Best practice for implementing subdomain availability check with RLS in production
Hi everyone,
I'm implementing a subdomain availability checker for a multi-tenant SaaS where users can claim custom subdomains (e.g.,
What I'm trying to achieve:
- Check subdomain availability before user registration/onboarding
- Ensure the check is secure and can't be bypassed
- Have it work consistently in both local and production environments
Current implementation and issue:
I've implemented a solution using the Supabase service role key (secret API key) to bypass RLS for the availability check. This works perfectly in local development, but fails in production with the following error:
Environment details:
- Framework: Next.js 16 , App Router
- Platform: Web
- Supabase JS version: @supabase/ssr: ^0.7.0, @supabase/supabase-js: ^2.80.0,
- Deployed on Vercel
Questions:
What's the current best practice for implementing subdomain availability checks with Supabase?
Should I be using RPC functions, Edge Functions, or a different approach?
Is using the service role key for this use case appropriate, or is there a better pattern?
Why might this PGRST002 error occur only in production?
Any guidance on the recommended architecture for this common multi-tenant pattern would be greatly appreciated. Thanks!
I'm implementing a subdomain availability checker for a multi-tenant SaaS where users can claim custom subdomains (e.g.,
customsubdomain.website.comWhat I'm trying to achieve:
- Check subdomain availability before user registration/onboarding
- Ensure the check is secure and can't be bypassed
- Have it work consistently in both local and production environments
Current implementation and issue:
I've implemented a solution using the Supabase service role key (secret API key) to bypass RLS for the availability check. This works perfectly in local development, but fails in production with the following error:
Environment details:
- Framework: Next.js 16 , App Router
- Platform: Web
- Supabase JS version: @supabase/ssr: ^0.7.0, @supabase/supabase-js: ^2.80.0,
- Deployed on Vercel
Questions:
What's the current best practice for implementing subdomain availability checks with Supabase?
Should I be using RPC functions, Edge Functions, or a different approach?
Is using the service role key for this use case appropriate, or is there a better pattern?
Why might this PGRST002 error occur only in production?
Any guidance on the recommended architecture for this common multi-tenant pattern would be greatly appreciated. Thanks!
