Deploy and Manage Edge Functions for Server-Side Processing
The Global Administrator deploys Edge Functions for operations requiring secure credential access: encrypted assignment dispatch (requiring encryption keys), Bufdir API calls (requiring organization-level API tokens), accounting system webhooks (Xledger, Dynamics), and referral link generation. Functions are written in TypeScript/Deno and deployed via supabase functions deploy. The admin manages function-level secrets, monitors invocation logs, and handles deployments across environments.
User Story
Acceptance Criteria
- Given a new Edge Function is developed, when the admin runs supabase functions deploy, then the function is available at the expected endpoint in the target environment
- Given an Edge Function requires a secret API key, when the admin sets the secret via supabase secrets set, then the key is accessible to the function at runtime but not exposed to mobile clients
- Given an Edge Function is invoked, when the admin reviews function logs, then request/response details, execution time, and any errors are visible in Supabase dashboard
- Given a function deployment fails, when the admin checks deploy status, then the previous version continues serving requests and the failure reason is clearly reported
- Given multiple functions are deployed across environments, when the admin lists deployed functions, then each environment shows its own function versions with deployment timestamps
Business Value
Edge Functions enable the security architecture for sensitive operations. Without server-side execution, the mobile app would need direct API keys for Bufdir, accounting systems, and encryption infrastructure — exposing credentials that could be extracted from the app bundle. Edge Functions also enable the auto-reminder cron jobs (10-day assignment follow-up for Blindeforbundet) and referral link generation that require reliable server-side scheduling.
Components
- Edge Functions infrastructure
- Supabase Platform infrastructure