API - Admin Routes
Source of truth: d3chat/backend/app/routers/admin.py
Prefix: /api/v1/admin
Role requirements:
adminorsuperadmin: read/list + most moderation operationssuperadminonly: promote/delete users, create/update settings
Dashboard
GET /dashboard/statsGET /dashboard/analytics?days=<1..90>
User Administration
GET /users?page=&page_size=&search=&role=&status=GET /users/{user_id}POST /users/{user_id}/banPOST /users/{user_id}/unbanPOST /users/{user_id}/suspendPOST /users/{user_id}/unsuspendPOST /users/{user_id}/promote(superadmin)DELETE /users/{user_id}(superadmin)
Request examples:
Ban:
{ "reason": "spam" }Suspend:
{ "hours": 24, "reason": "abuse" }Promote:
{ "role": "admin" }Constraints/guards:
- cannot ban/suspend/delete yourself
- admin cannot ban/suspend other admins or superadmins
- cannot delete a superadmin
Channel Administration
GET /channels?page=&page_size=&search=&type=(type=dm|channel)GET /channels/{channel_id}DELETE /channels/{channel_id}
Delete explicitly removes messages and memberships before deleting channel row.
Audit Logs
GET /audit-logs?page=&page_size=&action=&admin_id=&target_type=
Returns paginated logs and resolves admin_username.
Settings
GET /settingsGET /settings/{key}PUT /settings/{key}(superadmin)POST /settings(superadmin)
Update/create actions are audit logged. Setting updates invalidate Redis cache key public_config.