🏠 Overview 🔗 Integrations 🔗 Supabase Edge Functions (Deno)

Supabase Edge Functions (Deno)

Cloud Service Integration by Supabase Inc.

Cloud Service Supabase Inc. Bidirectional
Rest Api
Connection
Bidirectional
Data Flow
12
Components
3
Dependencies

Description

Supabase Edge Functions run server-side Deno TypeScript logic close to users for operations requiring elevated database privileges or complex business logic that must not execute on client devices. Used for auto-approval evaluation, Bufdir export generation, certification expiry checks, badge criteria evaluation, and threshold validation — all requiring service-role database access.

Detailed Analysis

Supabase Edge Functions provide the secure server-side execution layer for the platform's most sensitive and complex business logic — automated expense approval evaluation, government-format Bufdir export generation, certification expiry monitoring, badge criteria assessment, and threshold compliance validation. By running these operations server-side with service-role database access, the platform ensures that business rules cannot be bypassed by client-side manipulation, which is critical for financial integrity and regulatory reporting accuracy. The Bufdir export function directly enables compliance with Norwegian government reporting requirements, making it a key capability for organisational accreditation. Cron-triggered functions for nightly scheduling, assignment reminders, and certification expiry checks reduce manual coordinator workload through automation.

Included in Supabase Pro with 2 million monthly invocations, the cost model is highly favourable relative to maintaining dedicated server infrastructure.

Twelve components invoke edge functions, covering auto-approval, export generation, expiry checks, badge evaluation, and scheduled cron jobs. Each function must be developed, tested, and deployed via the Supabase CLI as a separate deployment artifact — this adds a distinct deployment pipeline that must be integrated into the CI/CD workflow from early in the project. SUPABASE_SERVICE_ROLE_KEY, FCM_SERVER_KEY, and BUFDIR_API_KEY must be configured as function-level secrets before any function can be tested in staging. Cold start latency of up to 500ms for infrequently invoked functions must be accounted for in UX design for user-triggered operations like auto-approval.

Cron job scheduling (nightly scheduler, assignment reminders, certification expiry) requires monitoring for missed executions with alerting configured in the Supabase dashboard. Idempotency key implementation on export and approval functions is essential to prevent double-processing and must be included in the test plan. The team needs Deno/TypeScript experience and familiarity with Supabase CLI deployment workflows.

Edge functions are Deno TypeScript modules deployed via Supabase CLI and invoked via authenticated REST calls from the Flutter client — the user's JWT is forwarded in the Authorization header for organisation-scoped access. Server-side functions use SUPABASE_SERVICE_ROLE_KEY (available only in the function environment, never on the client) to bypass RLS for operations requiring cross-tenant or elevated access such as Bufdir export aggregation. HTTP 4xx/5xx responses are caught at the client boundary (e.g., 101-auto-approval-edge-function-client) and mapped to typed domain errors. Idempotency keys are sent with export (319-export-edge-function) and approval (101-auto-approval-edge-function-client) invocations to prevent duplicate processing on retry.

Scheduled functions (433-certification-expiry-cron, 467-assignment-reminder-cron-trigger, 382-nightly-scheduler) use Supabase cron configuration and are monitored for missed execution via dashboard alerts. Function input is validated server-side before any database write; JWT claims provide organisation context to scope all queries. Execution timeout is 150 seconds by default — the Bufdir export function targets completion within 30 seconds. Function invocation count, execution duration, and per-function error rates are tracked via Supabase observability with spike alerts configured.

Using Components (12)

Infrastructure Auto-Approval Edge Function Client medium Infrastructure Bufdir Export Edge Function high Infrastructure Threshold Validation Supabase Edge Function medium Infrastructure Supabase Edge Function: Generate Export high Infrastructure Nightly Job Scheduler medium Infrastructure Certification Expiry Nightly Cron Job medium Infrastructure Assignment Reminder Cron Trigger medium Infrastructure Certificate Expiry Check Edge Function medium Infrastructure Scenario Evaluation Edge Function medium Infrastructure Badge Criteria Edge Function medium Infrastructure Scenario Edge Function Scheduler medium Infrastructure Integration Edge Functions high

Dependencies (3)

Supabase CLI for deployment External
Deno runtime (managed by Supabase) External
SUPABASE_SERVICE_ROLE_KEY available in function environment External

Authentication

TypeJwt
RequirementsAuthenticated user JWT passed in Authorization header, Service role key for functions requiring elevated access (server-side only), Function-level auth policies configured
Scopesinvoke:edge-functions

Configuration

Required Settings

Function deployed via Supabase CLI Required
SUPABASE_SERVICE_ROLE_KEY in function secrets Required
Cron schedule configured for scheduled functions Required

Optional Settings

Function memory limit Optional
Execution timeout (default 150s) Optional
Regional deployment preference Optional

Environment Variables

SUPABASE_URL
SUPABASE_SERVICE_ROLE_KEY
FCM_SERVER_KEY
BUFDIR_API_KEY

Error Handling

HTTP 4xx/5xx responses caught and mapped to domain errors in client
Idempotency keys on export and approval functions to prevent double processing
Structured error responses with error codes for client-side handling

Monitoring

Health Checks

Edge function invocation logs in Supabase dashboard
Cron job execution status tracking

Metrics

Function invocation count
Execution duration
Error rate per function

Alerts

Function error rate spike
Cron job missed execution
Function timeout exceeded

Performance

Latency< 5s for auto-approval evaluation, < 30s for full Bufdir export
Availability99.9% availability for approval and export workflows

Rate Limits

Supabase Pro: 2 million function invocations/month included
500ms cold start for infrequently invoked functions

Cost Implications

Pricing ModelIncluded in Supabase Pro plan with overage per million invocations

Cost Factors

Number of function invocations per month
Execution duration and memory
Cron job frequency

Security Considerations

Service role key never distributed to mobile clients — only available server-side in function environment
Function input validated before any database write
Functions scoped by organisation context from JWT claims

Fallback Mechanisms

Client-side auto-approval logic as fallback for threshold evaluation
Manual export trigger available if scheduled cron fails

Documentation

https://supabase.com/docs/guides/functions External