Application API
Clear API and contract surface for Topolo Admin, grouped under the application instead of split across generic reference sections.
App IDs:
app_topolo_admin Repos: apps/TopoloAdmin
Hosts:
https://admin.topolo.app https://admin.topolo.dev https://admin.stg.topolo.us Dependencies: topolo-auth, applications-packages
Depends on Topolo Auth: yes
Type: curated
Source: system-apps/TopoloDocs/src/content/public/applications/admin.mdx
Source exists: no
Canonical admin coverage now lives in the docs application. Admin resolves its environment-specific Auth app id from the `topolo-admin` service slug for browser auth, transition surfaces, and the TopoloOne widget endpoint. Admin first-party embedded password login completes through Admin-owned router navigation after shared Auth token persistence rather than a shared hard document redirect. Admin keeps same-tab sessionStorage access-token restore enabled by default after login and refresh so normal reloads do not appear logged out before cookie refresh completes. Service detail views expose app-centric organization and user assignment or revocation while Auth remains the source of truth for organization-service and user-service access evaluation. User detail views now use Auth's seat-assignment entitlement model for launchable applications: org-included apps stay enabled for everyone, while seat-based apps can be assigned or unassigned by same-org admins only when seats are available. Organization service-assignment views consume Auth service surface metadata so launchable applications are separated from API, runtime, and internal technical services, and the Available Services add flow excludes developer-owned third-party apps marked as organization-internal. Admin now classifies non-org identities from Auth principal metadata plus membership summaries instead of `orgId = null`, treats households as connected personal-account collections rather than separate identity principals, and surfaces Auth-backed org billable-seat summary plus TopoloOne billing preview and billing portal actions in the add-user and organization-detail flows. Platform-admin organization creation with an owner email now relies on Auth owner activation that opens password setup before TopoloOne onboarding. Admin exposes `GET /api/widget` as a stats widget for TopoloOne live workspace, with platform-admin versus org-admin counts aligned to the Admin dashboard.
API key scopes in Auth catalog: 22
No global OpenAPI security scheme is declared.
analytics.read billing.read billing.write branding.read branding.write dashboard.read developers.read developers.write organizations.read organizations.write security.read security.write services.read services.write settings.read settings.write support.read support.write system.read system.write Wrangler surfaces: none detected
Environment variables: none derived
Routes: workers.dev fallback or no explicit route declared
Observability enabled: no explicit signal found
Wrangler surfaces: No wrangler file detected in scanned surface
This application does not yet have a source-controlled OpenAPI spec in the docs platform. The current API page is derived from the registered contract source and repository surface.