Admin Endpoints (/admin/*)
All endpoints require Bearer JWT (see Authentication).
Products
GET /admin/products
Query parameters:
q— text search across title, handle, description.limit,offset— pagination.category_id,collection_id,status— filters.
Response:
{
"products": [{ "id": "prod_01...", "title": "...", "variants": [...] }],
"count": 42, "limit": 20, "offset": 0
}
POST /admin/products
Body: full product object. See product spec in the Medusa docs.
PATCH /admin/products/{id} / DELETE /admin/products/{id}
Standard update / soft-delete.
Orders
GET /admin/orders
Filters: status, payment_status, fulfillment_status, customer_id, email,
created_at[gte], created_at[lte].
POST /admin/orders/{id}/fulfillments
Body:
{
"items": [{"item_id":"item_01...","quantity":1}],
"no_notification": false,
"metadata": {}
}
POST /admin/orders/{id}/refunds
Body:
{ "amount": 9900, "reason": "requested_by_customer", "note": "..." }
Customers
GET /admin/customers, POST /admin/customers, PATCH /admin/customers/{id}
Standard CRUD. GET supports q, email, has_account.
Plugins (CarphaCom-specific)
GET /admin/plugins
{ "plugins": [{ "id": "ccplg_01...", "manifest_id": "seo-essentials", "status": "installed", "version": "1.0.0", ... }] }
POST /admin/plugins/install
Body:
{ "marketplace_id": "@carphacom/seo-essentials", "version": "1.0.0", "license_key": null }
Response: 202 Accepted with the new plugin row. The backend reloads asynchronously; poll
/admin/plugins/{id} until status: installed.
DELETE /admin/plugins/{id}
Uninstalls. Migrations are not rolled back automatically.
GET /admin/plugins/{id}/configure
Returns current config (secrets masked).
POST /admin/plugins/{id}/configure
Body:
{ "config": { "publishable_key": "pk_...", "secret_key": "sk_..." } }
GET /admin/plugins/check-updates
{ "updates": [{ "id":"ccplg_01...", "current":"1.0.0", "latest":"1.1.0", "changelog_url":"..." }] }
Notifications
GET /admin/notifications / POST /admin/notifications/{id}/read
Internal admin notifications (e.g. plugin update available, license expired).
Settings (key-value)
GET /admin/settings
Returns all rows from carphacom_setting.
POST /admin/settings
{ "key": "auto_update_enabled", "value": "true" }
Webhooks
GET /admin/webhooks, POST /admin/webhooks, DELETE /admin/webhooks/{id}
Manage external webhook subscriptions. See Webhooks & License Verify.