Admin User Management

Server-side user management via the Service Key. These operations bypass access rules.

info

Admin Auth is available in all Admin SDKs. See Admin SDK for details.

Setup

JavaScript

import { createAdminClient } from '@edgebase/admin';

const admin = createAdminClient('https://my-app.edgebase.dev', {
  serviceKey: process.env.EDGEBASE_SERVICE_KEY,
});

Dart/Flutter

import 'package:edgebase_admin/edgebase_admin.dart';

final admin = AdminEdgeBase(
  'https://my-app.edgebase.dev',
  serviceKey: Platform.environment['EDGEBASE_SERVICE_KEY']!,
);

Go

import edgebase "github.com/edgebase/sdk-go"

admin := edgebase.NewAdminClient("https://my-app.edgebase.dev", os.Getenv("EDGEBASE_SERVICE_KEY"))

PHP

use EdgeBase\Admin\AdminClient;

$admin = new AdminClient('https://my-app.edgebase.dev', getenv('EDGEBASE_SERVICE_KEY'));

Rust

use edgebase_admin::EdgeBase;

let admin = EdgeBase::server("https://my-app.edgebase.dev", &std::env::var("EDGEBASE_SERVICE_KEY")?)?;

Python

from edgebase_admin import AdminClient
import os

admin = AdminClient('https://my-app.edgebase.dev', service_key=os.environ['EDGEBASE_SERVICE_KEY'])

Kotlin

import dev.edgebase.sdk.admin.AdminEdgeBase

val admin = AdminEdgeBase(
    "https://my-app.edgebase.dev",
    serviceKey = System.getenv("EDGEBASE_SERVICE_KEY") ?: ""
)

Java

AdminEdgeBase admin = EdgeBase.admin(
    "https://my-app.edgebase.dev",
    System.getenv("EDGEBASE_SERVICE_KEY")
);

Scala

import dev.edgebase.sdk.scala.admin.AdminEdgeBase

val admin = AdminEdgeBase(
  "https://my-app.edgebase.dev",
  sys.env("EDGEBASE_SERVICE_KEY")
)

C#

using var admin = new EdgeBase.Admin.AdminClient(url, serviceKey);
// Use admin.AdminAuth for user management operations

Ruby

require "edgebase_admin"

admin = EdgebaseAdmin::AdminClient.new(
  "https://my-app.edgebase.dev",
  service_key: ENV.fetch("EDGEBASE_SERVICE_KEY")
)

Elixir

alias EdgeBaseAdmin

admin =
  EdgeBaseAdmin.new("https://my-app.edgebase.dev",
    service_key: System.fetch_env!("EDGEBASE_SERVICE_KEY")
  )

warning

Never use the Service Key in client-side code. It has full admin access to your backend.

Operations

JavaScript

// List users
const users = await admin.auth.listUsers({ limit: 50 });

// Get user
const user = await admin.auth.getUser('user-id');

// Create user (server-side)
const newUser = await admin.auth.createUser({
  email: 'admin@example.com',
  password: 'securePassword',
  displayName: 'Admin User',
  role: 'admin',
});

// Update user
await admin.auth.updateUser('user-id', {
  displayName: 'New Name',
  role: 'moderator',
});

// Delete user
await admin.auth.deleteUser('user-id');

// Set custom claims (included in JWT)
await admin.auth.setCustomClaims('user-id', {
  plan: 'pro',
  features: ['analytics', 'export'],
});

// Revoke all sessions (force re-login)
await admin.auth.revokeAllSessions('user-id');

Dart/Flutter

// List users
final users = await admin.adminAuth.listUsers(limit: 50);

// Get user
final user = await admin.adminAuth.getUser('user-id');

// Create user
final newUser = await admin.adminAuth.createUser(
  email: 'admin@example.com',
  password: 'securePassword',
  displayName: 'Admin User',
  role: 'admin',
);

// Update user
await admin.adminAuth.updateUser('user-id', displayName: 'New Name', role: 'moderator');

// Delete user
await admin.adminAuth.deleteUser('user-id');

// Set custom claims
await admin.adminAuth.setCustomClaims('user-id', {'plan': 'pro', 'features': ['analytics', 'export']});

// Revoke all sessions
await admin.adminAuth.revokeAllSessions('user-id');

Go

// List users
users, err := admin.AdminAuth.ListUsers(&edgebase.ListUsersOptions{Limit: 50})

// Get user
user, err := admin.AdminAuth.GetUser("user-id")

// Create user
newUser, err := admin.AdminAuth.CreateUser(edgebase.CreateUserInput{
    Email:       "admin@example.com",
    Password:    "securePassword",
    DisplayName: "Admin User",
    Role:        "admin",
})

// Update user
_, err = admin.AdminAuth.UpdateUser("user-id", edgebase.UpdateUserInput{
    DisplayName: "New Name",
    Role:        "moderator",
})

// Delete user
err = admin.AdminAuth.DeleteUser("user-id")

// Set custom claims
err = admin.AdminAuth.SetCustomClaims("user-id", map[string]any{
    "plan": "pro", "features": []string{"analytics", "export"},
})

// Revoke all sessions
err = admin.AdminAuth.RevokeAllSessions("user-id")

PHP

// List users
$users = $client->adminAuth->listUsers(limit: 50);

// Get user
$user = $client->adminAuth->getUser('user-id');

// Create user
$newUser = $client->adminAuth->createUser([
    'email' => 'admin@example.com',
    'password' => 'securePassword',
    'displayName' => 'Admin User',
    'role' => 'admin',
]);

// Update user
$client->adminAuth->updateUser('user-id', [
    'displayName' => 'New Name',
    'role' => 'moderator',
]);

// Delete user
$client->adminAuth->deleteUser('user-id');

// Set custom claims
$client->adminAuth->setCustomClaims('user-id', [
    'plan' => 'pro',
    'features' => ['analytics', 'export'],
]);

// Revoke all sessions
$client->adminAuth->revokeAllSessions('user-id');

Rust

// List users
let users = admin.admin_auth().list_users(50, None).await?;

// Get user
let user = admin.admin_auth().get_user("user-id").await?;

// Create user
let new_user = admin.admin_auth().create_user("admin@example.com", "securePassword").await?;

// Update user
admin.admin_auth().update_user("user-id", &json!({
    "displayName": "New Name", "role": "moderator"
})).await?;

// Delete user
admin.admin_auth().delete_user("user-id").await?;

// Set custom claims
admin.admin_auth().set_custom_claims("user-id", json!({
    "plan": "pro", "features": ["analytics", "export"]
})).await?;

// Revoke all sessions
admin.admin_auth().revoke_all_sessions("user-id").await?;

Python

# List users
users = admin.admin_auth.list_users(limit=50)

# Get user
user = admin.admin_auth.get_user('user-id')

# Create user
new_user = admin.admin_auth.create_user(
    email='admin@example.com',
    password='securePassword',
    display_name='Admin User',
    role='admin',
)

# Update user
admin.admin_auth.update_user('user-id', display_name='New Name', role='moderator')

# Delete user
admin.admin_auth.delete_user('user-id')

# Set custom claims
admin.admin_auth.set_custom_claims('user-id', {'plan': 'pro', 'features': ['analytics', 'export']})

# Revoke all sessions
admin.admin_auth.revoke_all_sessions('user-id')

Kotlin

// List users
val users = admin.adminAuth.listUsers(limit = 50)

// Get user
val user = admin.adminAuth.getUser("user-id")

// Create user
val newUser = admin.adminAuth.createUser(mapOf(
    "email" to "admin@example.com",
    "password" to "securePassword",
    "displayName" to "Admin User",
    "role" to "admin",
))

// Update user
admin.adminAuth.updateUser("user-id", mapOf("displayName" to "New Name", "role" to "moderator"))

// Delete user
admin.adminAuth.deleteUser("user-id")

// Set custom claims
admin.adminAuth.setCustomClaims("user-id", mapOf("plan" to "pro"))

// Revoke all sessions
admin.adminAuth.revokeAllSessions("user-id")

Java

// List users
Map<String, Object> users = admin.adminAuth().listUsers(50, null);

// Get user
Map<String, Object> user = admin.adminAuth().getUser("user-id");

// Create user
Map<String, Object> newUser = admin.adminAuth().createUser(Map.of(
    "email", "admin@example.com",
    "password", "securePassword",
    "displayName", "Admin User",
    "role", "admin"
));

// Update user
admin.adminAuth().updateUser("user-id", Map.of("displayName", "New Name", "role", "moderator"));

// Delete user
admin.adminAuth().deleteUser("user-id");

// Set custom claims
admin.adminAuth().setCustomClaims("user-id", Map.of("plan", "pro"));

// Revoke all sessions
admin.adminAuth().revokeAllSessions("user-id");

Scala

// List users
val users = admin.adminAuth.listUsers(limit = Some(50))

// Get user
val user = admin.adminAuth.getUser("user-id")

// Create user
val newUser = admin.adminAuth.createUser(Map(
  "email" -> "admin@example.com",
  "password" -> "securePassword",
  "displayName" -> "Admin User",
  "role" -> "admin",
))

// Update user
admin.adminAuth.updateUser("user-id", Map("displayName" -> "New Name", "role" -> "moderator"))

// Delete user
admin.adminAuth.deleteUser("user-id")

// Set custom claims
admin.adminAuth.setCustomClaims("user-id", Map("plan" -> "pro", "features" -> List("analytics", "export")))

// Revoke all sessions
admin.adminAuth.revokeAllSessions("user-id")

C#

using var admin = new EdgeBase.Admin.AdminClient(url, serviceKey);
// Use admin.AdminAuth for user management operations

Ruby

# List users
users = admin.admin_auth.list_users(limit: 50)

# Get user
user = admin.admin_auth.get_user("user-id")

# Create user
new_user = admin.admin_auth.create_user(
  "admin@example.com",
  "securePassword"
)

# Update user
admin.admin_auth.update_user("user-id", {
  "displayName" => "New Name",
  "role" => "moderator"
})

# Delete user
admin.admin_auth.delete_user("user-id")

# Set custom claims
admin.admin_auth.set_custom_claims("user-id", {
  "plan" => "pro",
  "features" => ["analytics", "export"]
})

# Revoke all sessions
admin.admin_auth.revoke_all_sessions("user-id")

Elixir

alias EdgeBaseAdmin.AdminAuth

auth = EdgeBaseAdmin.admin_auth(admin)

# List users
users = AdminAuth.list_users!(auth, limit: 50)

# Get user
user = AdminAuth.get_user!(auth, "user-id")

# Create user
new_user =
  AdminAuth.create_user!(auth, %{
    "email" => "admin@example.com",
    "password" => "securePassword",
    "displayName" => "Admin User",
    "role" => "admin"
  })

# Update user
AdminAuth.update_user!(auth, "user-id", %{"displayName" => "New Name", "role" => "moderator"})

# Delete user
AdminAuth.delete_user!(auth, "user-id")

# Set custom claims
AdminAuth.set_custom_claims!(auth, "user-id", %{"plan" => "pro", "features" => ["analytics", "export"]})

# Revoke all sessions
AdminAuth.revoke_all_sessions!(auth, "user-id")

Custom Claims

Claims set via setCustomClaims() are included in the user's JWT under the custom namespace:

{
  "sub": "user-id",
  "iss": "edgebase:user",
  "exp": 1234567890,
  "custom": {
    "plan": "pro",
    "features": ["analytics", "export"]
  }
}

Access in access rules: read(auth) { return auth?.custom?.plan === 'pro' }

REST API

Endpoint	Method	Description
/api/auth/admin/users	GET	List users
/api/auth/admin/users/:id	GET	Get user
/api/auth/admin/users	POST	Create user
/api/auth/admin/users/:id	PATCH	Update user
/api/auth/admin/users/:id	DELETE	Delete user
/api/auth/admin/users/:id/claims	PUT	Set custom claims
/api/auth/admin/users/:id/revoke	POST	Revoke sessions

All endpoints require the X-EdgeBase-Service-Key header.