Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/shadownrx/apisquare/llms.txt

Use this file to discover all available pages before exploring further.

The ApiSquare admin dashboard is a secure, browser-based control panel accessible at /admin. It gives operators a single place to monitor every appointment booked through the Telegram bot, delete individual reservations, and make live changes to the system’s services, professional schedules, and public holidays — all without touching any code or triggering a redeployment.

Authentication

Set up admin credentials, understand the brute-force lockout system, and manage session lifecycle.

Managing Reservations

View, filter, and delete appointments from the Reservas tab.

Configuration

Edit services, professional schedules, and public holidays in real time.

API Reference

Explore the raw /api/admin/* endpoints used by the dashboard.

Dashboard tabs

The dashboard is split into two top-level tabs:
TabLabelPurpose
Reservas📋 ReservasOperational view of all booked appointments
Configuración⚙️ ConfiguraciónLive editing of services, schedules, and holidays
Switching tabs triggers a fresh data fetch — the reservation list and the configuration are loaded independently on demand.

Stats overview

At the top of the Reservas tab, three summary cards give an instant snapshot of the appointment pipeline:
StatDescription
TotalTotal number of reservations currently stored in KV
HoyReservations scheduled for today’s date
PróximasAll reservations on today or any future date

Technical details

The admin dashboard is built with the Next.js App Router (app/admin/page.tsx) as a fully client-rendered page ('use client'). Session state is carried by an HTTP-only cookie named admin_session with a 7-day TTL. The underlying session token is validated against Vercel KV in production, and against a Node.js in-process Set in local development. All login attempts are subject to automatic brute-force lockout: after 5 consecutive failed attempts from the same IP address, further requests are blocked for 15 minutes.
The dashboard fetches data exclusively from the /api/admin/* endpoints. All admin API calls require the admin_session cookie to be present and valid — unauthenticated requests return HTTP 401 and the dashboard immediately redirects to /login.

Build docs developers (and LLMs) love