If you are looking for Hasura or Supabase alternatives, you have come to the right place. Hasura and Supabase are designed to deliver a functional backend with flexible support for mobile app development. Supabase positions the brand as an alternative to Firebase. It is possible to argue that Supabase looks more like Hasura. All in all, you might find an even better solution in AISTA.
Supabase started its history two years ago with a colossal marketing setup. Its team likes to refer to themselves as “The Open Source Firebase alternative,” but Supabase is not very similar to Firebase. Yes, Supabase delivers similar features to Firebase for developers needing backend services for building an iOS, Android, or Web app product – But that’s where the similarities stop. Where Google’s Firebase uses a native Realtime Database, Supabase runs on a relational database like Hasura, specifically PostgreSQL.
Supabase provides backend services for launching a fully-functional mobile app, including a Postgres database, file storage, authentication, and auto-generated APIs.
Depending upon your needs, you can use these services together or pick and choose from the list. In the end, Supabase is a scalable platform to support application development. It’s not as popular as Firebase but more known than Hasura, and it still needs a setup. In a few years, SupaBase has grown a lot in popularity, a lot of the reason being its community, good documentation, and substantial marketing budgets.
Both Supabase vs Hasura have VC funding of more than 100 million dollars. Notice, for PostgreSQL specifically, there’s also PostgREST which is an open source component anyone can easily download to replace Supabase entirely, arguably. Until recently, Supabase marketed itself as “Having PostgREST support out of the box.” Why they recently removed these parts from their website can only be speculations from our side.
Still, we assume it must have been difficult to market a service anyone could easily replace by downloading two free and open source components and installing them onto their own VPS; PostgreSQL and PostgREST. They might also have removed PostgREST from their platform and replaced it with their own internally developed alternative without us being able to tell.
While SupaBase tries to become an alternative to Firebase, Hasura is still looking for its unique position. Hasura is marketing itself with messages such as “instant, real-time GraphQL API engine,” which helps you build applications quickly, eliminating the need for an API. If efficiency is the game’s name, Hasura is a top contender thanks to its focus on modernity, speed, and uniformity. Developers who feel comfortable testing something new, including terminology, will find Hasura an acceptable solution. Hasura provides high-quality documentation, and Hasura is easy to grasp. You can work with Hasura out of the box and learn as you go. But if you need help, we in Coderfy or our “mothership” AISTA would happily guide you in your decision-making process regarding the platform to choose.
However, early testers of Hasura, despite the positive feedback about the platform, have some doubts about using Hasura in commercial projects. First of all, the traction is even less than that of Supabase.
Secondly, many security and architectural concerns are related to offloading the burden of what data to return from your servers to the client. This concern that both Supbase and Hasura have in common, so it’s difficult to argue which one is better. So, is it a choice between Hasura vs. Supabase, or do some services exist that can be even more universal? Let’s see how the contestants are stacking up.
However, it’s worth noting that Supabase, when promoting itself as a Firebase alternative, has chosen Postgres, while at the same time, Firebase is based on a NoSQL database.
Supabase claims that users of Firebase face many challenges when handling massive databases, and Postgres provides unmatched scalability. Supabase has a built-in SQL engine, so you can quickly get SQL developers to write queries if you’re working with an extensive database.
Hasura, on the other hand, does not limit its usage to PostgreSQL. Although Hasura supports Postgres, they also have support for Big Query and SQL Server.
Additionally, they promise future support for Elastic, MongoDB, MySQL, and Oracle. Hasura provides more flexibility, but Supabase helps you create better applications, avoiding complexities. You will see in their FAQs that they do not intend to support other databases, although they offer users the option to submit a vote for consideration.
Supabase handles authentication on the platform. The internal authentication constructs built into Postgres will handle authentication, and Supabase allows developers to use the box method to integrate authentication services into their interface easily. With an API key and URL, developers can quickly add authentication to their client application using Supabase. You can also use OAuth from several providers, including Apple, Google, Slack, and others
Meanwhile, Hasura does not handle authentication “internally”. Instead, it forwards this to some other service. This might result in that authentication in Hasura becoming more complex, also in need of manual coding, and/or needing additional components besides components provided by their platform.
Hasura also uses GraphQL and offers two options for authenticating requests. The first option is to open a webhook on the authentication server, which means Hasura sends a request to the server. After collecting the relevant metadata to determine whether access should be granted, the traffic is directed to the database. This, of course, significantly increases network traffic since the authorization process is not internal and might result in a much slower application as you retrieve data from your database.
Another option is using JWT (JSON Web Token) in Hasura. With this process, your authentication server will issue a JWT to the client application, which the GraphQL engine will decode. This mechanism will check the metadata in the JWT with each request to determine if it is valid. Ignoring that the webhook solution increases network traffic, resulting in higher latency for the end product.
At the same time, Postgres authentication isn’t as useful when accessing other things besides your database records, and there is no right or wrong answer in this case
The most significant difference when comparing Hasura and Supabase becomes apparent when you visit the project dashboards: Supabase does not use GraphQL and Hasura uses it.
Based on the marketing, GraphQL is the main benefit of Hasura, which is great for developers who want to use it. Since Facebook released GraphQL in 2015, it’s steadily gained traction, but it’s not necessarily the “best” query language for your APIs. The decision to use GraphQL comes down to several components. If you have some doubts about using these for your business, our team of experts can help you.
GraphQL's idea is to improve performance by returning only the necessary data. Using GraphQL, a developer can get data from different sources with one API call, reducing the burden on your technology stack, like low-code technology. SupaBase vs Hasura continues...
However, there are many security concerns with using GraphQL, especially when it is being used as a thin virtual layer on top of the database, as Hasura is doing. For instance, if the client decides what data to retrieve, it is easy to imagine a malicious client becoming able to ask for data it should not have access to, yet still have the server happily return that data to the client. This becomes a primary security concern as your data sensitivity increases and the complexity of your app grows. Having the client retrieve data according to its needs also means that business logic has to be implemented on the client.
Both of the above concerns are "anti patterns," resulting in less secure end results, and less maintainable code. So even though Hasura might give you some benefits during the initial development of your project, over time, the task becomes more challenging to maintain and probably much less secure. Even with the emphasis on speed, it's still a simple and deployable solution.
You can be a fan of GraphQL and prefer Hasura or not - or look towards Supabase. However, regardless of which of these two vendors you choose, they suffer from the above concerns, where too much work and responsibilities are being offloaded to the client frontend, resulting in a whole range of anti-patterns and security concerns.
The Supabase vs Hasura debate won't end anytime soon, especially as GraphQL gains a broader user base and both platforms continue to evolve with new features. Both platforms are good, assuming you understand the concerns and what you are signing up for. One similarity in the Hasura vs. Supabase debate is that neither has yet hit the mainstream. Both are well-documented and supported by enthusiast developers. So, they're worth keeping an eye on even if you're not ready to use them in your projects just yet, even though both technology stacks are immature and "work in progress." With this in mind, we know how important it is to choose the proper support for your applications. At Coderfy, we're committed to helping developers achieve the best performance for theirs.
AISTA is a much more complete platform than both Supabase vs Hasura. AISTA comes with authentication out of the box and an internal user management system, giving you high-level GUI components to administrate your users. The internals of authentication and authorization in AISTA is JWT, so there are no differences here between AISTA, Hasura and Supabase. You can still intercept authentication and/or create your own authentication mechanism, forwarding the authentication to your existing in-house single sign on system (SSO). AISTA is not using GraphQL, or any other client-side technology that allows the client to declare what queries to transmit to the backend. This of course, results in more secure solutions, with less room for malicious “business logic injections”. In addition, the business logic of your application stays on the server, resulting in more maintainable code in the long run.
A handy thing for writing small projects. Real-Time RestAPI generated from the database. This utility can be integrated into the client part, which makes it possible to work with the database almost directly. It is possible to create storage for storing files.
Does not generate Rest API. Hasura allows you to create models for GraphQL queries from the client. That is, when this thing is connected, we can immediately make requests for backing on the client. Both Supabase and Hasura force you to write business logic in the client instead of on the server. This is generally considered an anti-pattern, opening up your app for a whole range of security concerns and maintainability issues.
Where Supabase and Hasura allow you to access your SQL databases, AISTA allows you to do “everything” due to it being built on top of Hyperlambda. Unless Hasura or Supabase provides specific plugins for what you want to do, there is no way you can do it using their services. With AISTA you can build everything AISTA does not give you, and such never be stuck due to missing some crucial feature, such as sending emails as some endpoint is invoked, logging to the database, publishing web socket messages to transmit data back to the client, etc. The disadvantage of AISTA is that you have to learn Hyperlambda :-).
Both Supabase’s, Hasura’s, and AISTA’s value proposition is for the most part, built on top of existing open source components, which anyone can download and easily install on their own VPS machines; GraphQL, PostgreSQL, and PostgREST. The difference is that AISTA owns Aista Magic Cloud’s intellectual property, while Supabase and Hasura do not own their intellectual property. This has also contributed to that both companies have almost 100 “alternatives to” their value proposition. It is probably easy to set up your own GraphQL or PostgREST server and simply implement your own alternative to both of these products. Below are all alternatives to both products:
However, every single GraphQL service provider out there, and hundreds of these, are probably delivering more or less the same as Hasura, while replacing Supabase is easily achieved by installing PostgreSQL and PostgREST on your own servers.