Supabase Setup

Before you start this guide: You must have completed 03 — Clone & Setup.

Supabase is your database and user login system. Your customers use it to sign up and log in. All their subscription data, Telegram credentials, and usage records are stored here.

In this guide you will:

Create a free Supabase account
Create a new Supabase project
Create all the database tables the app needs
Enable Google login for your customers
Copy 3 keys into your .env file

Create a Supabase account

1.1 Open your browser and go to: https://supabase.com
1.2 Click "Start your project" (green button, top right).
1.3 Click "Sign up" and create an account using your GitHub account (recommended) or your email.

Using GitHub to sign in is the easiest option. Click "Continue with GitHub", allow the permissions, and you are in.

1.4 After signing in, you will land on the Supabase dashboard. You should see a welcome screen or an empty list of projects.

Tick the checkbox if you completed the step successfully.

Create a new project

2.1 Click the green "New project" button.
2.2 You will be asked to select an organization. Supabase automatically creates one named after your GitHub username. Select it.
2.3 Fill in the project details:

Field	What to enter
Name	`shipclawfastdb` (or any name you like)
Database Password	Click "Generate a password". Copy this password and save it somewhere safe.
Region	Choose the region closest to your customers (e.g. "Europe West" or "US East")

2.4 Click "Create new project".
2.5 Wait. Supabase will take about 1–2 minutes to set up your project. You will see a loading spinner. Do not close the tab.
2.6 When it finishes, you will see your project dashboard. It looks like a dark-themed control panel.

Tick the checkbox if you completed the step successfully.

Create the database tables

Your app needs several database tables to work. You will create all of them by running a single SQL script.

3.1 In the left sidebar, click "SQL Editor" (it looks like a >_ icon).
3.2 Click "New query" (top left of the editor area).
3.3 Open your project folder on your computer and find the file called schema.sql in the root of the project.
3.4 Open schema.sql in any text editor (Notepad, VS Code, TextEdit). Select all the text and copy it (Ctrl+A then Ctrl+C on Windows, Cmd+A then Cmd+C on Mac).
3.5 Go back to the Supabase SQL Editor. Click inside the editor area. Paste everything you just copied (Ctrl+V on Windows, Cmd+V on Mac).
3.6 Click the green "Run" button (bottom right, or press Ctrl+Enter / Cmd+Enter).
3.7 Wait a few seconds. At the bottom you should see:

Success. No rows returned.

If you see any red error messages, do not panic. Read the error carefully. The most common error is running the script twice — if that happens, it is usually safe to ignore the error and continue.

3.8 Verify the tables were created. In the left sidebar, click "Table Editor". You should see these tables:
subscriptions
usage
users
channel_credentials
audit_logs
admin_settings

If you see all 6 tables, the schema was created correctly. ✅

Tick the checkbox if you completed the step successfully.

Enable Google login

Your customers log in using their Google account. You need to enable this in Supabase and set it up in Google.

This involves two parts:

Create a Google OAuth app (to get a Client ID and Secret)
Add those into Supabase

Part A — Create a Google OAuth app

4.1 Open a new browser tab and go to: https://console.cloud.google.com
4.2 Sign in with your Google account.
4.3 At the top, click the project selector dropdown (it says "Select a project" or shows an existing project name).
4.4 Click "New Project".
4.5 Fill in:

Field	What to enter
Project name	`openclaw-auth` (or any name)
Location	Leave as default

Click "Create" and wait for it to create — about 10 seconds.

4.6 Make sure your new project is selected at the top.
4.7 In the left sidebar, click "APIs & Services" → "OAuth consent screen".
4.8 Select "External" and click "Create".
4.9 Fill in the required fields:

Field	What to enter
App name	Your business name (e.g. "OpenClaw")
User support email	Your email address
Developer contact email	Your email address

Scroll down and click "Save and Continue" through all the remaining steps (Scopes, Test Users, Summary) without changing anything. Just click "Save and Continue" each time.

4.10 In the left sidebar, click "Credentials".
4.11 Click "+ Create Credentials" → "OAuth client ID".
4.12 Fill in:

Field	What to enter
Application type	Web application
Name	`shipclawfast-web`

4.13
Under "Authorized javascript URIs", click "+ Add URI". (Note: You will add your website link here later after completing the Vercel Setup).
Under "Authorized redirect URIs", click "+ Add URI".
4.14 Go back to your Supabase dashboard tab. In the left sidebar, click "Authentication" → "Providers".
4.15 Find "Google" in the list and click on it to expand it.
4.16 You will see a "Callback URL (for OAuth)" field. Copy that URL. It looks like:

https://xxxxxxxxxxxx.supabase.co/auth/v1/callback

4.17 Go back to the Google Cloud tab. Paste that URL into the "Authorized redirect URIs" field.
4.18 Click "Create".
4.19 A popup will appear showing your Client ID and Client Secret. Copy both and save them somewhere safe. You will need them in the next section.

Tick the checkbox if you completed the step successfully.

Part B — Add Google credentials to Supabase

4.20 Go back to Supabase. You should still be on Authentication → Providers → Google.
4.21 Toggle Google to Enabled (the toggle should turn blue/green).
4.22 Fill in:

Field	What to paste
Client ID (for OAuth)	Paste the Client ID from Step 4.19
Client Secret	Paste the Client Secret from Step 4.19

4.23 Click "Save".

Google login is now enabled for your app. ✅

Tick the checkbox if you completed the step successfully.

Copy your Supabase keys into .env

Your app needs 3 keys from Supabase to connect to the database.

5.1 In Supabase, click "Project Settings" (gear icon) in the left sidebar.
5.2 Click "API" in the settings menu.
5.3 You will see a section called "Project URL" and a section called "Project API keys".

Copy these 3 values:

What to copy	Where to find it	.env variable name
Project URL	Under "Project URL"	`NEXT_PUBLIC_SUPABASE_URL`
anon / public key	Under "Project API keys" → row labeled "anon public"	`NEXT_PUBLIC_SUPABASE_ANON_KEY`
service_role key	Under "Project API keys" → row labeled "service_role" (click the eye icon to reveal)	`SUPABASE_SERVICE_ROLE_KEY`

Warning: The service_role key is extremely sensitive. It bypasses all security rules. Never share it. Never put it in client-side code. Keep it only in your .env file.

5.4 Open your .env file in a text editor and fill in the three values. Find these lines and replace the empty values:

NEXT_PUBLIC_SUPABASE_URL=paste-your-project-url-here
NEXT_PUBLIC_SUPABASE_ANON_KEY=paste-your-anon-key-here
SUPABASE_SERVICE_ROLE_KEY=paste-your-service-role-key-here

5.5 Save the .env file.

Tick the checkbox if you completed the step successfully.

Checklist — Before moving on

Supabase account created
New project created and finished loading
schema.sql was run and showed "Success"
All 6 tables are visible in the Table Editor
Google OAuth is enabled in Supabase (toggle is on)
NEXT_PUBLIC_SUPABASE_URL is filled in .env
NEXT_PUBLIC_SUPABASE_ANON_KEY is filled in .env
SUPABASE_SERVICE_ROLE_KEY is filled in .env

Common problems

"Table already exists" error when running schema.sql → This is safe to ignore. It means you ran the script twice. Your tables are fine.

Google login shows an error after clicking "Sign in with Google" → Double-check that the Supabase callback URL in Google Cloud matches exactly. Even one extra character will break it. Go back to Step 4.14 and copy the URL again carefully.

Cannot find the service_role key → In Supabase API settings, look for the key row that says "service_role" and click the eye icon (👁) to reveal it. It is hidden by default.

When every checkbox is ticked, move on to 05 — LLM API Keys.

Category: cloud-directShipClawFast Engine

Supabase Setup

Before you start this guide: You must have completed 03 — Clone & Setup.

Supabase is your database and user login system. Your customers use it to sign up and log in. All their subscription data, Telegram credentials, and usage records are stored here.

In this guide you will:

Create a free Supabase account
Create a new Supabase project
Create all the database tables the app needs
Enable Google login for your customers
Copy 3 keys into your .env file

Create a Supabase account

1.1 Open your browser and go to: https://supabase.com
1.2 Click "Start your project" (green button, top right).
1.3 Click "Sign up" and create an account using your GitHub account (recommended) or your email.

Using GitHub to sign in is the easiest option. Click "Continue with GitHub", allow the permissions, and you are in.

1.4 After signing in, you will land on the Supabase dashboard. You should see a welcome screen or an empty list of projects.

Tick the checkbox if you completed the step successfully.

Create a new project

2.1 Click the green "New project" button.
2.2 You will be asked to select an organization. Supabase automatically creates one named after your GitHub username. Select it.
2.3 Fill in the project details:

Field	What to enter
Name	`shipclawfastdb` (or any name you like)
Database Password	Click "Generate a password". Copy this password and save it somewhere safe.
Region	Choose the region closest to your customers (e.g. "Europe West" or "US East")

2.4 Click "Create new project".
2.5 Wait. Supabase will take about 1–2 minutes to set up your project. You will see a loading spinner. Do not close the tab.
2.6 When it finishes, you will see your project dashboard. It looks like a dark-themed control panel.

Tick the checkbox if you completed the step successfully.

Create the database tables

Your app needs several database tables to work. You will create all of them by running a single SQL script.

3.1 In the left sidebar, click "SQL Editor" (it looks like a >_ icon).
3.2 Click "New query" (top left of the editor area).
3.3 Open your project folder on your computer and find the file called schema.sql in the root of the project.
3.4 Open schema.sql in any text editor (Notepad, VS Code, TextEdit). Select all the text and copy it (Ctrl+A then Ctrl+C on Windows, Cmd+A then Cmd+C on Mac).
3.5 Go back to the Supabase SQL Editor. Click inside the editor area. Paste everything you just copied (Ctrl+V on Windows, Cmd+V on Mac).
3.6 Click the green "Run" button (bottom right, or press Ctrl+Enter / Cmd+Enter).
3.7 Wait a few seconds. At the bottom you should see:

Success. No rows returned.

If you see any red error messages, do not panic. Read the error carefully. The most common error is running the script twice — if that happens, it is usually safe to ignore the error and continue.

3.8 Verify the tables were created. In the left sidebar, click "Table Editor". You should see these tables:
subscriptions
usage
users
channel_credentials
audit_logs
admin_settings

If you see all 6 tables, the schema was created correctly. ✅

Tick the checkbox if you completed the step successfully.

Enable Google login

Your customers log in using their Google account. You need to enable this in Supabase and set it up in Google.

This involves two parts:

Create a Google OAuth app (to get a Client ID and Secret)
Add those into Supabase

Part A — Create a Google OAuth app

4.1 Open a new browser tab and go to: https://console.cloud.google.com
4.2 Sign in with your Google account.
4.3 At the top, click the project selector dropdown (it says "Select a project" or shows an existing project name).
4.4 Click "New Project".
4.5 Fill in:

Field	What to enter
Project name	`openclaw-auth` (or any name)
Location	Leave as default

Click "Create" and wait for it to create — about 10 seconds.

4.6 Make sure your new project is selected at the top.
4.7 In the left sidebar, click "APIs & Services" → "OAuth consent screen".
4.8 Select "External" and click "Create".
4.9 Fill in the required fields:

Field	What to enter
App name	Your business name (e.g. "OpenClaw")
User support email	Your email address
Developer contact email	Your email address

Scroll down and click "Save and Continue" through all the remaining steps (Scopes, Test Users, Summary) without changing anything. Just click "Save and Continue" each time.

4.10 In the left sidebar, click "Credentials".
4.11 Click "+ Create Credentials" → "OAuth client ID".
4.12 Fill in:

Field	What to enter
Application type	Web application
Name	`shipclawfast-web`

4.13
Under "Authorized javascript URIs", click "+ Add URI". (Note: You will add your website link here later after completing the Vercel Setup).
Under "Authorized redirect URIs", click "+ Add URI".
4.14 Go back to your Supabase dashboard tab. In the left sidebar, click "Authentication" → "Providers".
4.15 Find "Google" in the list and click on it to expand it.
4.16 You will see a "Callback URL (for OAuth)" field. Copy that URL. It looks like:

https://xxxxxxxxxxxx.supabase.co/auth/v1/callback

4.17 Go back to the Google Cloud tab. Paste that URL into the "Authorized redirect URIs" field.
4.18 Click "Create".
4.19 A popup will appear showing your Client ID and Client Secret. Copy both and save them somewhere safe. You will need them in the next section.

Tick the checkbox if you completed the step successfully.

Part B — Add Google credentials to Supabase

4.20 Go back to Supabase. You should still be on Authentication → Providers → Google.
4.21 Toggle Google to Enabled (the toggle should turn blue/green).
4.22 Fill in:

Field	What to paste
Client ID (for OAuth)	Paste the Client ID from Step 4.19
Client Secret	Paste the Client Secret from Step 4.19

4.23 Click "Save".

Google login is now enabled for your app. ✅

Tick the checkbox if you completed the step successfully.

Copy your Supabase keys into .env

Your app needs 3 keys from Supabase to connect to the database.

5.1 In Supabase, click "Project Settings" (gear icon) in the left sidebar.
5.2 Click "API" in the settings menu.
5.3 You will see a section called "Project URL" and a section called "Project API keys".

Copy these 3 values:

What to copy	Where to find it	.env variable name
Project URL	Under "Project URL"	`NEXT_PUBLIC_SUPABASE_URL`
anon / public key	Under "Project API keys" → row labeled "anon public"	`NEXT_PUBLIC_SUPABASE_ANON_KEY`
service_role key	Under "Project API keys" → row labeled "service_role" (click the eye icon to reveal)	`SUPABASE_SERVICE_ROLE_KEY`

Warning: The service_role key is extremely sensitive. It bypasses all security rules. Never share it. Never put it in client-side code. Keep it only in your .env file.

5.4 Open your .env file in a text editor and fill in the three values. Find these lines and replace the empty values:

NEXT_PUBLIC_SUPABASE_URL=paste-your-project-url-here
NEXT_PUBLIC_SUPABASE_ANON_KEY=paste-your-anon-key-here
SUPABASE_SERVICE_ROLE_KEY=paste-your-service-role-key-here

5.5 Save the .env file.

Tick the checkbox if you completed the step successfully.

Checklist — Before moving on

Supabase account created
New project created and finished loading
schema.sql was run and showed "Success"
All 6 tables are visible in the Table Editor
Google OAuth is enabled in Supabase (toggle is on)
NEXT_PUBLIC_SUPABASE_URL is filled in .env
NEXT_PUBLIC_SUPABASE_ANON_KEY is filled in .env
SUPABASE_SERVICE_ROLE_KEY is filled in .env

Common problems

"Table already exists" error when running schema.sql → This is safe to ignore. It means you ran the script twice. Your tables are fine.

Cannot find the service_role key → In Supabase API settings, look for the key row that says "service_role" and click the eye icon (👁) to reveal it. It is hidden by default.

When every checkbox is ticked, move on to 05 — LLM API Keys.

Category: cloud-directShipClawFast Engine