Today I received a message from Supabase they will remove the use of the Anon Key.
If I check the request made by my project to the supabase /rest/v1 in the Log file, the request are made by the Anon key.
In the WeWeb Supabase Plugin I’ve tried to change the ‘Public Api Key’ to a new ‘Publishable Key’, but this results in a ‘Invalid Supabase Auth configuration.’-error in WeWeb.
How do I have to solve this issue, as the Anon key will be removed 8th of april, it’s quite urgent.
I was going to ask the same question here,
Seems like we have a month or so to make the changes
Is that something to change on the Supabase Plugin on Weweb ?
Thanks !
Same issue for me. Not sure how this will affect the auth process.
Same Issue here
Hey there 
I think we may not be using the anon key in projects where the plugin was configured with the “Connect Supabase” button but I’m not 100% sure. Let me check with the team and get back to you on that one
This does not affect normal Data API usage. Accessing data via
/rest/v1/your_tableor any client library will continue to work exactly as they do today.
Hey there
Quick update on this:
1. No impact on production apps
For WeWeb apps in production using the Supabase plugin(s), there will be no breaking change.
No action is required on your side. The anon key is not used in your production apps.
2. Possible impact inside the WeWeb editor
What might be affected by the Supabase breaking change is your experience inside the WeWeb editor.
Currently, our Supabase plugin(s) use the anon key to fetch your database schema (tables and columns) so you can create collections inside WeWeb. We’ll be updating the plugin to use the service_role key instead.
Depending on how you configured your Supabase plugin(s), you may need to:
Reconnect to Supabase, and/or
Make sure the Service role key is filled in the “Custom” configuration
The team started development on this update. I’ll keep you posted and will share any actions required from your side (if any) 
Super! Love that Weweb is so real time in terms of updating itself with the ever changing tech world around it! @Joyce
I have not been able to work for a full day, because the Plugin doesn’t work.
Loosing progress, and frustration is growing.
Same … very frustrating and the support is not answering
Hey everyone,
The team just released the update.
If you’re not using Guided mode, please make sure to add a Service Role Key to your Supabase plugin settings:
The key is located in your Supabase dashboard:
Hi @Tamara,
Thanks for your answer.
That’s exactly what I’ve been doing all day but it didn’t work. Is it something that has just been fixed ?
Thanks in advance
Hey,
Sorry to hear you’re experiencing this issue.
You should see a popup if there’s an action required (to provide a Service Role Key). Otherwise, it should work directly without any additional steps.
If you’re having trouble accessing data through a collection, or if you’re encountering any other issues, could you please contact our support team so they can take a closer look?
Thanks!
Hi @Tamara,
Now it’s working, thanks
The supabase realtime features are not working in preview mode, but in production it’s working fine…
I already did what’s shown above…. realtime won’t work in preview mode anymore?
Can we create and use a secret key instead of the service role, e.g. sb_secret_… instead of the legacy service_role key? For example, going to Supabase and then Project Settings → API Keys → API Keys tab here → Create new API key?
Hi Tamara, how is it going?
I’m a bit concerned about exposing the service role key like that… Isn’t it a major security risk? Considering the service role key bypasses all RLS it doesn’t look like a great idea.
Hey Javier,
I understand your concern. However, the service role key is only used within the editor to fetch metadata from the Supabase project. It’s never exposed or used in the published app.
Hi Tamara and thanks for the clarification. I received an ethical hacking last week from a cybersecurity team so I’m trying to cover all the possible loopholes.
Does this change also means the `anon` key won’t be exposed anymore as hardcoded in the exported code?
Hey Javier,
The anon key is designed to be public, and it’s included in the exported code, that’s how Supabase works. It’s required to make client-side requests to Supabase from your web app. You can learn more in the Supabase docs about API keys 
Understanding API keys
