Supabase RLS Tenant Configurator

List all active RLS tenant scope configurations

{
  "data": [
    {
      "scope_id": "scp_01J4K8M2N3P5Q7T1",
      "org_id": "org_01J4K8M2N3P5Q7R9",
      "session_id": "ses_01J4K8M2N3P5Q7S1",
      "is_active": true,
      "applied_at": "2026-03-26T09:00:00Z"
    }
  ],
  "pagination": {
    "page": 1,
    "limit": 20,
    "total": 1
  }
}

Get details of a specific RLS scope configuration

{
  "scope_id": "scp_01J4K8M2N3P5Q7T1",
  "org_id": "org_01J4K8M2N3P5Q7R9",
  "session_id": "ses_01J4K8M2N3P5Q7S1",
  "rls_claim": "request.jwt.claims.org_id",
  "rls_value": "org_01J4K8M2N3P5Q7R9",
  "is_active": true,
  "applied_at": "2026-03-26T09:00:00Z"
}

Apply RLS tenant scope for an organization (injects org claim into DB session)

{
  "org_id": "org_01J4K8M2N3P5Q7R9",
  "session_id": "ses_01J9X3P7K2M4N6G6"
}

{
  "scope_id": "scp_01J9X3P7K2M4N6I8",
  "org_id": "org_01J4K8M2N3P5Q7R9",
  "session_id": "ses_01J9X3P7K2M4N6G6",
  "rls_claim": "request.jwt.claims.org_id",
  "rls_value": "org_01J4K8M2N3P5Q7R9",
  "is_active": true,
  "applied_at": "2026-03-26T12:00:00Z",
  "created_at": "2026-03-26T12:00:00Z"
}

Update the org_id in an existing RLS scope (org switch within session)

{
  "org_id": "org_01J4K8M2N3P5Q7R8"
}

{
  "scope_id": "scp_01J9X3P7K2M4N6I8",
  "org_id": "org_01J4K8M2N3P5Q7R8",
  "session_id": "ses_01J9X3P7K2M4N6G6",
  "is_active": true,
  "applied_at": "2026-03-26T13:00:00Z",
  "updated_at": "2026-03-26T13:00:00Z"
}

Clear RLS tenant scope (revoke org-level DB access)

{
  "success": true,
  "cleared_at": "2026-03-26T14:00:00Z"
}

Verify that RLS tenant scope is correctly applied for a session

{
  "scope_id": "scp_01J9X3P7K2M4N6I8",
  "org_id": "org_01J4K8M2N3P5Q7R9",
  "is_applied": true,
  "rls_policy_active": true,
  "verified_at": "2026-03-26T12:01:00Z"
}

{
  "contract_summary": {
    "total_contracts": 410,
    "total_endpoints": 2416,
    "api_styles_used": [
      "rest"
    ]
  },
  "generated_at": "2026-03-26T06:55:53.316Z"
}