SupabaseS
Supabase5w ago
mnlcpc

Best practice for implementing subdomain availability check with RLS in production

Hi everyone,

I'm implementing a subdomain availability checker for a multi-tenant SaaS where users can claim custom subdomains (e.g., customsubdomain.website.com). I need to verify that a subdomain hasn't been taken before allowing a user to claim it.

What I'm trying to achieve:
  • Check subdomain availability before user registration/onboarding
  • Ensure the check is secure and can't be bypassed
  • Have it work consistently in both local and production environments
Current implementation and issue:
I've implemented a solution using the Supabase service role key (secret API key) to bypass RLS for the availability check. This works perfectly in local development, but fails in production with the following error:
[SUBDOMAIN_VALIDATION] RPC error: {
  code: 'PGRST002',
  details: null,
  hint: null,
  message: 'Could not query the database for the schema cache. Retrying.'
}


Environment details:
  • Framework: Next.js 16 , App Router
  • Platform: Web
  • Supabase JS version: @supabase/ssr: ^0.7.0, @supabase/supabase-js: ^2.80.0,
  • Deployed on Vercel
Questions:
What's the current best practice for implementing subdomain availability checks with Supabase?
Should I be using RPC functions, Edge Functions, or a different approach?
Is using the service role key for this use case appropriate, or is there a better pattern?
Why might this PGRST002 error occur only in production?

Any guidance on the recommended architecture for this common multi-tenant pattern would be greatly appreciated. Thanks!
Was this page helpful?