Admin API
All admin endpoints require Authorization: Bearer <ADMIN_TOKEN> header.
Applications
Section titled “Applications”List Applications
Section titled “List Applications”GET /api/admin/applicationsGet Application
Section titled “Get Application”GET /api/admin/applications/:idCreate Application
Section titled “Create Application”POST /api/admin/applications
Body:{ "id": "tobby", "name": "Acme", "audience": "tobby-api", "redirectUris": ["https://tobby.example.com/auth/callback"], "clientType": "web", "webhookUrl": "https://tobby.api/webhooks", "webhookSecret": "whsec_xxx", "ssoGroupId": "tobby-suite", "authPolicy": { ... }}Auth Policy
Section titled “Auth Policy”Get Auth Policy
Section titled “Get Auth Policy”GET /api/admin/applications/:id/auth-policyUpdate Auth Policy
Section titled “Update Auth Policy”PATCH /api/admin/applications/:id/auth-policy
Body: { "signup_policy": "invite_only", "allowed_providers": ["email"] }List Users
Section titled “List Users”GET /api/admin/applications/:id/users?status=active&role=memberGet User
Section titled “Get User”GET /api/admin/applications/:id/users/:uidUpdate User
Section titled “Update User”PATCH /api/admin/applications/:id/users/:uid
Body: { "status": "suspended", "role": "admin" }Remove User
Section titled “Remove User”DELETE /api/admin/applications/:id/users/:uidInvitations
Section titled “Invitations”Create Invitations
Section titled “Create Invitations”POST /api/admin/applications/:id/invitations
Body: { "emails": ["[email protected]"], "role": "member", "message": "Welcome!" }List Invitations
Section titled “List Invitations”GET /api/admin/applications/:id/invitations?status=pendingRevoke Invitation
Section titled “Revoke Invitation”DELETE /api/admin/applications/:id/invitations/:iidAPI Keys
Section titled “API Keys”Create API Key
Section titled “Create API Key”POST /api/admin/applications/:id/api-keys
Body: { "name": "production", "scopes": ["commerce:read"] }List API Keys
Section titled “List API Keys”GET /api/admin/applications/:id/api-keysDelete API Key
Section titled “Delete API Key”DELETE /api/admin/applications/:id/api-keys/:kidSSO Groups
Section titled “SSO Groups”Create SSO Group
Section titled “Create SSO Group”POST /api/admin/sso-groups
Body: { "id": "tobby-suite", "name": "Acme Suite" }Add Application to Group
Section titled “Add Application to Group”POST /api/admin/sso-groups/:id/apps
Body: { "appId": "tobby" }Provider Status
Section titled “Provider Status”Get Provider Configuration Status
Section titled “Get Provider Configuration Status”GET /api/admin/auth/providers
Response:{ "providers": [ { "id": "email", "name": "Email + Password", "configured": true, "env_vars": [] }, { "id": "google", "name": "Google", "configured": true, "env_vars": ["GOOGLE_CLIENT_ID", ...] }, { "id": "apple", "name": "Apple Sign In", "configured": false, "env_vars": [...] }, { "id": "github", "name": "GitHub", "configured": false, "env_vars": [...] } ]}