Skip to main content
Every Powabase project surfaces all of its connection details in one place: the Connect modal in the Studio. It gives you the Project URL, both API keys (Anon and Service Role), the JWT Secret, the Database URL, and ready-to-paste Postgres connection strings in nine driver formats. Open it once, copy what you need, and you’re ready to call any part of the platform.

Open the Connect modal

In the Studio at app.powabase.ai, click the Connect button in the top-right of your project header.
Powabase Studio header with the Connect button highlighted in the top-right corner
The dialog has two tabs. API Keys lists everything you need to authenticate HTTP and Postgres clients. Connection Strings ships pre-filled snippets for psql, the generic URI, Node.js (pg), Python (psycopg2), Go (database/sql), JDBC, .NET, PHP, and SQLAlchemy — nine in all. Copy buttons sit next to every value, and secret fields hide by default — click the eye icon to reveal.
Connect to your project modal, API Keys tab. Shows Project URL, Anon (Publishable) Key, and three masked fields: Service Role (Secret) Key, JWT Secret, and Database URL.
You can also open the modal by appending ?showConnect=true to any project URL — handy for deep-linking from internal docs.

What’s in the modal, and where to use each value

FieldUse it forSafe to ship to clients?
Project URLThe BASE_URL for every HTTP call — /api/*, /rest/v1/*, /auth/*, /storage/*Yes
Anon (Publishable) KeyClient-side calls to PostgREST and Storage that respect Row Level SecurityYes
Service Role (Secret) KeyServer-side calls to /api/* (AI surface) and any RLS-bypassing PostgREST accessNo — server only
JWT SecretVerifying user-signed JWTs on your own backendNo — server only
Database URLDirect Postgres access (psql, migrations, ORMs, BI tools)No — server only
The rest of this guide uses the Service Role (Secret) Key as API_KEY — it authenticates every endpoint under /api/*, which is what most of the platform docs assume.
Never expose the Service Role key, JWT Secret, or Database URL to a browser, mobile app, or any environment outside your control. The Anon key is the only field in the modal safe to bundle into a client.

Use it from code

1

Set your Base URL and headers

Every request to /api/* and /rest/v1/* needs both an apikey header and an Authorization: Bearer header, set to the same key. Use the Service Role (Secret) Key for /api/* and server-side PostgREST.Endpoint: Headers: apikey + Authorization
Sending only one of the two headers is the most common cause of 401 errors — PostgREST and Kong both reject the request.
import requests

BASE_URL = "{BASE_URL}"   # Connect modal -> Project URL
API_KEY = "{API_KEY}"     # Connect modal -> Service Role (Secret) Key

headers = {
    "apikey": API_KEY,
    "Authorization": f"Bearer {API_KEY}",
    "Content-Type": "application/json",
}
2

Verify your setup

Hit a cheap, idempotent endpoint to confirm the credentials work end-to-end. An empty array and a populated array both count as success.Endpoint: GET /api/agents
response = requests.get(
    f"{BASE_URL}/api/agents",
    headers=headers,
)
print(response.json())
Response:
{
  "agents": [
    {
      "id": "uuid-here",
      "name": "My Agent",
      "model": "gpt-4o",
      "created_at": "2026-01-01T00:00:00Z"
    }
  ],
  "total": 1,
  "limit": 50,
  "offset": 0
}
3

Connect directly to Postgres (optional)

For migrations, dashboards, ORMs, or any tool that speaks the Postgres wire protocol, grab the Database URL from the API Keys tab — or open the Connection Strings tab and copy a pre-built snippet in your language. Use this from servers and trusted environments only.Endpoint: Postgres wire protocol
The Database URL embeds the database password in cleartext. Treat it like the Service Role key: never commit it, never expose it client-side, and rotate the database password (Studio → Settings → Database) if it leaks.
# Python (psycopg2) — from Connection Strings -> Python
import psycopg2

conn = psycopg2.connect("{POSTGRES_URL}")  # Database URL from the Connect modal
with conn.cursor() as cur:
    cur.execute("select count(*) from public.users")
    print(cur.fetchone())

What’s Next

Quickstart

Build an end-to-end RAG agent in 5 minutes.

Database Access

AI schema vs public schema, plus PostgREST and direct Postgres usage.

Architecture

How Kong routes /api/, /rest/v1/, /auth/, and /storage/ to your project’s stack.