Admin API

Internal API

These endpoints are for internal administrative use only. They require special authentication via the InternalSecret header and are not available to regular API users.

The Admin API provides endpoints for system administration, user management, and aggregate statistics.

Authentication

All internal endpoints require the InternalSecret authentication header:

curl -X GET "https://api.veriglob.com/internal/v1/admin/stats" \
  -H "X-Internal-Secret: your-internal-secret"

---

Health Check

Returns the health status of the internal API server.

GET /internal/health

Authentication

None required.

Request Example

curl -X GET "https://api.veriglob.com/internal/health"

Response

200 OK

{
  "status": "healthy",
  "version": "1.0.0",
  "timestamp": "2024-01-20T14:30:00Z",
  "services": {
    "database": "healthy",
    "cache": "healthy",
    "storage": "healthy"
  }
}

---

Get User Statistics

Returns aggregate user statistics for the platform.

GET /internal/v1/admin/stats

Authentication

Requires InternalSecret.

Request Example

curl -X GET "https://api.veriglob.com/internal/v1/admin/stats" \
  -H "X-Internal-Secret: your-internal-secret"

Response

200 OK

{
  "status": "success",
  "message": "Statistics retrieved",
  "data": {
    "users": {
      "total": 1250,
      "active_today": 145,
      "active_this_week": 890,
      "by_tier": {
        "free": 1000,
        "basic": 180,
        "pro": 55,
        "enterprise": 15
      }
    },
    "dids": {
      "total_created": 5420
    },
    "credentials": {
      "total_issued": 12500,
      "total_revoked": 320,
      "active": 12180
    },
    "presentations": {
      "total_created": 8900,
      "total_verified": 15200
    },
    "api_usage": {
      "requests_today": 125000,
      "requests_this_week": 750000
    }
  }
}

---

Batch Create Users

Creates multiple user accounts at once.

POST /internal/v1/admin/users/batch

Authentication

Requires InternalSecret.

Request Body

Field	Type	Required	Description
users	array	Yes	Array of user objects to create

Each user object:

Field	Type	Required	Description
email	string	Yes	User’s email address
password	string	Yes	User’s password
name	string	No	User’s display name
tier	string	No	Subscription tier (default: “free”)

Request Example

curl -X POST "https://api.veriglob.com/internal/v1/admin/users/batch" \
  -H "X-Internal-Secret: your-internal-secret" \
  -H "Content-Type: application/json" \
  -d '{
    "users": [
      {
        "email": "user1@example.com",
        "password": "secure-password-1",
        "name": "User One",
        "tier": "basic"
      },
      {
        "email": "user2@example.com",
        "password": "secure-password-2",
        "name": "User Two",
        "tier": "pro"
      }
    ]
  }'

Response

200 OK

{
  "status": "success",
  "message": "Users created successfully",
  "data": {
    "created": [
      {
        "user_id": "user_abc123",
        "email": "user1@example.com",
        "tier": "basic"
      },
      {
        "user_id": "user_def456",
        "email": "user2@example.com",
        "tier": "pro"
      }
    ],
    "failed": [],
    "total_created": 2,
    "total_failed": 0
  }
}

Partial Success (with failures):

{
  "status": "success",
  "message": "Users created with some failures",
  "data": {
    "created": [
      {
        "user_id": "user_abc123",
        "email": "user1@example.com",
        "tier": "basic"
      }
    ],
    "failed": [
      {
        "email": "existing@example.com",
        "error": "Email already registered"
      }
    ],
    "total_created": 1,
    "total_failed": 1
  }
}

Error Responses

Status	Description
400	Invalid request body or empty users array
401	Invalid internal secret

---

Internal DID Operations

Create DID (Internal)

Creates a new DID without rate limiting.

POST /internal/v1/did

Authentication

Requires InternalSecret.

Request Body

Field	Type	Required	Description
public_key	string	No	Optional existing public key

Response

201 Created

{
  "status": "success",
  "message": "DID created",
  "data": {
    "did": "did:key:z6MkhsiKBzbNixeXD7mzEzEiuRDFJEKpofi62adE1ZpauNeh",
    "public_key": "base64-encoded-public-key",
    "private_key": "base64-encoded-private-key"
  }
}

Resolve DID (Internal)

GET /internal/v1/did/{did}

Resolves a DID without rate limiting.

---

Internal Credential Operations

Issue Credential (Internal)

POST /internal/v1/credentials

Issues a credential without rate limiting, matching the UI credential issuance form.

Request Body

Field	Type	Required	Description
issuer_did	string	Yes	DID of the issuer
issuer_private_key	string	Yes	Private key for signing
subject_did	string	Yes	DID of the subject
credential_type	string	Yes	Type of credential
claims	object	Yes	Custom claims/attributes
expiration_date	string	No	ISO 8601 expiration date

Verify Credential (Internal)

POST /internal/v1/credentials/verify

Verifies a credential without rate limiting.

---

Internal Presentation Operations

Create Presentation (Internal)

POST /internal/v1/presentations

Creates a presentation without rate limiting.

Verify Presentation (Internal)

POST /internal/v1/presentations/verify

Verifies a presentation without rate limiting.

---

Internal Wallet Operations

Create Wallet (Internal)

POST /internal/v1/wallets

Creates a wallet without rate limiting.

Open Wallet (Internal)

POST /internal/v1/wallets/open

Opens a wallet without rate limiting.

---

Security Notes

1. Internal Secret Management: The internal secret should be rotated regularly and stored securely
2. Network Isolation: Internal endpoints should only be accessible from trusted internal networks
3. Audit Logging: All internal API calls should be logged for audit purposes
4. Rate Limiting: While internal endpoints bypass user rate limits, they may have their own internal rate limits to prevent abuse