Hi there,
We're reaching out because one or more of your Supabase projects have recently made requests to the Data API root endpoint (/rest/v1/ ) using the anon key.
Starting April 8th 2026, we will be removing anon key access to this endpoint as part of an ongoing effort to tighten default security across Supabase.
Normal Data API usage, i.e. querying tables via /rest/v1/your_table or via any Supabase client library is not affected.
Full details, including recommended remediation steps and the rollout timeline, are available here:
https://github.com/orgs/supabase/discussions/42949
Not sure if you're affected?
You can check the logs for each project in your dashboard, a shortcut to which is here: https://supabase.com/dashboard/project/_/logs/edge-logs?s=/rest/v1/
If none of your applications rely on the anon key to fetch the OpenAPI schema spec, you can safely disregard this message. No action is needed and your projects will continue to work as normal.
Best regards, The Supabase Team
The user received an email about upcoming security changes affecting anon key access to the Data API root endpoint. Starting April 8th, 2026, anon key access will be removed to enhance security. The email provides details on checking project logs and confirms that normal Data API usage is unaffected.
Which part do you need explained? the email explains pretty much what the aim is.