Does Lovable have a backend?

Lovable does not include a dedicated backend runtime. It generates a React frontend and can scaffold Supabase configuration as part of a project, but compute logic, custom business rules, and API routes that go beyond what Supabase provides require a separate backend — Next.js API routes, Express, or a similar server.

How do I add a backend to a Lovable app?

The two most common paths are Supabase and a custom API. For Supabase, Lovable can scaffold the tables and RLS policies directly. For custom logic — payments, third-party integrations, complex auth — you add a Next.js or Express backend and point Lovable's fetch calls at it. The main challenge either way is keeping the API shapes Lovable expects in sync with what the backend actually provides.

What is the Lovable Supabase integration?

Lovable has first-party Supabase support: it can generate SQL migrations, RLS policies, and the Supabase JS client calls needed to read and write data. It works well for CRUD-heavy apps. Where it falls short is custom business logic, complex auth flows, or third-party webhooks — those require compute Supabase alone does not provide.

Why are my Lovable API calls not working?

The most common causes are: the endpoint the Lovable frontend calls does not exist in the backend yet; the response shape the frontend expects does not match what the backend returns; or auth is not wired — Lovable may send an Authorization header the backend is not validating or may omit one the backend requires. Running a contract scan with AppHandoff surfaces all three in a single report.

Can Lovable connect to a custom API?

Yes. Lovable generates standard fetch calls and can be prompted to target any base URL you configure via an environment variable. The challenge is not connectivity — it is contract drift. Lovable assumes specific endpoint paths, HTTP methods, and response shapes when it generates code. If your custom API diverges from those assumptions, the calls fail silently or return unexpected data. AppHandoff scans both sides and surfaces every mismatch as a ticket.

Adding a Real Backend to Your Lovable App

TutorialLovableBackend

Lovable is fast. You describe a feature, it writes the React components, hooks the state together, and commits the code. What it also does — quietly, automatically — is generate fetch() calls to endpoints it assumes exist. POST /api/projects. GET /api/users/me. DELETE /api/orders/:id. Those calls are in the code the moment Lovable writes them. Whether anything answers on the other end is your problem.

That gap between "frontend calls an endpoint" and "an endpoint exists" is the canonical Lovable production problem. This guide covers how to close it: the two main backend options, why mismatches happen, and how to stay in sync as Lovable keeps iterating.

What Lovable generates — and what it assumes

When Lovable adds a feature that needs data, it writes frontend code that already knows what the backend looks like — even if no backend has been written yet. Fetch calls with assumed endpoints. Lovable generates calls like fetch('/api/orders') or axios.post('/api/auth/signup', payload). The path, the HTTP method, and the request body shape are all assumed. If you later build a backend that uses POST /api/users/register instead of POST /api/auth/signup, every call fails.

Assumed response shapes. Lovable writes TypeScript interfaces for what it expects back. A dashboard might assume { user: { id, name, avatar_url, plan } }. If your backend returns { id, email }, the avatar and plan fields are undefined at runtime. Mock data as a trap. Lovable sometimes scaffolds with hardcoded placeholder arrays so the UI renders during prototyping. Those mocks are easy to miss once the real data layer is in place.

// What Lovable generates:
const { data } = await supabase
  .from('projects')
  .select('id, name, members(*), billing_status')

// What your Supabase table actually has:
// id, name, created_at, owner_id
// (no members join, no billing_status column)

// Runtime result: data is null or partial. No compile error.

Option A: Supabase as your backend

Supabase is the most common Lovable backend. When you prompt Lovable to add persistence, it generates a Supabase table definition, an RLS policy, and the JS client calls needed to read and write data — all in one shot. Your Supabase project has a PostgreSQL database behind it. The Supabase JS client talks to it over PostgREST — no custom server involved.

# .env (or Lovable environment settings)
VITE_SUPABASE_URL=https://your-project.supabase.co
VITE_SUPABASE_ANON_KEY=your-anon-key

# In generated code:
const supabase = createClient(
  import.meta.env.VITE_SUPABASE_URL,
  import.meta.env.VITE_SUPABASE_ANON_KEY
)

When this is enough. Supabase covers most CRUD-heavy SaaS apps: user accounts, project data, file storage, real-time updates. The PostgREST query layer handles filtering, pagination, and joins without custom code. When it isn't. Supabase has no compute layer for complex business logic. Stripe webhooks, multi-step onboarding flows, third-party API calls that need secrets — those need Edge Functions at minimum, or a proper backend.

Option B: Custom API routes

When you need compute logic beyond what Supabase provides, you need a server. The two most common choices for Lovable projects are Next.js API routes and Express. Both expose REST endpoints your Lovable frontend can call.

// app/api/orders/route.ts (Next.js App Router)
export async function GET(request: Request) {
  const orders = await db.orders.findMany({ where: { userId: session.user.id } })
  return Response.json({ orders })
}

export async function POST(request: Request) {
  const body = await request.json()
  const order = await db.orders.create({ data: body })
  return Response.json({ order }, { status: 201 })
}

The tradeoff is mostly about team boundaries. One repo with Next.js API routes is faster to get started. Two repos — Lovable frontend, separate backend — are more realistic once multiple people or multiple agents are working on each side independently. The contract drift problem gets worse as the repos diverge.

The mismatch problem

Here's the real challenge. Lovable writes frontend code quickly and makes specific assumptions. Your backend gets built separately and makes different assumptions. The two sides agree at the moment you wire them up, then slowly drift as each evolves.

The most common mismatches from the mismatch detection scan: missing endpoints (Lovable called a route that was never built); wrong response structure (the backend returns different field names or nesting); auth not wired (protected endpoints receiving calls without the expected auth header); enum mismatches (Lovable sends "active", the DB column accepts "ACTIVE").

# What the scanner surfaces

CRITICAL:
  POST /api/projects       → endpoint missing in backend
  GET  /api/users/me       → endpoint missing in backend

HIGH:
  GET /api/orders          → FE expects { orders: Order[] }
                             BE returns { data: OrderRow[] }
MEDIUM:
  PATCH /api/orders/:id    → FE sends Authorization header
                             BE route has no auth middleware
LOW:
  status field             → FE sends 'active' | 'paused'
                             BE column type is 'ACTIVE' | 'PAUSED'

How AppHandoff closes the gap

AppHandoff connects both repos — your Lovable frontend and your backend — and scans them together. It extracts what the frontend expects and what the backend provides, then diffs them. Every discrepancy becomes a ticket on a shared board with a severity rating, the relevant file paths, and a suggested fix. AI agents can claim and resolve those tickets; you review the plan and the PR. See the full workflow on the Lovable MCP page or the MCP server page.

The agent-assisted fix loop: the scan produces a mismatch ticket — say, GET /api/users/me returns the wrong shape. The backend agent reads the ticket, adjusts the response, and opens a PR. You review the diff (ten lines, tight scope), merge it, and the next scan marks that ticket resolved. The whole cycle is usually under an hour. Without AppHandoff, that same fix happens after someone reports a broken page in production — the fix is still ten lines, but the discovery costs two hours.

Staying in sync as Lovable iterates

Lovable's value is velocity. A new page can go from prompt to commit in minutes, adding three new API calls in the process. A one-shot audit catches mismatches at audit time; two weeks later, after six Lovable commits, there's a new batch. The backlog stays roughly constant because you're always catching up.

Continuous scanning breaks the catch-up loop. AppHandoff re-scans on every commit to either repo. A new Lovable API call surfaces as a ticket within minutes, while the context is still fresh. With one-shot audits, the average time from mismatch introduced to mismatch resolved is days. With continuous scanning, it's hours. See why the sync pipeline has to be continuous for the full picture.

Getting started

The path from Lovable prototype to production: pick a backend (Supabase for CRUD-heavy apps, custom API routes for compute-heavy logic), wire the environment variables, and connect both repos to AppHandoff so mismatches surface before they reach your users. See pricing to get started, or read how to ship Lovable apps to production for the deployment walkthrough.