Admin API
Status: Implemented (Milestone 10)
Admin endpoints require a JWT with role === "admin".
Authentication
GET /api/auth/meReturns the current authenticated user. Used by the dashboard to verify admin access.
Response:
{
"user": {
"id": "usr_...",
"email": "admin@example.com",
"role": "admin",
"createdAt": "2026-01-01T00:00:00.000Z"
}
}Collections
GET /api/admin/collections
POST /api/admin/collections
GET /api/admin/collections/:name
PUT /api/admin/collections/:name
DELETE /api/admin/collections/:namePOST and PUT accept a collection definition:
{
"name": "posts",
"fields": [
{ "name": "title", "type": "string", "required": true }
],
"permissions": {
"read": "public",
"create": "authenticated"
}
}PUT runs inline schema migrations (add/remove/rename fields). Changing field types on existing columns is rejected.
Users
GET /api/admin/users?limit=50&offset=0
PATCH /api/admin/users/:id
DELETE /api/admin/users/:idPATCH body:
{ "role": "admin" }Roles: admin, authenticated, public.
Storage
GET /api/admin/storage?limit=50&offset=0Lists file metadata (same shape as upload response). Upload and delete use the public storage API.
Functions
GET /api/admin/functionsReturns registered triggers (metadata only, no handler code):
{
"items": [
{
"collection": "posts",
"type": "create",
"eventType": "posts.created",
"filePath": "/path/to/functions/posts/handler.ts"
}
]
}Jobs
GET /api/admin/jobs
GET /api/admin/jobs/:name/runsJob list returns name, schedule, and filePath. Runs return in-memory history (runId, startedAt, endedAt, status, attempt, optional error).
Logs
GET /api/admin/logs?limit=100&level=ERRORReturns recent in-memory log entries (timestamp, level, message). Optional level filter: DEBUG, INFO, WARN, ERROR.
Errors
| Status | Code | When |
|---|---|---|
| 401 | unauthorized | Missing or invalid JWT |
| 403 | forbidden | Authenticated but not admin |
| 404 | not_found | Resource missing |
| 400 | bad_request | Validation or migration error |
Admin record access
Users with admin role bypass collection permissions rules on public CRUD endpoints (/api/:collection), enabling full record management from the dashboard.