Skip to content
Snippets Groups Projects
Normal view Permalink
README.md 2.38 KiB
Newer Older
  • Learn to ignore specific revisions
    • Andrew Morgan's avatar
    Compile and render Synapse's docs into a browsable, mobile-friendly and searchable website (#10086)
    Andrew Morgan committed
    1 2 3 4 5 6 7 
    # The Admin API

## Authenticate as a server admin

Many of the API calls in the admin api will require an `access_token` for a
server admin. (Note that a server admin is distinct from a room admin.)
    jejo86's avatar
    Improve documentation on becoming server admin (#13230)  
    jejo86 committed
    8 
    An existing user can be marked as a server admin by updating the database directly.
    Andrew Morgan's avatar
    Compile and render Synapse's docs into a browsable, mobile-friendly and searchable website (#10086)
    Andrew Morgan committed
    9
    reivilibre's avatar
    Fix broken links in the Synapse documentation. (#14744)  
    reivilibre committed
    10 
    Check your [database settings](../../configuration/config_documentation.md#database) in the configuration file, connect to the correct database using either `psql [database name]` (if using PostgreSQL) or `sqlite3 path/to/your/database.db` (if using SQLite) and elevate the user `@foo:bar.com` to administrator.
    Andrew Morgan's avatar
    Compile and render Synapse's docs into a browsable, mobile-friendly and searchable website (#10086)
    Andrew Morgan committed
    11 12 13 14 15 
    ```sql
UPDATE users SET admin = 1 WHERE name = '@foo:bar.com';
```

A new server admin user can also be created using the `register_new_matrix_user`
    David Robertson's avatar
    Move scripts directory inside synapse, exposing as setuptools entry_points (#12118)  
    David Robertson committed
    16 
    command. This is a script that is distributed as part of synapse. It is possibly
    Andrew Morgan's avatar
    Compile and render Synapse's docs into a browsable, mobile-friendly and searchable website (#10086)
    Andrew Morgan committed
    17 18 19 20 21 
    already on your `$PATH` depending on how Synapse was installed.

Finding your user's `access_token` is client-dependent, but will usually be shown in the client's settings.

## Making an Admin API request
    Brennan Chapman's avatar
    Fix broken admin API request recommendation link (#14499)  
    Brennan Chapman committed
    22 
    For security reasons, we [recommend](../../../reverse_proxy.md#synapse-administration-endpoints)
    jejo86's avatar
    Document advising against publicly exposing the Admin API and provide a usage example (#13231)  
    jejo86 committed
    23 24 25 26 
    that the Admin API (`/_synapse/admin/...`) should be hidden from public view using a
reverse proxy. This means you should typically query the Admin API from a terminal on
the machine which runs Synapse.
    Andrew Morgan's avatar
    Compile and render Synapse's docs into a browsable, mobile-friendly and searchable website (#10086)
    Andrew Morgan committed
    27 28 29 30 31 32 33 
    Once you have your `access_token`, you will need to authenticate each request to an Admin API endpoint by
providing the token as either a query parameter or a request header. To add it as a request header in cURL:

```sh
curl --header "Authorization: Bearer <access_token>" <the_rest_of_your_API_request>
```
    jejo86's avatar
    Document advising against publicly exposing the Admin API and provide a usage example (#13231)  
    jejo86 committed
    34 
    For example, suppose we want to
    reivilibre's avatar
    Fix broken links in the Synapse documentation. (#14744)  
    reivilibre committed
    35 
    [query the account](../../../admin_api/user_admin_api.md#query-user-account) of the user
    jejo86's avatar
    Document advising against publicly exposing the Admin API and provide a usage example (#13231)  
    jejo86 committed
    36 37 
    `@foo:bar.com`. We need an admin access token (e.g.
`syt_AjfVef2_L33JNpafeif_0feKJfeaf0CQpoZk`), and we need to know which port
    reivilibre's avatar
    Fix broken links in the Synapse documentation. (#14744)  
    reivilibre committed
    38 
    Synapse's [`client` listener](../../configuration/config_documentation.md#listeners) is listening
    jejo86's avatar
    Document advising against publicly exposing the Admin API and provide a usage example (#13231)  
    jejo86 committed
    39 40 41 42 43 44 45 
    on (e.g. `8008`). Then we can use the following command to request the account
information from the Admin API.

```sh
curl --header "Authorization: Bearer syt_AjfVef2_L33JNpafeif_0feKJfeaf0CQpoZk" -X GET http://127.0.0.1:8008/_synapse/admin/v2/users/@foo:bar.com
```
    Andrew Morgan's avatar
    Compile and render Synapse's docs into a browsable, mobile-friendly and searchable website (#10086)
    Andrew Morgan committed
    46 47 
    For more details on access tokens in Matrix, please refer to the complete
[matrix spec documentation](https://matrix.org/docs/spec/client_server/r0.6.1#using-access-tokens).