The admin users API exposes a safe, read-optimized view of the customer and staff base, as well as the ability to promote or demote user roles. Password hashes, session tokens, and other sensitive auth fields are never included in responses — only the seven safe columns selected server-side. Role management allows you to onboard new staff, revoke access, and promote trusted customers to admin, all from a single endpoint.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/ItsJhonAlex/Ecommerce/llms.txt
Use this file to discover all available pages before exploring further.
All endpoints in this section require the
admin or staff role. Requests without a valid session return 401; requests with insufficient role return 403.Endpoints
List Users
Filter by user role. One of:
customer, staff, admin. Omit to return users of all roles.200
Update User Role
:id — if they match and the new role is not admin, the request is rejected to prevent accidental self-lockout.
Request Body
The new role to assign. One of:
customer, staff, admin.customer— standard shopper, no admin panel accessstaff— can access all admin routes including user managementadmin— full access, including the ability to manage other admins
200 — returns only the safe user fields.
Safe User Response Fields
UUID of the user.
Display name of the user, if provided during registration.
Email address used for login and order notifications.
Current role. One of:
customer, staff, admin.Whether the user has verified their email address. Unverified users may have limited checkout access depending on store configuration.
URL of the user’s profile avatar, if set (typically populated via OAuth providers).
null if not set.ISO 8601 timestamp of when the user account was created.
Self-demotion guard: The backend checks whether the
:id in the route matches the id of the currently authenticated session user. If they match and the requested role is anything other than admin, the request is rejected with 422 before touching the database. To demote your own account, have another admin perform the update, or temporarily promote a second account to admin first.