Backend & data (e.g. Supabase)
What this layer solves
Most apps need durable data, who is logged in, and sometimes files. You can build that on a BaaS (backend-as-a-service), your own API + DB, or serverless functions talking to a database.
Options
| Option | Best for | Tradeoffs |
|---|---|---|
| Supabase | Postgres + auth + storage + realtime; generous free tier | Vendor-specific APIs; learn RLS for real security |
| Firebase | Mobile-first, NoSQL, Google ecosystem | Different data model than SQL |
| PlanetScale / Neon / RDS | Postgres/MySQL you control + serverless drivers | You wire auth and APIs yourself |
| Turso (libSQL) | Edge-friendly SQLite | Different scaling story than big Postgres |
NK Wiki default: Supabase — Postgres, row-level security, auth UI patterns, works well with Next.js.
Outline: Supabase mental model
- Project = database + API + auth host — create in Supabase dashboard .
- Tables — design with migrations; don’t only use the GUI long-term.
- Auth — email magic link, OAuth providers; understand JWT flows at a high level.
- Row Level Security (RLS) — who can read/write which rows — essential before production.
- Client vs service role keys — never expose service role in the browser.
Official links
- Supabase Docs
- PostgreSQL — underlying SQL reference
When to pick an alternative
- Firebase if you’re all-in on Google and document-style data fits.
- Neon + Drizzle/Prisma if you want maximal control and SQL-first ORM workflows without Supabase’s dashboard features.
Last reviewed: April 2026.
Last updated on