Features

Magic Links

Magic Links

Magic Links

Configuring Supabase for Production

When preparing your Supabase app for production, it’s essential to ensure Magic Links, authentication, and email communications are properly set up. Here’s how to configure Supabase for production and enable custom SMTP with rate limiting.

Tutorial

Step 1: Configure Authentication URLs

To ensure Magic Links work seamlessly in production, update the Site URL and Redirect URLs in your Supabase dashboard.

  1. Log in to Supabase and go to the Authentication section.

  2. Navigate to URL Configuration.

  3. Set the following:

    • Site URL:
      Add your production domain (e.g., https://your-domain.com). This ensures Magic Links are generated correctly for your live site.

    • Redirect URLs:
      Add the following URLs to allow proper redirects after login/signup:

      • https://your-domain.com/** (for production)

      • http://localhost:3000/** (for local development)

Step 2: Set Up Custom SMTP for Emails

Supabase supports sending Magic Link emails via custom SMTP servers. Configuring custom SMTP allows you to send branded emails from your domain and improves email deliverability.

  1. In the Supabase Dashboard, go to Authentication > Settings > SMTP Configuration.

  2. Add the following details for your SMTP provider:

    • SMTP Host: Your email provider’s SMTP server (e.g., smtp.your-email-provider.com).

    • SMTP Port: Usually 587 for TLS or 465 for SSL.

    • SMTP User: Your email username (e.g., no-reply@your-domain.com).

    • SMTP Password: The password for your email account.

    • Sender Email: The email address users see as the sender (e.g., no-reply@your-domain.com).

Example Configuration:

  1. Save the settings and test the email configuration by sending a test Magic Link.

Step 3: Configure Rate Limiting for SMTP

To prevent abuse and ensure fair usage, configure a rate limit for your custom SMTP.

  1. Go to Authentication > Settings > Rate Limiting in the Supabase dashboard.

  2. Set a maximum number of emails allowed per minute, hour, or day based on your app’s expected usage:

    • Per minute: 10 (to prevent spam-like behavior)

    • Per hour: 200

    • Per day: 2,000

  3. Save the configuration to enforce limits.

Additional Best Practices

  1. Enable DKIM and SPF Records:
    Improve email deliverability and prevent spoofing by setting up DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) records for your domain.

  2. Use a Reputable SMTP Provider:
    Consider using services like SendGrid, Postmark, or AWS SES for reliable email delivery.

  3. Monitor Email Deliverability:
    Regularly check your email logs in the SMTP provider’s dashboard to ensure Magic Links and other emails are being delivered.

  4. Test Authentication in Production:
    Before launching, test the Magic Link flow in your production environment to confirm proper redirection and email delivery.

Why Configure Custom SMTP and Rate Limiting?

  • Branded Emails: Use your domain for a professional, trustworthy user experience.

  • Improved Deliverability: Avoid emails landing in spam folders by using a reliable SMTP provider.

  • Rate Limiting: Protect your system from abuse while ensuring smooth email delivery for legitimate users.

By following these steps, your Supabase setup will be optimized for production, ensuring secure and reliable Magic Links and email communication for your users.