How it works

Before you start writing a single line of code, it’s a good idea to get an overview of how Forest Admin works. The magic lies in its architecture.

Forest Admin consists of two components:

  • The Admin Frontend is the user interface where you'll manage your data and configuration.

  • The Admin Backend is an API hosted on your servers where you can find and extend your data models and all the business logic (routes, actions, …) related to your admin panel.

When you run your admin backend, it will:

  1. Analyze the structure of your database models and send the metadata required to build your Admin Frontend (the Forest Admin Schema) to the Forest Admin servers.

  2. Generate the Admin API which covers all the standard Admin features you'll need (e.g. CRUD, search & filters, pagination, sorting, etc.)

Data Privacy

When logging in to your Admin Frontend in your browser, you will connect to 2 different servers:

  1. The Forest Admin servers to retrieve the Forest Admin UI based on the Forest Admin Schema.

  2. The Admin Backend to retrieve your Application Data through the Admin API.

This way we guarantee that your data remains invisible to our servers.

Forest Admin never reaches your data


The connection to both servers (the Admin Backend and the Forest Admin Servers) are protected using 2 different JWT signed by 2 different keys:

  1. FOREST_ENV_SECRET to authenticate all requests made to the Forest Admin Servers

  2. FOREST_AUTH_SECRET to authenticate all requests made to the Admin API

FOREST_AUTH_SECRET is chosen freely by you and is never disclosed to anyone.

No 3rd-party Tracking

The Admin Frontend has an option to completely disable any 3rd-party provider that could track data available from your browser to guarantee the respect of data privacy.

IP Whitelisting

The IP whitelisting feature allows you to create a list of trusted IP addresses or IP ranges from which your admin users can both access to the Admin Frontend and interact with your Admin Backend.


You're free to host your Admin Backend wherever you want to be compliant with your security infrastructure (DMZ, VPN, etc.).

We’re already working with companies compliant with Industry Standard Certifications