Supabase database webhooks notify your application about changes to your PostgreSQL database rows. Using Supabase's Realtime and Database Webhooks features, you can trigger workflows on INSERT, UPDATE, and DELETE operations.
Supabase webhooks are HTTP POST requests that Supabase sends to your server when specific events occur in your account. Rather than continuously polling the Supabase API for updates, webhooks deliver real-time notifications the moment something happens — a payment completes, a user signs up, a deployment finishes, or any other tracked event.
Debugging these webhooks can be challenging because they originate from Supabase's servers, not your browser. You can't simply open DevTools to inspect them. That's where WebhookVault comes in — capture every Supabase webhook, inspect the full payload and headers, and replay them to your local development server.
| Event | Description |
|---|---|
| INSERT | Fired when a new row is inserted into a watched table |
| UPDATE | Fired when an existing row is modified in a watched table |
| DELETE | Fired when a row is deleted from a watched table |
| Auth event | Fired on user sign-up, sign-in, or token refresh via Auth hooks |
Follow these steps to start capturing and debugging Supabase webhooks using WebhookVault.
Sign up for a free WebhookVault API key and create an endpoint to capture Supabase webhooks.
curl -X POST https://webhookvault.anethoth.com/api/v1/endpoints \
-H "Authorization: Bearer wv_your_key" \
-H "Content-Type: application/json" \
-d '{"name": "Supabase Webhooks"}'
# Response:
# {"url": "https://webhookvault.anethoth.com/hook/abc123", "inspect_url": "https://webhookvault.anethoth.com/inspect/abc123"}Go to your Supabase Dashboard > Database > Webhooks Click 'Create a new hook' and select the table to watch Choose the events to listen for (INSERT, UPDATE, DELETE) Enter your WebhookVault endpoint URL as the webhook URL and save
Once Supabase sends a webhook, you can inspect every detail through the WebhookVault API or web inspector.
curl https://webhookvault.anethoth.com/api/v1/endpoints/abc123/requests \
-H "Authorization: Bearer wv_your_key"
# Returns all captured Supabase webhook requests with full headers, body, and metadataReplay any captured Supabase webhook to your local development server for testing.
curl -X POST https://webhookvault.anethoth.com/api/v1/endpoints/abc123/requests/1/replay \
-H "Authorization: Bearer wv_your_key" \
-H "Content-Type: application/json" \
-d '{"url": "http://localhost:3000/webhook"}'
# The original Supabase webhook is replayed to your local serverHere is an example of a typical Supabase webhook payload. Use WebhookVault to capture real payloads from your Supabase account for accurate testing.
{
"type": "INSERT",
"table": "orders",
"schema": "public",
"record": {
"id": 42,
"user_id": "uuid-abc-123",
"amount": 99.99,
"status": "pending",
"created_at": "2024-01-15T10:30:00.000000+00:00"
},
"old_record": null
}Here are the most common issues developers encounter when working with Supabase webhooks, and how to resolve them.
Supabase Database Webhooks use pg_net to send HTTP requests. For complex logic, consider using Edge Functions with database triggers.
Supabase Database Webhooks don't include a signature header by default. Add a custom header with a shared secret for verification.
The old_record field is null for INSERT events and contains the previous row data for UPDATE events.
Database webhooks depend on the pg_net extension. If the database is under heavy load, webhook delivery may be delayed.
Supabase webhooks are HTTP callbacks that Supabase sends to your server when specific events occur. Instead of polling the Supabase API for changes, webhooks push real-time notifications to your application, making your integration more efficient and responsive.
Use WebhookVault to capture Supabase webhooks in the cloud, then replay them to your localhost. Create a WebhookVault endpoint, configure Supabase to send webhooks to it, and use the replay API to forward captured requests to http://localhost:3000/webhook (or your local port).
Most webhook providers, including Supabase, sign their webhook payloads to prove authenticity. Check the Supabase documentation for the specific signature header and verification algorithm. Use WebhookVault to capture and inspect the raw headers to debug signature verification issues.
Unlike ngrok, WebhookVault captures and stores every webhook request with full headers and payloads. You can replay any Supabase webhook to your local server as many times as needed, inspect historical requests, and share webhook data with your team. No tunnel to maintain or port to expose.
Create a free WebhookVault endpoint in seconds. Capture, inspect, and replay Supabase webhooks with zero configuration.
Get Free API Key