Skip to main content

Admin API

Base path: /api/admin
File: ayts-api/src/routes/admin.ts
Auth required: Yes — role: 'admin' in Supabase user metadata

All endpoints in this group require the admin role. Attempting access without it returns 401 Unauthorized.

GET /api/admin/dashboard

Platform health summary.

Response 200:

{
  "success": true,
  "stats": {
    "totalStores": 12,
    "activeStores": 5,
    "totalProducts": 89,
    "totalOrders": 47,
    "totalUsers": 120,
    "pendingApplications": 3,
    "revenueToday": 4500.00,
    "revenueThisMonth": 87000.00
  },
  "recentOrders": [...],
  "recentUsers": [...]
}

GET /api/admin/analytics

Revenue and growth analytics.

Query params: period (7d | 30d | 90d | custom date range)

Response 200:

{
  "success": true,
  "revenue": {
    "total": 87000.00,
    "byDay": [{ "date": "2026-05-01", "amount": 3200.00 }],
    "byMethod": { "cod": 45000, "gcash": 35000, "maya": 7000 }
  },
  "orders": {
    "total": 47,
    "byStatus": { "delivered": 30, "pending": 5, "cancelled": 2 }
  }
}

GET /api/admin/stores

Get all stores (all statuses). Admin can see pending, inactive, and suspended stores.

Query params: status, limit, offset

PATCH /api/admin/stores/:id

Update store status (verify, activate, suspend).

{
  "isVerified": true,
  "isActive": true
}
note

The API converts isVerifiedis_verified and isActiveis_active before the Supabase update.

GET /api/admin/applications

Get vendor applications.

Query params: status (pending | approved | rejected)

PATCH /api/admin/applications/:id/review

Approve or reject a vendor application.

{
  "action": "approve" | "reject",
  "reason": "Optional rejection reason"
}

On approval:

  1. Creates the store record
  2. Updates user role to vendor
  3. Sends confirmation notification

GET /api/admin/users

Get all users. See Users API for response shape.

PATCH /api/admin/users/:id

Update any user. Admin can change role, ban, deactivate.

GET /api/admin/settings

Get platform settings.

404 Issue

This endpoint currently returns 404. The platform_settings table may not exist. See Settings page docs for the fix.

PATCH /api/admin/settings

Update platform settings.

{
  "siteName": "AYTS",
  "commissionRate": 0.03,
  "codEnabled": true,
  "maintenanceMode": false
}