Access requirements

Admin endpoints require:

1. A valid API key.
2. The API key owner must be an admin account in server configuration.

Otherwise response is 403 Forbidden.

GET /api/v1/admin/token-packs

Returns token package configuration.

curl "https://tinypostcard.com/api/v1/admin/token-packs" \
  -H "Authorization: Bearer $ADMIN_API_KEY"

GET /api/v1/admin/users

Search users by q (matches id, email, or name).

Query params

• q: optional search string
• limit: 1-50 (default 20)

Example

curl "https://tinypostcard.com/api/v1/admin/users?q=alice@example.com" \
  -H "Authorization: Bearer $ADMIN_API_KEY"

GET /api/v1/admin/users/{userId}/token-balance

Returns detailed balance status and recent transactions.

curl "https://tinypostcard.com/api/v1/admin/users/cmmcxkkki0000sx2c6eqr70i2/token-balance" \
  -H "Authorization: Bearer $ADMIN_API_KEY"

Response includes

• user identity fields
• tokenBalance
• hasStripeCustomer
• hasSavedCard
• recentTransactions[] (up to 25)