2021-06-03 12:20:40 -04:00
# The Admin API
## Authenticate as a server admin
Many of the API calls in the admin api will require an `access_token` for a
server admin. (Note that a server admin is distinct from a room admin.)
2022-08-03 06:15:23 -04:00
An existing user can be marked as a server admin by updating the database directly.
2021-06-03 12:20:40 -04:00
2022-08-03 06:15:23 -04:00
Check your [database settings ](config_documentation.md#database ) in the configuration file, connect to the correct database using either `psql [database name]` (if using PostgreSQL) or `sqlite3 path/to/your/database.db` (if using SQLite) and elevate the user `@foo:bar.com` to administrator.
2021-06-03 12:20:40 -04:00
```sql
UPDATE users SET admin = 1 WHERE name = '@foo:bar.com';
```
A new server admin user can also be created using the `register_new_matrix_user`
2022-03-02 08:00:16 -05:00
command. This is a script that is distributed as part of synapse. It is possibly
2021-06-03 12:20:40 -04:00
already on your `$PATH` depending on how Synapse was installed.
Finding your user's `access_token` is client-dependent, but will usually be shown in the client's settings.
## Making an Admin API request
2022-11-21 06:40:25 -05:00
For security reasons, we [recommend ](../../../reverse_proxy.md#synapse-administration-endpoints )
2022-07-13 14:33:33 -04:00
that the Admin API (`/_synapse/admin/...`) should be hidden from public view using a
reverse proxy. This means you should typically query the Admin API from a terminal on
the machine which runs Synapse.
2021-06-03 12:20:40 -04:00
Once you have your `access_token` , you will need to authenticate each request to an Admin API endpoint by
providing the token as either a query parameter or a request header. To add it as a request header in cURL:
```sh
curl --header "Authorization: Bearer < access_token > " < the_rest_of_your_API_request >
```
2022-07-13 14:33:33 -04:00
For example, suppose we want to
[query the account ](user_admin_api.md#query-user-account ) of the user
`@foo:bar.com` . We need an admin access token (e.g.
`syt_AjfVef2_L33JNpafeif_0feKJfeaf0CQpoZk` ), and we need to know which port
Synapse's [`client` listener ](config_documentation.md#listeners ) is listening
on (e.g. `8008` ). Then we can use the following command to request the account
information from the Admin API.
```sh
curl --header "Authorization: Bearer syt_AjfVef2_L33JNpafeif_0feKJfeaf0CQpoZk" -X GET http://127.0.0.1:8008/_synapse/admin/v2/users/@foo:bar.com
```
2021-06-03 12:20:40 -04:00
For more details on access tokens in Matrix, please refer to the complete
[matrix spec documentation ](https://matrix.org/docs/spec/client_server/r0.6.1#using-access-tokens ).