Admin API Overview
This document provides an overview of the admin-facing API endpoints available in v3. These endpoints are designed for administrative applications and require elevated permissions.
In This Document
Authentication
Admin API endpoints require authentication using a Bearer token. The token should be included in the request headers:
Authorization: Bearer {your-access-token}
The user associated with the token must have the necessary permissions for the requested operation. If the user does not have the required permissions, a 403 Forbidden response will be returned.
API Structure
The Admin API follows the same basic structure and conventions as described in the API v3 Basics document. All common query parameters, filtering capabilities, response formats, and error handling mechanisms apply to the Admin API as well.
Available Modules
- CMS Module
- User Module
- System Module
CMS Module
The CMS module provides administrative access to content management features:
Features include:
- Posts: Create, update, delete, and manage posts
- Categories: Manage content categories and taxonomies
- Media: Manage media files and galleries
User Module
The User module provides administrative access to user management features:
Features include:
- Users: Create, update, delete, and manage user accounts
- Roles: Manage user roles and permissions
- Activity: View user activity logs
System Module
The System module provides access to system management features:
Features include:
- Settings: Manage system settings
- Logs: View system logs
- Cache: Manage system cache
Permissions
Admin API endpoints require specific permissions based on the user's role. If a user does not have the required permissions, a 403 Forbidden response will be returned with details about the missing permission:
{
"status": false,
"error": {
"code": "permission_denied",
"message": "You do not have permission to perform this action",
"details": {
"required_permission": "cms.posts.create"
}
}
}
Admin-Specific Features
The Admin API provides several features that are not available in the Client API:
- Bulk Operations
- Draft Management
- Version History
- Audit Logs
Bulk Operations
Many Admin API endpoints support bulk operations for efficient management:
POST /api/admin/v3/cms/post/bulk/delete
Authorization: Bearer {your-access-token}
Content-Type: application/json
{
"ids": [1, 2, 3, 4, 5]
}
Draft Management
Admin API allows managing content drafts before publishing:
POST /api/admin/v3/cms/post
Authorization: Bearer {your-access-token}
Content-Type: application/json
{
"title": "New Post Title",
"content": {
"short": "Short content",
"full": "Full content"
},
"status": "draft"
}
Version History
Admin API provides access to version history for supported resources:
GET /api/admin/v3/cms/post/123/versions
Authorization: Bearer {your-access-token}
Audit Logs
Admin API provides detailed audit logs for tracking changes:
GET /api/admin/v3/system/audit-log?resource_type=cms_post&resource_id=123
Authorization: Bearer {your-access-token}
Example Usage
- Basic Request
- Creating Resources
- Updating Resources
- Deleting Resources
Basic Request
GET /api/admin/v3/cms/post
Authorization: Bearer {your-access-token}
Creating a New Post
POST /api/admin/v3/cms/post
Authorization: Bearer {your-access-token}
Content-Type: application/json
{
"title": "New Post Title",
"content": {
"short": "Short content",
"full": "Full content"
},
"status": "draft"
}
Updating a Post
PUT /api/admin/v3/cms/post/1
Authorization: Bearer {your-access-token}
Content-Type: application/json
{
"title": "Updated Post Title",
"status": "published"
}
Deleting a Post
DELETE /api/admin/v3/cms/post/1
Authorization: Bearer {your-access-token}