What is the `service_role` in Supabase?

The service_role key is the highest-privileged API key in Supabase, granting full read, write, update, and delete access to all data. It can access all data regardless of Row-Level Security (RLS) settings and should never be exposed on the client (frontend) as it handles sensitive data. Therefore, it must be used only in a server environment (e.g., Next.js API Routes, server APIs, or backend servers).

In particular, when using the service_role key in Next.js, it must be restricted to API Routes or server-side code, ensuring that it is never exposed directly on the frontend.