Skip to main content
modiva.ai
Sign In
← All docs

Setup guide

Connect Supabase

Dev & InfraOAuthSupabase developer docs ↗

Supabase connects through the Supabase Management API OAuth flow (Authorization Code with PKCE). You authorize Modiva from Supabase's own consent screen and pick the organization to share — Modiva can then run SQL on your project's Postgres database, create and manage projects, deploy and update edge functions, and manage branches, secrets, custom domains and service config, all through one unified API and MCP server. Supabase access tokens are short-lived; Modiva stores a refresh token and renews access automatically so your connection stays healthy without you reconnecting.

Before you start

  • A Supabase account with at least one organization and project.
  • Permission to authorize a third-party OAuth app for that organization.

Step-by-step setup

  1. 1

    Sign in to Modiva

    Log in at modiva.ai and open the Dashboard. You need a Modiva account before you can connect any platform — creating one takes a minute and no credit card is required for the free tier.

  2. 2

    Open Connections → New connection

    In the left sidebar choose Connections, then click New connection. You'll see the full catalogue of platforms grouped by category (Social, Ads, CRM, E-commerce, Marketing, Creative, Productivity, Payments, Dev & Infra and Analytics).

  3. 3

    Select Supabase and authorize

    Click the Supabase card. Modiva redirects you to Supabase's official consent screen — sign in, choose the organization you want to share and approve the requested access. Your password is entered on Supabase, never on Modiva.

  4. 4

    You're connected

    Supabase sends you back to Modiva and the connection appears with a green Connected status. From here it's available to every MCP key and API call in your workspace. Modiva refreshes the short-lived token automatically in the background.

What Modiva can access

Supabase shows the requested access on its consent screen before you approve. The connection is read & write across projects, database, functions, secrets, domains and config — deleting a project or function is irreversible, and the SQL tool executes the statements you send, including writes (it also has a read-only mode). You can revoke access any time from Supabase or by disconnecting in Modiva.

  • Read your organizations and their members
  • Create & manage projects and preview branches (pause, restore, delete)
  • Run SQL queries on your project's Postgres database (read & write)
  • Deploy, update & delete edge functions; manage secrets and API keys
  • Manage custom domains, and read & update Postgres, PostgREST and Auth config
  • Read storage buckets and query project logs

Troubleshooting & FAQ

Does Supabase connect with OAuth or an API key?

With OAuth 2.0 (Authorization Code + PKCE) against the Supabase Management API. You authorize Modiva on Supabase's own consent screen; Modiva only receives a scoped token, which is encrypted at rest with AES-256-GCM. Your password is never entered on Modiva.

Can the SQL tool write to my database?

Yes. The database_query_run tool executes the SQL you (or your agent) send — including INSERT, UPDATE, DELETE and DDL — directly on the connected project's Postgres database. Pass read_only: true to run in a read-only transaction that rejects writes, review statements before running them, and consider connecting a staging project if you only want to experiment.

What can Modiva change on my Supabase account?

The connection is read & write: it can create, pause, restore and delete projects, deploy, update and delete edge functions, manage preview branches, secrets, API keys and custom domains, and update Postgres, PostgREST and Auth configuration. Destructive tools (project and function deletion) are labelled irreversible, and every tool takes an explicit project ref.

Which Supabase projects can Modiva see?

Only projects in the organization you authorize on the consent screen. Every tool takes an explicit project ref, so nothing runs against a project you didn't pick. You can connect more organizations as separate connections.

My Supabase token keeps refreshing — is that a problem?

No. Supabase Management API tokens are short-lived by design. Modiva stores a refresh token and renews access automatically in the background, so you won't be asked to reconnect unless you revoke access in Supabase.

How do I disconnect?

Open Connections, click the Supabase row and choose Disconnect — Modiva deletes the stored token immediately. You can also revoke the authorization from your Supabase organization settings.

Need help with Supabase?

Reach the team any time from our support page, or ask Fin, our AI support agent.