Skip to main content
Version: v0.15

These APIs are responsible for handling administration-level requests.
Check out the Router module for information on application-level requests.

Administrative APIs

Conduit allows administrators to operate on their backend using REST and GraphQL APIs.
There's also an administrative WebSockets API for real time communication.

All of the above transports are enabled by default, but can be disabled if you so desire.

Most administrative requests expose or modify critical parts of your backend like listing private data and configuring user authentication strategies.
As such, utilizing them requires authorization to prevent non-administrators from being capable of performing them.


Master Key

A secret key specified as a Conduit Core environment variable.
This header is required by every single administrative route.

{ "masterkey": "M4ST3RKEY" }

On a fresh deployment, the master key secret defaults to M4ST3RK3Y.


A bearer formatted access token used for administrator authentication.
This header is required by most administrative routes, with the exception of:

  • Admin Login (POST: /login)
  • Online Modules (GET: /modules)
  • GraphQL (GET: /graphql)
  • Swagger (GET: /swagger & /swagger.json whenever Core is in development mode)
{ "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYyMmYxZGQ5NThkZDIwMDAxNzgwNWVmYyIsImlhdCI6MTY0NzM0MjMwMiwiZXhwIjoxNjQ3NDE0MzAyfQ.trHYfxt9Wf6ohgi5PWez-dZEDaQSBBR6wu2PINveQmI" }
Getting an Admin Authentication Token
curl --location --request POST 'http://localhost:3030/login' \
--header 'masterkey: M4ST3RK3Y' \
--header 'Content-Type: application/json' \
--data-raw '{
"username": "admin",
"password": "admin"
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYyMmYxZGQ5NThkZDIwMDAxNzgwNWVmYyIsImlhdCI6MTY0NzM0MjMwMiwiZXhwIjoxNjQ3NDE0MzAyfQ.trHYfxt9Wf6ohgi5PWez-dZEDaQSBBR6wu2PINveQmI"

Admin access tokens cannot be used interchangeably with user access tokens!


Admin Config Section

You may configure your administrative APIs through the main settings page of your admin panel.