Skip to content

Powered by Grav + Helios

Admin2 Integration

Admin2 Integration

Endpoints that power Admin2's extensibility: menubar toolbar items, floating widgets, slide-in context panels, settings-page panels, and the registry of plugin-provided custom field components. All endpoints require api.access and are meant to be called by Admin2 during UI composition, not by en...

Endpoints that power Admin2's extensibility: menubar toolbar items, floating widgets, slide-in context panels, settings-page panels, and the registry of plugin-provided custom field components.

All endpoints require api.access and are meant to be called by Admin2 during UI composition, not by end-user applications. Each endpoint is backed by an event (onApiMenubarItems, onApiFloatingWidgets, onApiContextPanels, onApiAdminSettingsPanels) — plugins hook those events to register items. See the Developer Guide for the full integration recipe.

GET /menubar/items
Collect toolbar menu items registered by plugins via the `onApiMenubarItems` event. Each item declares an id, owning plugin slug, label, icon, action key, and an optional confirmation prompt. Admin2 renders them as buttons in the top toolbar and POSTs to `/menubar/actions/{plugin}/{action}` when clicked. Optional presentation keys control appearance: `variant` (default|primary|success|warning|danger), `showLabel`, and `size` (sm|md). Optional placement keys control where the button sits: `placement` (`start`, the default, is the open space on the left, away from the Clear Cache action; `end` sits beside the core actions behind a divider) and `priority` (higher renders earlier within a zone). An item may instead declare a client-side intent that runs in Admin2 without a server round-trip: `route` navigates the SPA (e.g. `/pages/new?parent=/blog&template=item` to deep-link the new-page form with a preset parent and locked template), and `modal` opens one of the plugin's own modal web components (`{component, title?, props?, size?, useStandardHeader?}` — see `GET /gpm/plugins/{slug}/modal-script/{modalId}`). When `route` or `modal` is present it takes precedence over `action`; `confirm` still runs first if set.
JSON
{"data": [{"id": "warm-cache", "plugin": "warm-cache", "label": "Warm Cache", "icon": "fa-tachometer", "action": "warm", "confirm": "Warm the cache?"}, {"id": "new-article", "plugin": "my-plugin", "label": "New Article", "icon": "fa-plus", "route": "/pages/new?parent=/blog&template=item"}]}

Response Codes

200 Items returned.
401 Unauthorized.
403 Missing `api.access` permission.
POST /menubar/actions/{plugin}/{action}
Execute a plugin-registered menubar action. Fires `onApiMenubarAction` with the plugin/action routing keys, the posted body, and the current user. Plugins that own the `{plugin}` slug set `$event['result']` to `{"status": "success", ...}` (200) or `{"status": "error", "message": "..."}` (400).

Parameters

Name Type Description
plugin required string Owning plugin slug (from the menubar item registration).
action required string Action key (from the menubar item registration).
JSON
{}
JSON
{"data": {"status": "success", "message": "Cache warmed successfully."}}

Response Codes

200 Action succeeded.
400 No handler registered for this plugin/action pair, or the handler returned an error.
401 Unauthorized.
403 Missing `api.access` permission.

Floating Widgets

GET /floating-widgets
Collect persistent UI widgets (chat assistants, notification panels) registered by plugins via `onApiFloatingWidgets`. Each widget ships a web component at `admin-next/widgets/{slug}.js` that Admin2 loads on-demand via `/gpm/plugins/{slug}/widget-script`.
JSON
{"data": [{"id": "ai-pro-chat", "plugin": "ai-pro", "label": "AI Assistant", "icon": "bot", "priority": 10}]}

Response Codes

200 Widgets returned.
401 Unauthorized.
403 Missing `api.access` permission.

Context Panels

GET /context-panels
Collect slide-in panel registrations. Context panels are triggered by toolbar buttons inside Admin2 editors — plugins hook `onApiContextPanels` to register them, specify which editor contexts they appear in (e.g. `pages`), and ship a web component at `admin-next/panels/{slug}.js` served via `/gpm/plugins/{slug}/panel-script`. Optional `badgeEndpoint` returns `{count: N}` to drive a badge on the toolbar button.
JSON
{"data": [{"id": "revisions-pro", "plugin": "revisions-pro", "label": "Revision History", "icon": "history", "contexts": ["pages"], "priority": 10, "width": 900, "badgeEndpoint": "/revisions-pro/badge"}]}

Response Codes

200 Panels returned.
401 Unauthorized.
403 Missing `api.access` permission.

Settings Panels

GET /settings/panels
Collect admin-settings panel registrations from plugins via `onApiAdminSettingsPanels`. Unlike full plugin pages (registered with `onApiSidebarItems`), settings panels render as cards inside Admin2's Settings page. Each panel follows the blueprint-mode plugin-page shape: a blueprint file plus data/save endpoints. Sorted by `priority` descending (higher priority first), preserving insertion order for ties.
JSON
{"data": [{"id": "login-settings", "plugin": "api", "label": "Login & Security", "description": "Authentication settings", "icon": "fa-shield-alt", "blueprint": "login-settings", "data_endpoint": "/login-settings/data", "save_endpoint": "/login-settings/save", "priority": 0}]}

Response Codes

200 Panels returned (sorted).
401 Unauthorized.
403 Missing `api.access` permission.

List Custom Fields

GET /custom-fields
Map every custom blueprint field type to the plugin or theme that ships it, by scanning `admin-next/fields/*.js` in every enabled plugin and installed theme. Each value is `{ slug, kind }`, where `kind` is `plugins` or `themes`, so Admin2 fetches each field script from the correct `/gpm/{kind}/{slug}/field/{type}` route. Admin2 calls this once on load to pre-populate its custom-field registry so unknown field types in blueprints render correctly on first sight.
JSON
{"data": {"codeshtheme": {"slug": "codesh", "kind": "plugins"}, "products-status": {"slug": "license-manager", "kind": "plugins"}, "tinymce": {"slug": "mytheme", "kind": "themes"}}}

Response Codes

200 Registry returned.
401 Unauthorized.
403 Missing `api.gpm.read` permission.