Skip to Content
Getting StartedOverview

Overview

BuildPad DaaS is a full-stack Data-as-a-Service platform built on Supabase . It gives you a rich REST API over your PostgreSQL database — with authentication, role-based access control, file management, and workflow automation — out of the box.

The API surface follows established conventions for collections, items, filters, and auth — making it straightforward to integrate with any REST client or SDK.

What It Provides

LayerWhat you get
Data EngineREST API for any table — CRUD, filtering, aggregates, relations
AuthEmail/password login, JWT tokens, static API tokens, session cookies
Access ControlRoles, policies, granular per-collection permissions, field-level access
FilesUpload, organize, serve, and import files via Supabase Storage
SchemaVisual data model editor and DDL API to create/alter tables
WorkflowsJSON state machines with policy-based transitions and side effects
ExtensionsCustom REST endpoints, event hooks, and reusable services
AIBuilt-in MCP server so Claude, Cursor, and similar tools can query your data

Architecture

┌──────────────────────────────────────────────────────────┐ │ Your Application │ │ (web, mobile, server-to-server, AI) │ └────────────────────────┬─────────────────────────────────┘ │ REST API / MCP ┌────────────────────────▼─────────────────────────────────┐ │ BuildPad DaaS │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────────┐ │ │ │ Auth Layer │ │ Items API │ │ Schema API │ │ │ │ (JWT/Token)│ │ (CRUD+RLS) │ │ (DDL/Apply) │ │ │ └─────────────┘ └─────────────┘ └─────────────────┘ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────────┐ │ │ │ Permissions │ │ Workflows │ │ Extensions │ │ │ │ (RBAC+RLS) │ │ (State M.) │ │(Hooks/Endpoints)│ │ │ └─────────────┘ └─────────────┘ └─────────────────┘ │ └────────────────────────┬─────────────────────────────────┘ ┌────────────────────────▼─────────────────────────────────┐ │ Supabase │ │ PostgreSQL · Auth · Storage │ └──────────────────────────────────────────────────────────┘

Choose How to Run

Built For

  • Headless CMS — Manage content and serve it to any frontend
  • Admin panels — Internal tools with fine-grained access control
  • SaaS backends — Multi-tenant data layer with per-user RLS
  • API-first apps — REST API without writing backend boilerplate
  • AI agents — MCP server lets AI tools query and mutate data safely

How It Works

  1. Connect your database — The platform runs against a Supabase (PostgreSQL) project.
  2. Define your schema — Use the visual Data Model editor or the Fields/Collections API.
  3. Configure access — Create roles and policies, assign permissions per collection.
  4. Consume the API — Any client uses POST /api/auth/login to get a token, then hits /api/items/:collection with standard REST verbs.
  5. Extend — Add scheduled jobs, event hooks, or custom endpoints in the extensions/ directory or via cron jobs.

The API is stateless. Every request is authenticated via a JWT bearer token, a session cookie, or a static API token. Row-Level Security (RLS) policies in PostgreSQL enforce data isolation at the database level.

API Conventions

The REST API uses a consistent, predictable structure:

  • Endpoint paths follow the pattern /api/items/:collection, /api/auth/*, /api/schema/*
  • Filter syntax uses operator suffixes: _eq, _in, _gte, _contains, and relational filters
  • Responses always return { data } for success and { errors } for failures

Next Steps

  • Quick Start — Get the platform running and make your first API call in 5 minutes
  • Core Concepts — Understand collections, fields, items, roles, and policies
Last updated on