SQLite Cloud

OffSync

OffSync is a powerful SQLite Cloud feature that enables true local-first data synchronization for your applications. Powered by the SQLite Sync extension, it allows you to build robust, offline-capable applications where data is stored and processed on edge devices and seamlessly synchronized with a central SQLite Cloud database.

This architecture is ideal for mobile apps, IoT devices, and any application requiring high availability and low latency, even with intermittent network connectivity. By leveraging Conflict-free Replicated Data Types (CRDTs), OffSync ensures that changes made offline are merged automatically and without conflicts when the device reconnects.

How It Works

OffSync extends standard SQLite tables with built-in support for offline work and automatic synchronization. This allows multiple devices to operate independently and then seamlessly merge their changes.

  • Offline-First by Design: Applications work seamlessly even when devices are offline. Changes are queued locally and synced automatically when connectivity is restored.
  • CRDT-Based Conflict Resolution: Merges updates deterministically and efficiently, ensuring eventual consistency across all replicas without complex merge logic.
  • Seamless Integration: The sync layer is tightly integrated with SQLite Cloud, enabling secure data sharing across devices, users, and platforms.

When combined with Row-Level Security (RLS), OffSync allows you to build secure, multi-tenant applications where each user’s data is safely isolated, both on the edge and in the cloud.

Configuring OffSync

You can enable and manage OffSync for your databases directly from the SQLite Cloud dashboard. Select a database from the left panel — the list shows all databases in your project along with their OffSync status. The right panel has four tabs: Database Setup, Client Integration, Devices, and Metrics.

Enabling and Disabling OffSync

When OffSync is not yet active for a database, the right panel shows a brief explanation and an Enable OffSync button. Clicking it opens a confirmation dialog; after confirming, the database is registered with the sync service and the tabbed view appears.

To disable OffSync, click the Disable OffSync button in the top-right corner of the panel and confirm in the dialog that appears.

Database Setup Tab

The Database Setup tab handles the server-side configuration of OffSync. This is where you verify the database connection and choose which tables to synchronize.

Connection Status

A connection card at the top of the tab shows whether the sync service can reach your database. When healthy, it displays the Host, Port, and Database name alongside a green Connected indicator.

If the connection cannot be established, a warning appears with an action button to resolve it:

  • On Supabase self-hosted / PostgreSQL workspaces, click Configure Connection to provide the correct connection credentials via the connection settings sheet. The card also shows an Edit button when the connection is healthy, so you can update the credentials at any time.
  • On SQLite Cloud workspaces, click Restore Connection to automatically regenerate the internal API key used by the sync service.

If the OffSync extension is not detected on the database, a warning is shown with a link to the installation documentation.

Select Tables to Enable OffSync

Below the connection card, you can choose which tables to synchronize. This section is only shown when the connection is healthy. A counter shows how many tables are currently selected (e.g., 1 of 1 selected).

  • Use the Filter tables input to search through large table lists.
  • Check or uncheck individual tables to include or exclude them from synchronization. Tables already registered with the sync service are marked as Enabled.
  • Use Select All / Deselect All to manage the full list at once.

Once you have made your selection, click Deploy Changes (bottom-right of the panel) to apply. From that point on, any writes to those tables via the SQLite Sync extension will be automatically synchronized.

Matching Schemas and Tables

For OffSync to work correctly, the tables you enable for synchronization—and their schemas—must be identical in both your local SQLite database and your SQLite Cloud database.

Client Integration Tab

The Client Integration tab contains everything you need to connect your local application to the cloud database. This includes your Database ID, how authentication works, and how to handle push notifications.

Workspace-specific instructions

The options available in this tab depend on your workspace type. SQLite Cloud workspaces use API keys or access tokens. Supabase self-hosted and PostgreSQL workspaces use database credentials or JWT-based authentication. The relevant options are displayed automatically based on your project.

Database ID

A unique identifier for your OffSync-enabled database. Pass this ID to the SQLite Sync extension in your client application to initialize the sync connection:

SELECT cloudsync_network_init('<database-id>');

Use the Copy button to copy the ID to your clipboard.

Row Level Security (RLS)

RLS controls which data each user can access. Instead of giving clients full access to the database, it ensures each user can only read or modify their own data. Choose one of two modes:

  • No, bypass RLS — Best for trusted environments such as internal tools or server-side clients. The client has full access to all synced tables.
  • Yes, enforce RLS — Best for user-facing apps. Each sync request is tied to a user identity, and access rules are applied automatically.

Your selection here determines how the Authentication section below is configured.

Authentication

The authentication method shown depends on your workspace type and RLS mode selection.

SQLite Cloud workspaces — RLS bypassed (API Key)

Select a User and the corresponding API Key from the dropdowns. The code snippet below updates automatically:

-- 1. Connect to your database
SELECT cloudsync_network_init('<database-id>');

-- 2. Authenticate using API key (full access, no RLS)
SELECT cloudsync_network_set_apikey('<your-api-key>');

SQLite Cloud workspaces — RLS enforced (Access Token)

Authentication is done via a user-scoped access token. Two action cards guide you through the setup:

  • Configure RLS — Links to the RLS page to define which rows each user can access.
  • Generate user access tokens — Links to the Weblite API to generate an access token per user.

Once you have a token, pass it to your client:

-- 1. Connect to your database
SELECT cloudsync_network_init('<database-id>');

-- 2. Authenticate as a specific user (RLS enforced)
SELECT cloudsync_network_set_token('<user-access-token>');

Supabase self-hosted / PostgreSQL workspaces — RLS bypassed (Username & Password)

Connects using your database credentials, giving full access to all synced tables and bypassing Row Level Security. Refer to the quickstart guide shown at the top of the tab for provider-specific instructions.

Supabase self-hosted / PostgreSQL workspaces — RLS enforced (JWT)

To verify users and apply access rules, you must configure a JWT authentication provider. A status card shows the current configuration:

  • Not configured — Users cannot be verified. Click Configure authentication to set up your provider.
  • Configured — Shows the active method (HMAC Secret HS256 or JWKS Issuer Validation). Click Edit to update it.

Refer to the quickstart guide shown at the top of the tab for provider-specific integration instructions.

Push Notifications

Real-time push notifications are active out of the box when using the sqlite-sync-react-native library with push mode enabled.

A status card shows the current Expo Security configuration:

  • Not configured — Standard push notifications are active with no extra security.
  • Configured — An Expo access token has been provided, adding an extra security layer to prevent unauthorized push notifications. The date the token was last updated is also shown.

Use Configure to add a token, Edit to update an existing one, or Delete to remove it.

Devices Tab

The Devices tab lists all devices currently synchronized with the selected database. For each device you can see its Site ID and the timestamp of its Last Sync. Use the Remove button to deregister a device.

Metrics Tab

The Metrics tab provides visibility into usage for your OffSync-enabled database over time:

  • Active devices — number of devices that have synced within the period
  • Upload bytes — data sent from devices to SQLite Cloud
  • Download bytes — data sent from SQLite Cloud to devices

The usage summary at the top of the left panel shows the total data transferred for the current billing period.