The autogenerated Data API docs listed every table and database function
from the PostgREST OpenAPI spec, even ones that aren't actually
accessible via the Data API (i.e. with grants revoked). This filters the
docs down to only the entities that are exposed, and surfaces a count of
the excluded ones with a link to enable them.
This applies to **both** autogenerated docs surfaces:
- the **API Docs side panel** (the slide-over opened from the API docs
button), and
- the **full-page Data API docs** at `/integrations/data_api/docs`.
<img width="259" height="272" alt="Screenshot 2026-06-01 at 5 48 21 PM"
src="https://github.com/user-attachments/assets/d2af86f2-5436-4e94-8295-83ecc74a77d9"
/>
**Changed:**
- Both docs UIs now only list tables and functions that have Data API
access (any `anon`/`authenticated`/`service_role` grant). Fully-revoked
entities are hidden.
- Side panel: both the sidebar list and the drilled-in resource picker
are filtered.
- Full page: the menu's Tables/Functions groups are filtered, with a
footer note under each.
**Added:**
- A footer under each list — "N table(s)/function(s) not exposed via
**Data API**" — linking to Data API settings
(`/integrations/data_api/settings`) so the entity can be granted access.
- One-shot `useExposedTablesQuery` / `useExposedFunctionsQuery` hooks
reusing the same granted/custom/revoked SQL as the Data API settings
page (no new SQL).
- Pure, unit-tested `partitionExposedDocsEntities()` helper (fails open
if grant status hasn't loaded / errors, so docs are never blanked).
- Optional `footer` slot on `ProductMenuGroup` (rendered by `DocsMenu`)
so the full-page menu can show the not-exposed note under a group.
**Note on the "all" queries:** the new `useExposedTablesQuery` /
`useExposedFunctionsQuery` fetch the full grant-status list in a single
request (rather than paginating like the Data API settings page does).
This is deliberate — the docs sections aren't paginated and render every
entity from the OpenAPI spec at once, so we need the complete status set
to cross-reference against. Ideally we'd refactor the docs to be
paginated in future, at which point these queries should move to a
paginated approach too; until then, the one-shot "all" fetch is what
matches the current (unpaginated) docs behavior.
## To test
- On a project, revoke a `public` table's Data API access (Data API
settings → uncheck it)
- Open the **full-page** docs at `/integrations/data_api/docs`: the
table should no longer appear under Tables and Views, and you should see
"1 table not exposed via Data API" under that menu group
- Open the **API Docs side panel** and expand Tables and Views: same
behavior
- Click the "Data API" link → goes to Data API settings (closes the side
panel if open)
- Same for a database function under Functions
- Tables/functions that are still granted (or have custom/partial
grants) should remain visible
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Data API docs now reflect actual exposure: tables/functions not
exposed by permissions are hidden and counted.
* Sections display footer indicators with counts of hidden entities and
links to Data API settings.
* Navigation lists and docs menu updated to show only exposed entities
and the new "not exposed" cues.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Replaces "stored procedures" with "functions" for everything related to
the Data API.
## Additional context
It's not accurate to call database functions "stored procedures". It may
have been that way before Postgres 11, but now it causes confusion
because PostgREST allows functions and not stored procedures.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Standardized terminology across docs, SDK guides, CLI/config specs,
examples, UI, and config comments to use "database functions" instead of
"stored procedures".
* Updated API docs, CLI/config descriptions, Studio UI labels, help
text, empty-state and navigation copy, RPC documentation, and example
text for consistency.
* Adjusted explanatory text and error/help messages to reflect the
revised terminology.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Feature / Refactor
## What is the current behavior?
Data API docs live at the `/api` route as a standalone page. Old links
point to the previous location.
## What is the new behavior?
Data API docs are moved to the integrations section with a dedicated
docs tab and settings tab. Old links are cleaned up, a mobile menu is
added for data API docs navigation, and minor code review fixes are
applied.
## Additional context
Resolves FE-2517
## Summary by CodeRabbit
* **New Features**
* Revamped API docs UI with reusable section layout, language toggle
(JS/Bash), API key selection, and improved code snippets
* Added Data API docs tab, mobile navigation, and dedicated
loading/error/disabled states
* **Navigation Updates**
* Moved API docs and related links into the Integrations/Data API area
and added redirects to new routes
* Updated various internal links to the new Data API settings and
overview locations
* **Tests**
* Added comprehensive unit tests for Data API utilities
* Update Supabase docs URLs to use env variable
Co-authored-by: a <a@alaisteryoung.com>
* Refactor: Use DOCS_URL constant for documentation links
This change centralizes documentation links using a new DOCS_URL constant, improving maintainability and consistency.
Co-authored-by: a <a@alaisteryoung.com>
* Refactor: Use DOCS_URL constant for all documentation links
This change replaces hardcoded documentation URLs with a centralized constant, improving maintainability and consistency.
Co-authored-by: a <a@alaisteryoung.com>
* replace more instances
* ci: Autofix updates from GitHub workflow
* remaining instances
* fix duplicate useRouter
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: alaister <10985857+alaister@users.noreply.github.com>
* Add lucide-react to docs (to make the autocomplete work).
* Migrate the docs app icons.
* Migrate the ui-patterns.
* Remove the old icons from ui package.
* Migrate the www app from react-feather icons.
* Migrate all of studio icons.
* Migrate the only component in design-system.
* Fix an old import in ui package. Revert an import in docs app.
* Fix some pages in www.
* Remove unneeded files used in generation of icons.
* Fix a prettier error.
* Fix more issues in www.
* Fix an issue in Log Date picker.
* Replace all string sizes with number sizes because the icons grew in some cases.
* Fix more imports in security page.
* Fix an extra import.
* Remove the size prop from all icons if they're in a button and they match the button size.
* Minor fixes for docs and www.
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Move all studio files from /studio to /apps/studio.
* Move studio specific prettier ignores.
* Fix the ui references from studio.
* Fix the css imports.
* Fix all package.json issues.
* Fix the prettier setup for the studio app.
* Add .turbo folder to prettierignore.
* Fix the github workflows.
