Enabling sync
Referencesync.url and sync.secret on a Postgres database in your service env:
specific.hcl
specific dev and managed in production.
Sync attributes:
| Attribute | Description |
|---|---|
sync.url | Sync engine HTTP endpoint URL (for example, http://127.0.0.1:5133 in dev). |
sync.secret | Secret for authenticating requests to the sync engine. Pass it as the secret query parameter from your backend to the Electric API. |
How sync works
The sync engine streams “shapes” of data from Postgres to clients:- Your backend proxies shape requests to the sync engine (handling auth/authz).
- The sync engine streams the initial data and subsequent changes.
- Clients receive real-time updates over HTTP.
Proxy configuration
When proxying Electric requests from your backend, handle headers and query parameters carefully. Getting these wrong causes silent failures: browsers block responses or serve stale cached data without clear error messages.Expose Electric response headers
Electric returns customelectric-* headers that the client SDK needs to follow the shape log. Browsers block JavaScript from reading non-standard response headers unless they are listed in Access-Control-Expose-Headers. Don’t strip any electric-* headers from the response, and expose them all:
Strip upstream headers
Electric’s response includes its own CORS and caching headers. If your proxy copies these through and your CORS middleware also adds its own, the browser receives duplicateAccess-Control-Allow-Origin values and rejects the response. Before setting your own headers, strip these from Electric’s response:
Access-Control-Allow-Originand otherAccess-Control-*headersContent-EncodingandContent-Length(fetch decompresses the body but doesn’t update these headers, which breaks browser decoding)Cache-Control(see below)
Override caching
Electric returnsCache-Control with max-age and stale-age for request collapsing at the CDN level. During development, this can cause browsers to serve stale cached responses. For example, responses cached before CORS headers were configured correctly keep failing even after the proxy is fixed. Override with Cache-Control: no-store on your proxy response.
Control query parameters
Set these server-side and never pass them through from the client:table- letting clients specify the table allows access to any tablewhere- this is your authorization filtercolumns- clients could request sensitive columnssecret- never expose the API secret to clients
offset, handle, live, live_sse, cursor, expired_handle, replica, log.
Using the Electric TypeScript SDK
ShapeStream requires a full URL, not a relative one. In browsers, derive it from window.location.origin: