code · pull · Aug 18, 2025 · Aug 18, 2025 · Aug 18, 2025 · Aug 18, 2025
diff --git a/apps/docs/content/_partials/oauth_pkce_flow.mdx b/apps/docs/content/_partials/oauth_pkce_flow.mdx
@@ -150,7 +150,7 @@ export const GET: APIRoute = async ({ request, cookies, redirect }) => {
   if (code) {
     const supabase = createServerClient(
       import.meta.env.PUBLIC_SUPABASE_URL,
-      import.meta.env.PUBLIC_SUPABASE_ANON_KEY,
+      import.meta.env.PUBLIC_SUPABASE_PUBLISHABLE_KEY,
       {
         cookies: {
           getAll() {
@@ -194,18 +194,22 @@ export async function loader({ request }: LoaderFunctionArgs) {
   const headers = new Headers()
 
   if (code) {
-    const supabase = createServerClient(process.env.SUPABASE_URL!, process.env.SUPABASE_ANON_KEY!, {
-      cookies: {
-        getAll() {
-          return parseCookieHeader(request.headers.get('Cookie') ?? '')
-        },
-        setAll(cookiesToSet) {
-          cookiesToSet.forEach(({ name, value, options }) =>
-            headers.append('Set-Cookie', serializeCookieHeader(name, value, options))
-          )
+    const supabase = createServerClient(
+      process.env.SUPABASE_URL!,
+      process.env.SUPABASE_PUBLISHABLE_KEY!,
+      {
+        cookies: {
+          getAll() {
+            return parseCookieHeader(request.headers.get('Cookie') ?? '')
+          },
+          setAll(cookiesToSet) {
+            cookiesToSet.forEach(({ name, value, options }) =>
+              headers.append('Set-Cookie', serializeCookieHeader(name, value, options))
+            )
+          },
         },
-      },
-    })
+      }
+    )
 
     const { error } = await supabase.auth.exchangeCodeForSession(code)
 
@@ -233,7 +237,7 @@ app.get("/auth/callback", async function (req, res) {
   if (code) {
     const supabase = createServerClient(
       process.env.SUPABASE_URL,
-      process.env.SUPABASE_ANON_KEY, {
+      process.env.SUPABASE_PUBLISHABLE_KEY, {
     cookies: {
       getAll() {
         return parseCookieHeader(context.req.headers.cookie ?? '')

diff --git a/apps/docs/content/guides/ai/examples/nextjs-vector-search.mdx b/apps/docs/content/guides/ai/examples/nextjs-vector-search.mdx
@@ -283,7 +283,7 @@ With our database set up, we need to process and store all `.mdx` files in the `
 
       ```bash
       NEXT_PUBLIC_SUPABASE_URL=
-      NEXT_PUBLIC_SUPABASE_ANON_KEY=
+      NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY=
       SUPABASE_SERVICE_ROLE_KEY=
 
       # Get your key at https://platform.openai.com/account/api-keys
@@ -470,8 +470,8 @@ const handleConfirm = React.useCallback(
 
     const eventSource = new SSE(`api/vector-search`, {
       headers: {
-        apikey: process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY ?? '',
-        Authorization: `Bearer ${process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY}`,
+        apikey: process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY ?? '',
+        Authorization: `Bearer ${process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY}`,
         'Content-Type': 'application/json',
       },
       payload: JSON.stringify({ query }),

diff --git a/apps/docs/content/guides/api/automatic-retries-in-supabase-js.mdx b/apps/docs/content/guides/api/automatic-retries-in-supabase-js.mdx
@@ -32,11 +32,15 @@ import fetchRetry from 'fetch-retry'
 const fetchWithRetry = fetchRetry(fetch)
 
 // Create a Supabase client instance with the custom fetch
-const supabase = createClient('https://your-supabase-url.supabase.co', 'your-anon-key', {
-  global: {
-    fetch: fetchWithRetry,
-  },
-})
+const supabase = createClient(
+  'https://your-supabase-url.supabase.co',
+  'sb_publishable_... or anon key',
+  {
+    global: {
+      fetch: fetchWithRetry,
+    },
+  }
+)
 ```
 
 ## 3. Configure retry options

diff --git a/apps/docs/content/guides/api/creating-routes.mdx b/apps/docs/content/guides/api/creating-routes.mdx
@@ -72,7 +72,7 @@ Both of these routes require the `anon` key to be passed through an `apikey` hea
 You can interact with your API directly via HTTP requests, or you can use the client libraries which we provide.
 
 Let's see how to make a request to the `todos` table which we created in the first step,
-using the API URL (`SUPABASE_URL`) and Key (`SUPABASE_ANON_KEY`) we provided:
+using the API URL (`SUPABASE_URL`) and Key (`SUPABASE_PUBLISHABLE_KEY`) we provided:
 
 <Tabs
   scrollable
@@ -86,7 +86,7 @@ using the API URL (`SUPABASE_URL`) and Key (`SUPABASE_ANON_KEY`) we provided:
 ```javascript
 // Initialize the JS client
 import { createClient } from '@supabase/supabase-js'
-const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY)
+const supabase = createClient(SUPABASE_URL, SUPABASE_PUBLISHABLE_KEY)
 
 // Make a request
 const { data: todos, error } = await supabase.from('todos').select('*')
@@ -98,8 +98,8 @@ const { data: todos, error } = await supabase.from('todos').select('*')
 ```bash
 # Append /rest/v1/ to your URL, and then use the table name as the route
 curl '<SUPABASE_URL>/rest/v1/todos' \
--H "apikey: <SUPABASE_ANON_KEY>" \
--H "Authorization: Bearer <SUPABASE_ANON_KEY>"
+-H "apikey: <SUPABASE_PUBLISHABLE_KEY>" \
+-H "Authorization: Bearer <SUPABASE_PUBLISHABLE_KEY>"
 ```
 
 </TabPanel>

diff --git a/apps/docs/content/guides/api/rest/generating-types.mdx b/apps/docs/content/guides/api/rest/generating-types.mdx
@@ -95,7 +95,10 @@ You can supply the type definitions to `supabase-js` like so:
 import { createClient } from '@supabase/supabase-js'
 import { Database } from './database.types'
 
-const supabase = createClient<Database>(process.env.SUPABASE_URL, process.env.SUPABASE_ANON_KEY)
+const supabase = createClient<Database>(
+  process.env.SUPABASE_URL,
+  process.env.SUPABASE_PUBLISHABLE_KEY
+)
 ```
 
 ## Helper types for tables and joins

diff --git a/apps/docs/content/guides/api/using-custom-schemas.mdx b/apps/docs/content/guides/api/using-custom-schemas.mdx
@@ -45,7 +45,9 @@ Now you can access these schemas from data APIs:
 ```js
 // Initialize the JS client
 import { createClient } from '@supabase/supabase-js'
-const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY, { db: { schema: 'myschema' } })
+const supabase = createClient(SUPABASE_URL, SUPABASE_PUBLISHABLE_KEY, {
+  db: { schema: 'myschema' },
+})
 
 // Make a request
 const { data: todos, error } = await supabase.from('todos').select('*')
@@ -81,14 +83,14 @@ final data = await supabase.schema('myschema').from('todos').select();
 
 # for GET or HEAD request use Accept-Profile
 curl '<SUPABASE_URL>/rest/v1/todos' \
-  -H "apikey: <SUPABASE_ANON_KEY>" \
-  -H "Authorization: Bearer <SUPABASE_ANON_KEY>" \
+  -H "apikey: <SUPABASE_PUBLISHABLE_KEY>" \
+  -H "Authorization: Bearer <SUPABASE_PUBLISHABLE_KEY>" \
   -H "Accept-Profile: myschema"
 
 # for POST, PATCH, PUT and DELETE Request use Content-Profile
 curl -X POST '<SUPABASE_URL>/rest/v1/todos' \
-  -H "apikey: <SUPABASE_ANON_KEY>" \
-  -H "Authorization: Bearer <SUPABASE_ANON_KEY>" \
+  -H "apikey: <SUPABASE_PUBLISHABLE_KEY>" \
+  -H "Authorization: Bearer <SUPABASE_PUBLISHABLE_KEY>" \
   -H "Content-Type: application/json" \
   -H "Content-Profile: myschema" \
   -d '{"column_name": "value"}'

diff --git a/apps/docs/content/guides/auth/auth-anonymous.mdx b/apps/docs/content/guides/auth/auth-anonymous.mdx
@@ -57,7 +57,7 @@ Call the [`signInAnonymously()`](/docs/reference/javascript/auth-signinanonymous
 
 ```js
 import { createClient } from '@supabase/supabase-js'
-const supabase = createClient('https://your-project.supabase.co', 'your-anon-key')
+const supabase = createClient('https://your-project.supabase.co', 'sb_publishable_... or anon key')
 
 // ---cut---
 const { data, error } = await supabase.auth.signInAnonymously()
@@ -121,7 +121,7 @@ You can use the [`updateUser()`](/docs/reference/javascript/auth-updateuser) met
 
 ```js
 import { createClient } from '@supabase/supabase-js'
-const supabase = createClient('https://your-project.supabase.co', 'your-anon-key')
+const supabase = createClient('https://your-project.supabase.co', 'sb_publishable_... or anon key')
 
 // ---cut---
 const { data: updateEmailData, error: updateEmailError } = await supabase.auth.updateUser({
@@ -205,7 +205,7 @@ You can use the [`linkIdentity()`](/docs/reference/javascript/auth-linkidentity)
 
 ```js
 import { createClient } from '@supabase/supabase-js'
-const supabase = createClient('https://your-project.supabase.co', 'your-anon-key')
+const supabase = createClient('https://your-project.supabase.co', 'sb_publishable_... or anon key')
 
 // ---cut---
 const { data, error } = await supabase.auth.linkIdentity({ provider: 'google' })

diff --git a/apps/docs/content/guides/auth/auth-email-templates.mdx b/apps/docs/content/guides/auth/auth-email-templates.mdx
@@ -107,7 +107,10 @@ When the user clicks on the link, the request will hit `https://api.example.com/
 
 ```ts
 import { createClient, type EmailOtpType } from '@supabase/supabase-js'
-const supabase = createClient('https://your-project-id.supabase.co', 'your-anon-key')
+const supabase = createClient(
+  'https://your-project-id.supabase.co',
+  'sb_publishable_... or anon key'
+)
 
 // ---cut---
 const { token_hash, type } = Object.fromEntries(new URLSearchParams(window.location.search))

diff --git a/apps/docs/content/guides/auth/auth-helpers/flutter-auth-ui.mdx b/apps/docs/content/guides/auth/auth-helpers/flutter-auth-ui.mdx
@@ -27,7 +27,7 @@ import 'package:supabase_auth_ui/supabase_auth_ui.dart';
 void main() async {
   await Supabase.initialize(
     url: dotenv.get('SUPABASE_URL'),
-    anonKey: dotenv.get('SUPABASE_ANON_KEY'),
+    anonKey: dotenv.get('SUPABASE_PUBLISHABLE_KEY'),
   );
 
   runApp(const MyApp());

diff --git a/apps/docs/content/guides/auth/auth-helpers/nextjs-pages.mdx b/apps/docs/content/guides/auth/auth-helpers/nextjs-pages.mdx
@@ -57,7 +57,7 @@ Retrieve your project URL and anon key in your project's [API settings](https://
 
 ```bash .env.local
 NEXT_PUBLIC_SUPABASE_URL=your-supabase-url
-NEXT_PUBLIC_SUPABASE_ANON_KEY=your-supabase-anon-key
+NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY=your-supabase-publishable-key
 ```
 
 ## Basic setup

diff --git a/apps/docs/content/guides/auth/auth-helpers/nextjs.mdx b/apps/docs/content/guides/auth/auth-helpers/nextjs.mdx
@@ -55,7 +55,7 @@ Retrieve your project's URL and anon key from your [API settings](https://supaba
 
 ```bash .env.local
 NEXT_PUBLIC_SUPABASE_URL=your-supabase-url
-NEXT_PUBLIC_SUPABASE_ANON_KEY=your-supabase-anon-key
+NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY=your-supabase-publishable-key
 ```
 
 ## Managing session with middleware
@@ -1172,7 +1172,7 @@ import { createClient } from '@supabase/supabase-js'
 export default async function Page() {
   const supabase = createClient(
     process.env.NEXT_PUBLIC_SUPABASE_URL,
-    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
+    process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY
   )
 
   const { data } = await supabase.from('todos').select()
@@ -1192,7 +1192,7 @@ import type { Database } from '@/lib/database.types'
 export default async function Page() {
   const supabase = createClient<Database>(
     process.env.NEXT_PUBLIC_SUPABASE_URL!,
-    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
+    process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY!
   )
 
   const { data } = await supabase.from('todos').select()
@@ -1229,7 +1229,7 @@ export async function POST(request) {
 
   const supabase = createClient(
     process.env.NEXT_PUBLIC_SUPABASE_URL,
-    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
+    process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY
   )
 
   const { data } = await supabase.from('todos').insert({ title }).select()
@@ -1252,7 +1252,7 @@ export async function POST(request: Request) {
 
   const supabase = createClient<Database>(
     process.env.NEXT_PUBLIC_SUPABASE_URL!,
-    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
+    process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY!
   )
 
   const { data } = await supabase.from('todos').insert({ title }).select()