Before going live, every layer of the Bicyblex Store stack must be correctly configured — from the two Supabase environment variables Vercel needs to resolve the API connection, to the storage bucket permissions that allow product images to render in the storefront. Skipping any of these steps results in a partially broken production site. Work through the checklist below from top to bottom before announcing the store publicly.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/bicyblex/bicyblexStore/llms.txt
Use this file to discover all available pages before exploring further.
Pre-launch checklist
Environment variables set in Vercel
Both
NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_ANON_KEY must be present in Vercel’s Settings → Environment Variables for the Production environment. Without them, the Supabase client cannot initialise and every page that fetches data will fail at runtime.See the Environment variables reference section below for exactly where to find each value in the Supabase dashboard.Supabase tables created
The storefront and admin dashboard depend on three tables being present in your Supabase project:
products— stores all bicycle and accessory listingscategories— stores the product category taxonomynews— stores blog/news articles shown on the storefront
Categories seeded
The product listing pages expect at least the four default categories to exist in the
Insert these rows in the Supabase Table Editor or via the SQL editor before your first production deploy.
categories table. Without them, the category filter UI will be empty and no products can be assigned to a category in the admin dashboard.The four required category slugs are:| Slug | Display name |
|---|---|
bicicletas | Bicicletas |
bicimotos-electricas | Bicimotos Eléctricas |
kits-electricos | Kits Eléctricos |
accesorios | Accesorios |
Storage buckets set to public
Bicyblex Store uploads product and news images to Supabase Storage. Both buckets must be set to public access so the Next.js frontend can render images without requiring authenticated requests.In the Supabase dashboard, go to Storage, and for each bucket:
- Click the bucket name (
productsornews). - Open Bucket Settings (or the three-dot menu → Edit bucket).
- Toggle Public bucket to enabled.
Admin user created
The Bicyblex Store admin dashboard is protected by Supabase Authentication. At least one user must exist in Authentication → Users before anyone can log in at
/login.To create the first admin user:- Go to Authentication → Users in the Supabase dashboard.
- Click Add user and enter an email address and password.
- The user is created and can immediately log in — no email confirmation required unless you’ve enabled it in Auth settings.
Row Level Security (RLS) configured
By default, newly created Supabase tables have RLS enabled with no policies, which means all queries — including reads from the public storefront — are blocked. You have two options:Option A — Disable RLS (simpler, suitable for a trusted admin-only backend):
In the Table Editor, open each table (Apply equivalent policies to the
products, categories, news) and toggle RLS off.Option B — Add explicit policies (recommended for production):
Add a SELECT policy allowing anonymous reads on all three tables, and restrict INSERT, UPDATE, and DELETE to authenticated users only. This preserves the security benefits of RLS while keeping the public storefront functional.categories and news tables.Environment variables reference
These are the only two environment variables required by Bicyblex Store. Both are prefixed withNEXT_PUBLIC_, which means Next.js 16 will embed them into the client-side bundle at build time.
| Variable | Where to find | Required |
|---|---|---|
NEXT_PUBLIC_SUPABASE_URL | Supabase → Project Settings → API → Project URL | Yes |
NEXT_PUBLIC_SUPABASE_ANON_KEY | Supabase → Project Settings → API → anon public | Yes |
The
NEXT_PUBLIC_ prefix makes these variables visible in the browser bundle — they are intentionally not secret. The Supabase anon key is designed to be exposed in client-side code. The real security boundary is Row Level Security in your Supabase project, which controls what unauthenticated and authenticated callers can actually read or modify.Supabase project settings for production
Once the environment variables are in place, review the following Auth and project settings in the Supabase dashboard before going live: Site URL Set the correct Site URL under Authentication → URL Configuration. For the live deployment this should be:Switching between environments
For local development, create a.env.local file in the project root (this file is gitignored and will never be committed):
.env.local
.env files are deployed to or read from the Vercel runtime.
If your team is actively developing new features, consider maintaining two separate Supabase projects — one for development and one for production. This prevents test data, schema migrations in progress, or RLS experiments from affecting the live storefront. Simply point .env.local at the development project and Vercel’s Production environment variables at the production project.
