Version: Unreleased

Admin API

Admin endpoints manage users, provider access, and server settings. All routes require an authenticated admin JWT.

List Users

GET /api/admin/users

Returns UserInfo[].

[
  {
    "id": "3a6d...",
    "username": "admin",
    "role": "admin",
    "providers": [],
    "must_change_password": false
  },
  {
    "id": "d8b5...",
    "username": "viewer",
    "role": "user",
    "providers": ["streammax"],
    "must_change_password": true
  }
]

Create User

POST /api/admin/users

{
  "username": "viewer",
  "password": "TempPass1",
  "role": "user",
  "providers": ["streammax", "example"]
}

providers: [] means unrestricted access to all providers
newly created users receive must_change_password: true

Response:

{
  "id": "d8b5...",
  "username": "viewer",
  "role": "user",
  "providers": ["streammax", "example"],
  "must_change_password": true
}

Delete User

DELETE /api/admin/users/:id

Deletes the user plus associated provider sessions. Admins cannot delete their own account.

{
  "success": true
}

Set User Provider Access

PUT /api/admin/users/:id/providers

{
  "providers": ["streammax", "example"]
}

pass an empty array to restore unrestricted provider access
restricted users are blocked not only from /api/providers, but also from provider auth, channels, categories, and stream routes

{
  "success": true
}

Reset User Password

PUT /api/admin/users/:id/password

{
  "new_password": "TempPass1"
}

Successful response:

{
  "success": true
}

The reset sets must_change_password = true, so the user must call POST /api/auth/change-password before using the rest of the API.

Server Settings

Get settings

GET /api/admin/settings

{
  "signup_disabled": false
}

Update settings

PUT /api/admin/settings

{
  "signup_disabled": true
}

{
  "success": true
}

List Users​

Create User​

Delete User​

Set User Provider Access​

Reset User Password​

Server Settings​

Get settings​

Update settings​