClient(supabaseUrl, supabaseAnonKey)

In other words, the supabase object created in this code can only access tables that permit anonymous access via the anon public key. If an attempt is made to access a table without the proper permissions, the request will be denied (error) or return no data.