-
Notifications
You must be signed in to change notification settings - Fork 0
Week 09 ‐ Devlog
We are building and testing one table at a time, make sure we can isolate any issues. Starting with profiles, let's GET our own profile:
REQUEST #1: GET own profile:
-
Name:
Profiles: Get Own - Method: GET
-
URL:
{{baseUrl}}/rest/v1/profiles?id=eq.{{userId}} -
Headers:
Accept: application/json
200 Status Code received and the profile row contained the display name and other fields. Profile returned correctly. Note the UUID, this is the real auth user created through Supabase, different from the manually seeded ones.
display_name is null because this profile was auto-created by the handle_new_user trigger when you signed up. The trigger fired and created the row with just the UUID, which is exactly what it's supposed to do.
REQUEST #2: PATCH display_name:
-
Name:
Profiles: Update Display Name - Method: PATCH
-
URL:
{{baseUrl}}/rest/v1/profiles?id=eq.{{userId}} -
Headers:
Content-Type: application/json,Prefer: return=representation - Body (raw JSON):
{
"display_name": "Rae"
}
After adding a custom header with the prefer key, we are able to run it and confirm that:
-
display_nameis now"Rae" -
updated_atchanged from09:46to10:12- theupdate_updated_attrigger fired automatically
The trigger is working through the API, so we can work on spaces.
REQUEST #3: POST new space:
-
Name:
Spaces: Create - Method: POST
-
URL:
{{baseUrl}}/rest/v1/spaces -
Headers:
Content-Type: application/json,Prefer: return=representation - Body (raw JSON):
{
"user_id": "{{userId}}",
"name": "Rooftop Garden",
"space_type": "outdoor",
"description": "Container beds on the roof"
}
When adding the spaceId to the environmental variables, Postman detected the accessToken JWT as a Supabase service role key and although they look similar, they are not the same. This can be dismissed and ensure that you do not click 'Secure All' because it will move the value to the vault and this will break the post-response script. This is because it will auto-update after each sign-in.
REQUEST #4: GET spaces:
-
Name:
Spaces: Get All - Method: GET
-
URL:
{{baseUrl}}/rest/v1/spaces?user_id=eq.{{userId}} -
Headers:
Accept: application/json
REQUEST #5: PATCH space name:
-
Name:
Spaces: Update Name - Method: PATCH
-
URL:
{{baseUrl}}/rest/v1/spaces?id=eq.{{spaceId}} -
Headers:
Content-Type: application/json,Prefer: return=representation - Body (raw JSON):
{
"name": "Rooftop Garden 2026"
}
REQUEST #6: POST new plant:
-
Name:
Plants: Create - Method: POST
-
URL:
{{baseUrl}}/rest/v1/plants -
Headers:
Content-Type: application/json,Prefer: return=representation - Body (raw JSON):
{
"space_id": "{{spaceId}}",
"user_id": "{{userId}}",
"common_name": "Pepper",
"variety": "Jalapeño",
"planted_date": "2026-06-14",
"current_stage": "seedling"
}
REQUEST #7: GET plants by space:
-
Name:
Plants: Get by Space - Method: GET
-
URL:
{{baseUrl}}/rest/v1/plants?space_id=eq.{{spaceId}} -
Headers:
Accept: application/json
REQUEST #8: PATCH plant growth stage:
-
Name:
Plants: Update Stage - Method: PATCH
-
URL:
{{baseUrl}}/rest/v1/plants?id=eq.{{plantId}} -
Headers:
Content-Type: application/json,Prefer: return=representation - Body (raw JSON):
{
"current_stage": "vegetative"
}
REQUEST #9: POST new data log:
-
Name:
Data Logs: Create - Method: POST
-
URL:
{{baseUrl}}/rest/v1/data_logs -
Headers:
Content-Type: application/json,Prefer: return=representation - Body (raw JSON):
{
"plant_id": "{{plantId}}",
"user_id": "{{userId}}",
"metric_type": "ph",
"value": 6.5,
"unit": "pH",
"notes": "Morning reading"
}
REQUEST #10: GET logs by plant:
-
Name:
Data Logs: Get by Plant - Method: GET
-
URL:
{{baseUrl}}/rest/v1/data_logs?plant_id=eq.{{plantId}} -
Headers:
Accept: application/json
REQUEST #11: PATCH data log (should be blocked):
-
Name:
Data Logs: PATCH (append-only proof) - Method: PATCH
-
URL:
{{baseUrl}}/rest/v1/data_logs?id=eq.9cb521d1-96af-4905-a6c8-2cf0111b4a4f -
Headers:
Content-Type: application/json,Prefer: return=representation - Body (raw JSON):
{
"value": 99.9
}
Returns code 200 with an empty array as expected.
REQUEST #12: POST new task:
-
Name:
Tasks: Create - Method: POST
-
URL:
{{baseUrl}}/rest/v1/tasks -
Headers:
Content-Type: application/json,Prefer: return=representation - Body (raw JSON):
{
"space_id": "{{spaceId}}",
"user_id": "{{userId}}",
"plant_id": "{{plantId}}",
"title": "Water the pepper",
"due_date": "2026-06-15",
"status": "pending"
}
REQUEST #13: GET tasks:
-
Name:
Tasks: Get All - Method: GET
-
URL:
{{baseUrl}}/rest/v1/tasks?user_id=eq.{{userId}} -
Headers:
Accept: application/json
REQUEST #14: PATCH task status to complete:
-
Name:
Tasks: Complete (trigger verification) - Method: PATCH
-
URL:
{{baseUrl}}/rest/v1/tasks?id=eq.0d09be0b-59e4-450e-8054-abf864ef6e85 -
Headers:
Content-Type: application/json,Prefer: return=representation - Body (raw JSON):
{
"status": "complete"
}
-
statuschanged tocomplete -
completed_atset to2026-06-14T11:10:59— set by the trigger, not sent by the client -
updated_atupdated automatically by theupdate_updated_attrigger
- https://github.com/givecoffee/firstfrostmvp/tree/api%2F15-postman-crud
- https://github.com/givecoffee/firstfrostmvp/tree/16-rls-cross-user-test
- https://github.com/givecoffee/firstfrostmvp/pull/32
- https://github.com/givecoffee/firstfrostmvp/pull/37
- All 14 CRUD requests verified across five tables - triggers firing on every PATCH
-
completed_atset automatically on task completion - the data_logs append-only policy confirmed returning 200 with an empty array on PATCH
GET own userId
PATCH displayname
POST spaces
GET spacesAll
PATCH spaces update name
POST plants create
GET plants by space
PATCH plant stage
POST new log
GET logs by plant
POST new task
GET all tasks
PATCH task status complete