S3 endpoints for keys with special characters broken

Incident Report for Supabase

Resolved

This incident has been resolved. A recent API Gateway deployment altered how certain special characters in S3 object key paths were encoded before reaching storage, causing signature verification failures (403) for affected requests.

The change has been reverted and issue is now fixed.
Posted Jul 16, 2026 - 18:49 UTC

Update

We have implemented a PR rollback to mitigate this issue. We will actively monitor its progress
Posted Jul 16, 2026 - 18:32 UTC

Update

A likely mitigation has been identified and we are discussing the proper implementation method.
Posted Jul 16, 2026 - 18:23 UTC

Identified

We have identified an issue where S3 endpoints for keys with special characters will be broken. We are actively investigating the correct mitigation for this issue.
Posted Jul 16, 2026 - 17:55 UTC
This incident affected: Storage.