Custom Domains
Custom domains allow you to present a branded experience to your users. These are available as an add-on for projects on a paid plan.
There are two types of domains supported by Supabase:
- Custom domains, where you use a domain such as
api.example.com
instead of the project's default domain. - Vanity subdomains (experimental), where you can set up a different subdomain on
supabase.co
for your project.
You can choose either a custom domain or vanity subdomain for each project.
Custom domains
Custom domains change the way your project's URLs appear to your users. This is useful when:
- You are using OAuth (Social Login) with Supabase Auth and the project's URL is shown on the OAuth consent screen.
- You are creating APIs for third-party systems, for example, implementing webhooks or external API calls to your project via Edge Functions.
- You are storing URLs in a database or encoding them in QR codes.
Custom domains help you keep your APIs portable for the long term. By using a custom domain you can migrate from one Supabase project to another, or make it easier to version APIs in the future.
Configure a custom domain using the Supabase dashboard
Follow the Custom Domains steps in the General Settings page in the Dashboard to set up a custom domain for your project.
Configure a custom domain using the Supabase CLI
This example assumes your Supabase project is abcdefghijklmnopqrst
with a corresponding API URL abcdefghijklmnopqrst.supabase.co
and configures a custom domain at api.example.com
.
To get started:
- Install the latest version of the Supabase CLI.
- Log in to your Supabase account using the CLI.
- Ensure you have Owner or Admin permissions for the project.
- Get a custom domain from a DNS provider. Currently, only subdomains are supported.
- Use
api.example.com
instead ofexample.com
.
- Use
Add a CNAME record
You need to add a CNAME record to your domain's DNS settings to ensure your custom domain points to the Supabase project.
If your project's default domain is abcdefghijklmnopqrst.supabase.co
you should:
- Create a CNAME record for
api.example.com
that resolves toabcdefghijklmnopqrst.supabase.co.
. - Use a low TTL value to quickly propagate changes in case you make a mistake.
Verify ownership of the domain
Register your domain with Supabase to prove that you own it. You need to download two TXT records and add them to your DNS settings.
In the CLI, run domains create
to register the domain and Supabase and get your verification records:
_10supabase domains create --project-ref abcdefghijklmnopqrst --custom-hostname api.example.com
Two TXT records are returned. For example:
_10[...]_10Required outstanding validation records:_10 _cf-custom-hostname.api.example.com TXT -> 46BBC14D-D50A-409C-8DB5-F862CF5BA660_10 api.example.com TXT -> ca3-F1HvR9i938OgVwpCFwi1jTsbhe1hvT0Ic3efPY3Q
Add the records to your domains' DNS settings. Make sure to trim surrounding whitespace. Use a low TTL value so you can quickly change the records if you make a mistake.
Verify your domain
Make sure you've configured all required DNS settings:
- CNAME for your custom domain pointing to the Supabase project domain.
- TXT record for
_cf-custom-hostname.<domain>
. - TXT record for
<domain>
.
Use the domains reverify
command to begin the verification process of your domain. You may need to run this command a few times because DNS records take a while to propagate.
_10supabase domains reverify --project-ref abcdefghijklmnopqrst
In the background, Supabase will check your DNS records and use Let's Encrypt to issue a SSL certificate for your domain. This process can take up to 30 minutes.
Prepare to activate your domain
Before you activate your domain, prepare your applications and integrations for the domain change:
- The project's Supabase domain remains active.
- You do not need to change the Supabase URL in your applications immediately.
- You can use it interchangeably with the custom domain.
- Supabase Auth will use the custom domain immediately once activated.
- OAuth flows will advertize the custom domain as a callback URL.
- SAML will use the custom domain instead. This means that the
EntityID
of your project has changed, and this may cause SAML with existing identity providers to stop working.
To prevent issues for your users, follow these steps:
- For each of your Supabase OAuth providers:
- In the provider's developer console (not in the Supabase dashboard), find the OAuth application and add the custom domain Supabase Auth callback URL in addition to the Supabase project URL. Example:
https://abcdefghijklmnopqrst.supabase.co/auth/v1/callback
andhttps://api.example.com/auth/v1/callback
- Sign in with Twitter uses cookies bound to the project's domain. Make sure your frontend code uses the custom domain instead of the default project's domain.
- In the provider's developer console (not in the Supabase dashboard), find the OAuth application and add the custom domain Supabase Auth callback URL in addition to the Supabase project URL. Example:
- For each of your SAML identity providers:
- Contact your provider and ask them to update the metadata for the SAML application. They should use
https://api.example.com/auth/v1/...
instead ofhttps://abcdefghijklmnopqrst.supabase.co/auth/v1/callback
. - Once these changes are made, SAML Single Sign-On will likely stop working until the domain is activated. Plan for this ahead of time.
- Contact your provider and ask them to update the metadata for the SAML application. They should use
Activate your domain
Once you've done the necessary preparations to activate the new domain for your project, you can activate it using the domains activate
CLI command.
_10supabase domains activate --project-ref abcdefghijklmnopqrst
When this step completes, Supabase will serve the requests from your new domain. The Supabase project domain continues to work and serve requests so you do not need to rush to change client code URLs.
If you wish to use the new domain in client code, change the URL used in your Supabase client libraries:
_10import { createClient } from '@supabase/supabase-js'_10_10// Use a custom domain as the supabase URL_10const supabase = createClient('https://api.example.com', 'public-anon-key')
Remove a custom domain
Removing a custom domain may cause some issues when using Supabase Auth with OAuth or SAML. You may have to reverse the changes made in the Prepare to activate your domain step above.
To remove an activated custom domain you can use the domains delete
CLI command.
_10supabase domains delete --project-ref abcdefghijklmnopqrst
Vanity subdomains
Vanity subdomains allow you to present a basic branded experience, compared to custom domains. They allow you to host your services at a custom subdomain on Supabase (e.g., my-example-brand.supabase.co
) instead of the default, randomly assigned abcdefghijklmnopqrst.supabase.co
.
To get started:
- Install the latest version of the Supabase CLI.
- Log in to your Supabase account using the CLI.
- Ensure that you have Owner or Admin permissions for the project you'd like to set up a vanity subdomain for.
- Ensure that your organization is on a paid plan (Pro/Team/Enterprise plan) in the Billing page of the Dashboard.
Configure a vanity subdomain
You can configure vanity subdomains via the CLI only.
Let's assume your Supabase project's domain is abcdefghijklmnopqrst.supabase.co
and you wish to configure a vanity subdomain at my-example-brand.supabase.co
.
Check subdomain availability
Use the vanity-subdomains check-availability
command of the CLI to check if your desired subdomain is available for use:
_10supabase vanity-subdomains --project-ref abcdefghijklmnopqrst check-availability --desired-subdomain my-example-brand --experimental
Prepare to activate the subdomain
Before you activate your vanity subdomain, prepare your applications and integrations for the subdomain change:
- The project's Supabase domain remains active and will not go away.
- You do not need to change the Supabase URL in your applications immediately or at once.
- You can use it interchangeably with the custom domain.
- Supabase Auth will use the subdomain immediately once activated.
- OAuth flows will advertize the subdomain as a callback URL.
- SAML will use the subdomain instead. This means that the
EntityID
of your project has changed, and this may cause SAML with existing identity providers to stop working.
To prevent issues for your users, make sure you have gone through these steps:
- Go through all of your Supabase OAuth providers:
- In the provider's developer console (not in the Supabase dashboard!), find the OAuth application and add the subdomain Supabase Auth callback URL in addition to the Supabase project URL. Example:
https://abcdefghijklmnopqrst.supabase.co/auth/v1/callback
andhttps://my-example-brand.supabase.co/auth/v1/callback
- Sign in with Twitter uses cookies bound to the project's domain. In this case make sure your frontend code uses the subdomain instead of the default project's domain.
- In the provider's developer console (not in the Supabase dashboard!), find the OAuth application and add the subdomain Supabase Auth callback URL in addition to the Supabase project URL. Example:
- Go through all of your SAML identity providers:
- You will need to reach out via email to all of your existing identity providers and ask them to update the metadata for the SAML application (your project). Use
https://example-brand.supabase.co/auth/v1/...
instead ofhttps://abcdefghijklmnopqrst.supabase.co/auth/v1/callback
. - Once these changes are made, SAML Single Sign-On will likely stop working until the domain is activated. Plan for this ahead of time.
- You will need to reach out via email to all of your existing identity providers and ask them to update the metadata for the SAML application (your project). Use
Activate a subdomain
Once you've chosen an available subdomain and have done all the necessary preparations for it, you can reconfigure your Supabase project to start using it.
Use the vanity-subdomains activate
command to activate and claim your subdomain:
_10supabase vanity-subdomains --project-ref abcdefghijklmnopqrst activate --desired-subdomain my-example-brand
If you wish to use the new domain in client code, you can set it up like so:
_10import { createClient } from '@supabase/supabase-js'_10_10// Use a custom domain as the supabase URL_10const supabase = createClient('https://my-example-brand.supabase.co', 'public-anon-key')
When using Sign in with Twitter make sure your frontend code is using the subdomain only.
Remove a vanity subdomain
Removing a subdomain may cause some issues when using Supabase Auth with OAuth or SAML. You may have to reverse the changes made in the Prepare to activate the subdomain step above.
Use the vanity-subdomains delete
command of the CLI to remove the subdomain my-example-brand.supabase.co
from your project.
_10supabase vanity-subdomains delete --project-ref abcdefghijklmnopqrst --experimental