How to Test Supabase Webhooks

What Supabase Sends in a Webhook

Supabase HTTP hooks send a POST request with a JSON body. Every payload includes a type field indicating the database operation (INSERT, UPDATE, or DELETE), the table name, the full record that was affected, and an old_record for UPDATE and DELETE events. Here is a typical INSERT payload:

{
  "type": "INSERT",
  "table": "orders",
  "record": { "id": 1, "status": "paid", "amount": 2999 },
  "old_record": null,
  "schema": "public"
}

For an UPDATE event, old_record contains the row values before the change, and record contains the new values. For DELETE, record is null and old_record holds the deleted row.

Step 1: Generate Your Requex Endpoint

Open requex.me in your browser. A unique webhook URL is generated immediately — no account required. It looks like:

https://requex.me/hook/a1b2c3d4-e5f6-7890-abcd-ef1234567890

Copy this URL — you will paste it into the Supabase Dashboard in the next step. The Requex page stays open in a browser tab and will update in real time each time Supabase fires a request.

Step 2: Configure Supabase HTTP Hook

In the Supabase Dashboard, navigate to Database → Webhooks and click Create a new hook. Fill in the fields:

1. Name: Give the hook a descriptive name such as orders-test-hook.
2. Table: Select the table you want to observe (e.g. orders).
3. Events: Check the event types you need — INSERT, UPDATE, DELETE, or all three.
4. Type of hook: Choose HTTP Request.
5. HTTP URL: Paste your Requex URL here.
6. Method: Leave as POST (Supabase always sends POST).

Click Confirm to save the hook. It will be active immediately.

Step 3: Trigger a Test Event

You can trigger an event in two ways:

Option A — Table Editor: Go to Table Editor, open your table, and click Insert row. Fill in the required columns and save. Supabase fires the INSERT hook within a second.

Option B — SQL Editor: Run a quick SQL statement directly:

-- Trigger INSERT hook
INSERT INTO orders (status, amount) VALUES ('paid', 2999);

-- Trigger UPDATE hook
UPDATE orders SET status = 'shipped' WHERE id = 1;

-- Trigger DELETE hook
DELETE FROM orders WHERE id = 1;

Switch back to the Requex tab — the incoming request should appear within a second of the SQL executing.

Step 4: Inspect the Payload

In Requex, click the request entry to expand it. You can verify:

• Body: The full JSON payload with type, table, record, and old_record fields.
• Headers: Supabase sets Content-Type: application/json and any custom headers you configured.
• Schema: Confirm it matches your expected schema (usually public).
• Event type: Confirm type is INSERT, UPDATE, or DELETE as expected.

This raw inspection lets you build your backend handler against the real shape of data — not a guess from the docs.

Supabase Webhook Auth

Supabase HTTP hooks support custom headers on the outgoing request. This is how you add authentication so your real production endpoint can verify the request came from Supabase and not an unknown caller.

In the Supabase Webhook editor, scroll down to the HTTP Headers section and add a header:

Authorization: Bearer YOUR_SECRET_TOKEN

In Requex, expand the incoming request and check the Headers tab — you will see the Authorization header with the exact value you set. Once confirmed, implement the same check in your production handler:

// Node.js / Express example
app.post('/api/webhooks/supabase', (req, res) => {
  const token = req.headers['authorization']?.replace('Bearer ', '');
  if (token !== process.env.SUPABASE_WEBHOOK_SECRET) {
    return res.status(401).json({ error: 'Unauthorized' });
  }
  const { type, table, record, old_record } = req.body;
  // Handle the event...
  res.status(200).json({ received: true });
});

Common Supabase Webhook Issues