Admin Backend

What is the Admin Backend?

When you install Forest Admin, you generate a node.js application on your local machine. It includes a RESTful API that connects to your database. We call this app the Admin Backend. The API includes the logic needed to perform all the actions required from a fully function Admin Interface (CRUD operations, search & filters, sort, pagination and more).

The API is hosted on your side, so you have virtually no limitation to extend it.

However, to ease the customization of your admin panel, we’ve introduced the concept of Smart features which helps you to fully extend the API.

All your Smart features will be implemented by you and hosted on your server. The default folder to organize your customization is /forest, however you can change it using: configDir: 'my/path' in your Forest Admin initialization middleware.

Before you start to deep dive into this documentation, it’s a good idea to see how the Admin API is designed.

Authentication of calls made to the Admin Backend

Every time you interact with your application data from the Forest UI, it triggers an API call to your admin panel server. This API call is authenticated using the Data Token. This token is a JWT token signed with your FOREST_AUTH_SECRET (see the Security section for more information) and it is passed to the HTTP request through the Authorization header.

GET /forest/...
Host: ...
Origin: ...
Content-Type: ...
Accept: application/json
Authorization: Bearer <DATA_TOKEN>

The JWT Data Token contains all the details of the admin user. From a route, you can retrieve them with the variable req.user. On our Live Demo example, we’ve developed a Whoami global Smart Action available that returns the full name of the admin user.

SQL
Mongodb
SQL
/forest/companies.js
const { collection } = require('forest-express-sequelize');
collection('companies', {
actions: [{
name: 'Whoami',
type: 'global',
endpoint: '/forest/whoami',
httpMethod: 'GET'
}]
});
req.user content
{
"id": "172",
"email": "angelicabengtsson@doha2019.com",
"firstName": "Angelica",
"lastName": "Bengtsson",
"team": "Pole Vault",
"renderingId": "4998",
"iat": 1569913709,
"exp": 1571123309
}
/routes/whoami.js
...
router.get('/actions/whoami', (req, res) => {
res.send({ success: `You are ${req.user.data.first_name} ${req.user.data.last_name}.` });
});
...
module.exports = router;
Mongodb
/forest/companies.js
const { collection } = require('forest-express-mongoose');
collection('companies', {
actions: [{
name: 'Whoami',
type: 'global',
endpoint: '/forest/whoami',
httpMethod: 'GET'
}]
});
req.user content
{
"id": "172",
"email": "angelicabengtsson@doha2019.com",
"firstName": "Angelica",
"lastName": "Bengtsson",
"team": "Pole Vault",
"renderingId": "4998",
"iat": 1569913709,
"exp": 1571123309
}
/routes/whoami.js
...
router.get('/actions/whoami', (req, res) => {
res.send({ success: `You are ${req.user.data.first_name} ${req.user.data.last_name}.` });
});
...
module.exports = router;