To connect Supabase to Vercel, install the official Supabase integration from the Vercel Marketplace. The integration automatically syncs your Supabase project's environment variables (URL, anon key, service role key) to your Vercel project. For Next.js apps, install @supabase/ssr and create a client that reads from the synced environment variables. The integration handles variable updates when you rotate keys.
Connecting Supabase to Vercel for Seamless Deployment
Supabase and Vercel have an official integration that connects your Supabase project to your Vercel project in a few clicks. The integration automatically populates all required environment variables in Vercel so you do not have to copy and paste keys manually. This tutorial walks you through installing the integration, configuring your Next.js app to use the synced variables, and setting up auth redirect URLs for your Vercel deployment domain.
Prerequisites
- A Supabase project (free or paid plan)
- A Vercel account with a deployed project (or ready to deploy)
- A Next.js app in a GitHub repository connected to Vercel
- Node.js 18+ and npm or pnpm installed locally
Step-by-step guide
Install the Supabase integration from Vercel Marketplace
Install the Supabase integration from Vercel Marketplace
Go to the Vercel Dashboard, click on your project, then navigate to Settings > Integrations. Click Browse Marketplace and search for Supabase. Click Add Integration and authorize Vercel to access your Supabase account. Select the Vercel project you want to connect and the Supabase project to link it to. The integration will automatically create environment variables in your Vercel project for SUPABASE_URL, NEXT_PUBLIC_SUPABASE_URL, SUPABASE_ANON_KEY, NEXT_PUBLIC_SUPABASE_ANON_KEY, SUPABASE_SERVICE_ROLE_KEY, and SUPABASE_JWT_SECRET.
Expected result: Supabase environment variables appear in your Vercel project's Settings > Environment Variables.
Install the Supabase packages in your Next.js project
Install the Supabase packages in your Next.js project
The @supabase/ssr package is the recommended way to use Supabase with Next.js. It handles cookie-based session management for both server and client components. Install it alongside the core @supabase/supabase-js package. If you are using the Pages Router instead of the App Router, you can use @supabase/supabase-js directly, but @supabase/ssr is recommended for all new projects.
1npm install @supabase/supabase-js @supabase/ssrExpected result: @supabase/supabase-js and @supabase/ssr are added to your package.json dependencies.
Create the Supabase client utilities
Create the Supabase client utilities
Create utility files that initialize Supabase clients for different contexts: a browser client for client components and a server client for server components, API routes, and middleware. Both read the SUPABASE_URL and SUPABASE_ANON_KEY from the environment variables that the Vercel integration synced. The server client uses cookies to manage sessions, which is essential for SSR and server-side auth checks.
1// src/lib/supabase/client.ts2import { createBrowserClient } from '@supabase/ssr'34export function createClient() {5 return createBrowserClient(6 process.env.NEXT_PUBLIC_SUPABASE_URL!,7 process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!8 )9}1011// src/lib/supabase/server.ts12import { createServerClient } from '@supabase/ssr'13import { cookies } from 'next/headers'1415export async function createClient() {16 const cookieStore = await cookies()1718 return createServerClient(19 process.env.NEXT_PUBLIC_SUPABASE_URL!,20 process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,21 {22 cookies: {23 getAll() {24 return cookieStore.getAll()25 },26 setAll(cookiesToSet) {27 cookiesToSet.forEach(({ name, value, options }) =>28 cookieStore.set(name, value, options)29 )30 },31 },32 }33 )34}Expected result: Two utility files exist: one for browser clients and one for server clients, both reading from Vercel's synced environment variables.
Create middleware for session refresh
Create middleware for session refresh
Next.js middleware runs on every request before the page loads. Create a middleware that refreshes the Supabase session cookie on each request. This prevents sessions from expiring while the user is actively using the app. The middleware reads the current session from cookies, refreshes it if needed, and writes the updated cookies back to the response.
1// src/middleware.ts2import { createServerClient } from '@supabase/ssr'3import { NextResponse, type NextRequest } from 'next/server'45export async function middleware(request: NextRequest) {6 let supabaseResponse = NextResponse.next({ request })78 const supabase = createServerClient(9 process.env.NEXT_PUBLIC_SUPABASE_URL!,10 process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,11 {12 cookies: {13 getAll() {14 return request.cookies.getAll()15 },16 setAll(cookiesToSet) {17 cookiesToSet.forEach(({ name, value }) =>18 request.cookies.set(name, value)19 )20 supabaseResponse = NextResponse.next({ request })21 cookiesToSet.forEach(({ name, value, options }) =>22 supabaseResponse.cookies.set(name, value, options)23 )24 },25 },26 }27 )2829 await supabase.auth.getUser()30 return supabaseResponse31}3233export const config = {34 matcher: ['/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)'],35}Expected result: The middleware refreshes the Supabase session on every request, keeping authenticated users logged in.
Configure auth redirect URLs in Supabase Dashboard
Configure auth redirect URLs in Supabase Dashboard
For OAuth and magic link login to work on your Vercel deployment, you need to add your Vercel domain to the Supabase allowed redirect URLs. Go to the Supabase Dashboard > Authentication > URL Configuration. Add your Vercel production domain (e.g., https://your-app.vercel.app) to the Redirect URLs list. Also add any preview deployment patterns using wildcards. This tells Supabase which URLs are safe to redirect users back to after authentication.
1# Add these to Supabase Dashboard > Authentication > URL Configuration > Redirect URLs:23# Production domain4https://your-app.vercel.app/**56# Vercel preview deployments (wildcard)7https://*-your-team.vercel.app/**89# Custom domain (if configured)10https://your-domain.com/**1112# Local development13http://localhost:3000/**Expected result: Auth redirects work correctly on your Vercel production domain, preview deployments, and local development.
Complete working example
1// src/lib/supabase/server.ts2// Server-side Supabase client for Next.js on Vercel3// Uses environment variables synced by the Supabase Vercel integration45import { createServerClient } from '@supabase/ssr'6import { cookies } from 'next/headers'78export async function createClient() {9 const cookieStore = await cookies()1011 return createServerClient(12 process.env.NEXT_PUBLIC_SUPABASE_URL!,13 process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,14 {15 cookies: {16 getAll() {17 return cookieStore.getAll()18 },19 setAll(cookiesToSet) {20 try {21 cookiesToSet.forEach(({ name, value, options }) =>22 cookieStore.set(name, value, options)23 )24 } catch {25 // setAll can fail in Server Components26 // This is fine if middleware is refreshing sessions27 }28 },29 },30 }31 )32}3334// Example usage in a Server Component:35// import { createClient } from '@/lib/supabase/server'36//37// export default async function Page() {38// const supabase = await createClient()39// const { data: { user } } = await supabase.auth.getUser()40//41// if (!user) {42// redirect('/login')43// }44//45// const { data: todos } = await supabase46// .from('todos')47// .select('*')48// .order('created_at', { ascending: false })49//50// return <TodoList todos={todos} />51// }Common mistakes when connecting Supabase to Vercel
Why it's a problem: Manually copying Supabase keys to Vercel instead of using the official integration
How to avoid: Use the Supabase Vercel integration from the marketplace. It auto-syncs variables and updates them when keys are rotated, preventing stale credentials.
Why it's a problem: Using getSession() instead of getUser() for server-side authentication checks
How to avoid: Always use getUser() on the server side. It makes an API request to verify the JWT. getSession() reads from cookies without verification and should not be trusted for authorization.
Why it's a problem: Forgetting to add Vercel preview deployment URLs to the Supabase redirect allowlist
How to avoid: Add https://*-your-team.vercel.app/** as a wildcard redirect URL in Supabase Dashboard > Authentication > URL Configuration.
Why it's a problem: Not creating middleware to refresh sessions, causing users to be logged out unexpectedly
How to avoid: Create a Next.js middleware that calls supabase.auth.getUser() on every request. This refreshes expired tokens and keeps sessions alive.
Best practices
- Use the official Supabase Vercel integration instead of manually copying environment variables
- Always use @supabase/ssr for Next.js projects to get proper cookie-based session handling
- Create separate client utilities for browser and server contexts
- Add middleware to refresh sessions on every request
- Add wildcard redirect URLs for Vercel preview deployments
- Use NEXT_PUBLIC_ prefix for client-accessible variables and keep SUPABASE_SERVICE_ROLE_KEY server-only
- Test authentication flows on Vercel preview deployments before merging to production
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
I have a Next.js App Router project deployed on Vercel and I want to connect it to my Supabase project. Walk me through installing the Supabase Vercel integration, creating browser and server client utilities with @supabase/ssr, setting up session middleware, and configuring auth redirect URLs.
Set up a Next.js project with Supabase using the @supabase/ssr package. Create a browser client in src/lib/supabase/client.ts, a server client in src/lib/supabase/server.ts, and middleware in src/middleware.ts that refreshes sessions. Use NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_ANON_KEY environment variables.
Frequently asked questions
What environment variables does the Supabase Vercel integration create?
The integration creates NEXT_PUBLIC_SUPABASE_URL, NEXT_PUBLIC_SUPABASE_ANON_KEY, SUPABASE_URL, SUPABASE_ANON_KEY, SUPABASE_SERVICE_ROLE_KEY, and SUPABASE_JWT_SECRET. Variables with NEXT_PUBLIC_ prefix are accessible in browser code.
Do I need to redeploy after the integration syncs variables?
Yes. Environment variable changes only take effect on the next deployment. Trigger a new deployment in Vercel after the integration syncs your Supabase variables.
Can I use the Supabase Vercel integration with a Vite or V0 project?
The integration works at the Vercel level regardless of framework. For Vite projects, you will need to rename the variables to use the VITE_ prefix in your code since Vite requires that prefix for client-side variables.
How do I handle auth redirects on Vercel preview deployments?
Add a wildcard redirect URL pattern like https://*-your-team.vercel.app/** in Supabase Dashboard > Authentication > URL Configuration. This covers all preview deployment URLs.
What is the difference between @supabase/ssr and @supabase/supabase-js?
@supabase/supabase-js is the core client library. @supabase/ssr adds cookie-based session management for server-side rendering frameworks like Next.js. Use @supabase/ssr for any SSR framework and @supabase/supabase-js for client-only apps.
Can I connect multiple Supabase projects to one Vercel project?
The integration connects one Supabase project per Vercel project. To use multiple Supabase projects, manually add environment variables with custom names for the additional projects.
Can RapidDev help configure Supabase with Vercel for production?
Yes. RapidDev can set up the integration, configure proper auth redirect URLs for all environments, implement session middleware, and ensure your Supabase and Vercel project settings are optimized for production workloads.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation