The story of when FastAPI met Supabase

Very recently, I tried using FastAPI to create a backend for a social media application. It is really easy to learn FastAPI if you have some or solid knowledge of Python. Trust me or not FastAPI literally stands up to its name, but might cost you a lot of CPU Time if you deploy it on cloud, make sure to limit the application’s requirements if you want to save up on cost, but that’s only for Production but when it comes to fooling around and exploring new horizons it’s fun.

Hold on, I was just on my way to talk about Supabase as well. Supabase is amazing, here you will have to trust me. Firebase is GOAT but Supabase is GREAT(Good for React, Express, API, couldn’t figure out the T). Supabase is Postgres based and provides Auth, Postgres Db, Storage(with S3 Compatibility), Edge Functions and Real Time. You can find out all the API functions to integrate with vast amounts of language support. I have been through a lot of docs that are pretty much there on internet and watched plenty of videos on YouTube for manifesting Supabase as a backend as a service instead of Firebase.

Coming back to my experience, I would like to start with supabase, I have been trying to test it out instead of using for creating Android and iOS apps (Yes, I love developing Mobile apps). I had some trouble initially because I relied too much on ChatGPT, I guess but later figured out my ways of getting it on track. I initially planned to let Android handle my problems and use Supabase or Firebase, but I went ahead and tried the OG Ruby on Rails(Rollercoaster ride it was). I then thought of learning Django but having seen many applications based out of Django, I thought, “why not try FastAPI?”

Answer to that “QUESTION”

FastAPI is a great and super-fast alternative to API based application building frameworks, which comes with ease of learning and lesser documentation than Django or Flask but I believe integration of LLM and Data-driven backends have a huge scope here.

Well, while integrating FastAPI with SUPABASE, I found there are less applications whose backend uses a backend-as-a-service but hey, it can make the development process 10x faster if you are providing custom solutions.

Python is the most important part while integrating Supabase in FastAPI, because FastAPI is based out of Python and you know the math.

I have seen this one problem -> Authentication using Supabase Auth using FastAPI.

Exact Problem: Handling JWT
Details: I deployed the API on Render(Didn’t have proper knowledge of working with JWT Tokens, had experience with sessions only). User A logged in using device A -> successfully signed in. User B logs in using Device B -> successfully logged in. Where’s the problem. As both users are logged in they should be able to perform their operations or use the routes as per their devices, right? That’s where the problem started, User A logged in before User B -> Everything seemed pretty normal and cool, when user B logged that’s when I noticed the problem. User A checked current user on Device A after User B logged in on device B, and the current user returned User B. That’s when I restarted the server and logged in user A from device A and on device B without logging in, I checked the current user and you guessed it right, it returned User A.

What I did to solve the problem and the exact problem

Solution: Use FastAPI Security. I followed some blogs, stack overflow, hashnode, FastAPI and Supabase docs, some examples on Github.

Well, to help you all with a more easier way of understanding the solution is. Supabase was taking care of setting the session for me which was causing the problem, you can go ahead and allow users to register or login users using python docs from supabase but it won’t be of any help if you don’t manifest the data that Supabase returns. Supabase takes care of jwt token generation -> access and refresh, as it is a backend as a service. To be able to use the data is what makes you a genius.

After that I handled the jwt tokens using HTTPBearer as security and used it as a dependency to get the current user. HTTPBearer basically allows you to put the JWT Token in Auth Header(looks like Authorization: Bearer “eYjakdjhashd….. gibberish”) and send the rest of the request and get the responses, that’s it. Supabase is usually preferred to be used directly with frontends but you can make use of it the way I did and supposedly with FlaskAPI too, and many other backends as well.

(Don’t worry the JWT Secret is also available from Secret, it generated the access token, so it must have something to help you decode it, use HS256 to decode it)

I preferred using Eric Roby’s FastAPI guide which will help you resolve most of the queries related to FastAPI, very quick and easy resolutions for everyone.

I must get back to integrating the API in my Android and iOS app, will get back to ya’ once I am done there. Will come back with a much more detailed experience and will try to document the whole process, while there’s more to come on AI and what not. Stay tuned.