What it does
Same flow as Firebase: poll the auth users endpoint on an interval, find users whose created_at is newer than the last sync, run the configured actions per new user.
Get the credentials
- Supabase Dashboard → Project Settings → API.
- Copy the Project URL (e.g.
https://abcdefgh.supabase.co). - Scroll down to Service role secret. Copy the JWT — NOT the anon key. The service-role key bypasses RLS and is required for
/auth/v1/admin/users.
Configure
Brand → Integrations → Connect Supabase. Paste:
- Project URL — pasted as-is.
- Service-role key — encrypted at rest.
Tick actions (welcome email, add to contacts), pick interval, save.
Service-role key is a master key
It bypasses Row Level Security. Treat it as a top-secret credential — Maillayer encrypts it with AES-256-GCM, but if your AUTH_SECRET leaks, this key is one of the most valuable things in the box.
Endpoint Maillayer hits
GET <project-url>/auth/v1/admin/users
Headers:
apikey: <service-role-key>
Authorization: Bearer <service-role-key>Returns users in pages of 1000. Maillayer paginates through up to 50 pages, then bumps last_synced_at to the latest created_at seen.