Overview
BuildPad DaaS is a full-stack Data-as-a-Service platform built on Supabase . It gives you a rich REST API over your PostgreSQL database — with authentication, role-based access control, file management, and workflow automation — out of the box.
The API surface follows established conventions for collections, items, filters, and auth — making it straightforward to integrate with any REST client or SDK.
What It Provides
| Layer | What you get |
|---|---|
| Data Engine | REST API for any table — CRUD, filtering, aggregates, relations |
| Auth | Email/password login, JWT tokens, static API tokens, session cookies |
| Access Control | Roles, policies, granular per-collection permissions, field-level access |
| Files | Upload, organize, serve, and import files via Supabase Storage |
| Schema | Visual data model editor and DDL API to create/alter tables |
| Workflows | JSON state machines with policy-based transitions and side effects |
| Extensions | Custom REST endpoints, event hooks, and reusable services |
| AI | Built-in MCP server so Claude, Cursor, and similar tools can query your data |
Architecture
┌──────────────────────────────────────────────────────────┐
│ Your Application │
│ (web, mobile, server-to-server, AI) │
└────────────────────────┬─────────────────────────────────┘
│ REST API / MCP
┌────────────────────────▼─────────────────────────────────┐
│ BuildPad DaaS │
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────┐ │
│ │ Auth Layer │ │ Items API │ │ Schema API │ │
│ │ (JWT/Token)│ │ (CRUD+RLS) │ │ (DDL/Apply) │ │
│ └─────────────┘ └─────────────┘ └─────────────────┘ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────┐ │
│ │ Permissions │ │ Workflows │ │ Extensions │ │
│ │ (RBAC+RLS) │ │ (State M.) │ │(Hooks/Endpoints)│ │
│ └─────────────┘ └─────────────┘ └─────────────────┘ │
└────────────────────────┬─────────────────────────────────┘
│
┌────────────────────────▼─────────────────────────────────┐
│ Supabase │
│ PostgreSQL · Auth · Storage │
└──────────────────────────────────────────────────────────┘Choose How to Run
Fully managed. Create a project at app.buildpad.ai and your DaaS instance is provisioned automatically — no infrastructure, no configuration.
☁️ BuildPad CloudFull control. Run the official Docker image on your own servers against any Supabase project. See the Quick Start for setup steps.
🐳 Self-HostedBuilt For
- Headless CMS — Manage content and serve it to any frontend
- Admin panels — Internal tools with fine-grained access control
- SaaS backends — Multi-tenant data layer with per-user RLS
- API-first apps — REST API without writing backend boilerplate
- AI agents — MCP server lets AI tools query and mutate data safely
How It Works
- Connect your database — The platform runs against a Supabase (PostgreSQL) project.
- Define your schema — Use the visual Data Model editor or the Fields/Collections API.
- Configure access — Create roles and policies, assign permissions per collection.
- Consume the API — Any client uses
POST /api/auth/loginto get a token, then hits/api/items/:collectionwith standard REST verbs. - Extend — Add scheduled jobs, event hooks, or custom endpoints in the
extensions/directory or via cron jobs.
The API is stateless. Every request is authenticated via a JWT bearer token, a session cookie, or a static API token. Row-Level Security (RLS) policies in PostgreSQL enforce data isolation at the database level.
API Conventions
The REST API uses a consistent, predictable structure:
- Endpoint paths follow the pattern
/api/items/:collection,/api/auth/*,/api/schema/* - Filter syntax uses operator suffixes:
_eq,_in,_gte,_contains, and relational filters - Responses always return
{ data }for success and{ errors }for failures
Next Steps
- Quick Start — Get the platform running and make your first API call in 5 minutes
- Core Concepts — Understand collections, fields, items, roles, and policies
Last updated on