All admin endpoints require either:
- An
x-internal-secret header matching the server’s INTERNAL_SECRET environment variable, or
- A Bearer token from a user with
accessFlags.isNullDropTeam = true and nullDropTeamRole of founder or dev
List users
GET /api/admin/users
Returns a paginated list of all users with their DROP service entitlements.
Page number. Defaults to 1.
Users per page. Defaults to 50.
Response 200
{
"users": [
{
"id": "cuid_abc123",
"email": "user@example.com",
"displayName": "John",
"avatar": "cuid_abc123/avatar_1717596600.png",
"createdAt": "2026-01-15T10:30:00.000Z",
"updatedAt": "2026-06-05T14:30:00.000Z",
"serviceAccess": {
"tier": "pro",
"isPremium": true,
"accessFlags": {},
"metadata": {},
"customStorageLimit": null,
"customApiKeyLimit": null
}
}
],
"pagination": {
"page": 1,
"limit": 50,
"totalCount": 1842,
"totalPages": 37,
"hasMore": true
}
}
Get user stats
GET /api/admin/users/stats
Returns aggregate user statistics for the platform.
Response 200
{
"totalUsers": 1842,
"premiumUsers": 156,
"freeUsers": 1686
}
Update user service
PATCH /api/admin/users/{userId}
Updates or creates a service entitlement for a specific user. All changes are recorded in the audit log.
Service identifier (e.g., DROP).
Service tier (e.g., free, pro-lite, pro, enterprise).
Whether the user has premium access.
Custom access flags (e.g., { "isNullDropTeam": true, "nullDropTeamRole": "dev" }).
Custom storage limit override in bytes.
Custom API key limit override.
{
"service": "DROP",
"tier": "pro",
"isPremium": true,
"accessFlags": {
"isNullDropTeam": false
}
}
Response 200
{
"entitlement": {
"id": "ent_abc123",
"userId": "cuid_target",
"service": "DROP",
"tier": "pro",
"isPremium": true,
...
}
}
Response 404
{
"message": "User not found"
}
