Admin Panel
Platform-level administration for managing organizations, users, support tickets, and system health.
Platform Admin vs. Organization Admin
The system distinguishes between two levels of administrative access:
| Role | Scope | Access |
|---|---|---|
| Platform Admin | Entire platform | Manages all organizations, global settings, and system health |
| Organization Admin | Single organization | Manages their own organization's settings, users, and data |
The admin panel documented here is for Platform Admins — the super-administrators who manage the entire booking platform across multiple organizations.
INFO
Organization-level administration (users, roles, settings within a single property) is covered in the Settings guide.
Admin Authentication
Platform admins use a separate authentication flow from regular users:
Login
- Navigate to the admin panel URL (e.g.,
/admin/login) - Enter admin credentials (email and password)
- Admin accounts are created directly in the database — there is no self-registration
Security
- Admin sessions have shorter expiration times than regular user sessions
- All admin actions are logged in the audit trail
- Admin accounts support strong password requirements
- Failed login attempts are rate-limited
Organization Management
View and manage all organizations registered on the platform.
Organization List
The organization list displays:
| Column | Description |
|---|---|
| Organization Name | Property/hotel name |
| Owner | Primary admin of the organization |
| Plan | Subscription plan (if applicable) |
| Status | Active or Disabled |
| Created | Registration date |
| Users | Number of users in the organization |
Organization Actions
| Action | Description |
|---|---|
| View Details | See full organization info, settings, and statistics |
| Enable | Activate a disabled organization, restoring access |
| Disable | Suspend an organization, preventing all users from logging in |
Enabling / Disabling an Organization
When an organization is disabled:
- All users in that organization are blocked from logging in
- API requests from that organization are rejected
- Data is preserved but inaccessible
- The organization appears as "Disabled" in the admin list
When re-enabled, all access is restored immediately.
WARNING
Disabling an organization affects all its users instantly. Use this for policy violations, non-payment, or at the organization's request.
User Management
Manage all users across all organizations from a single view.
User List
The global user list shows:
| Column | Description |
|---|---|
| Name | User's full name |
| User's email address | |
| Organization | Which organization they belong to |
| Role | Their role within their organization |
| Status | Active or Deactivated |
| Last Login | Most recent login timestamp |
User Actions
| Action | Description |
|---|---|
| View Profile | See user details, activity history, and permissions |
| Activate | Re-enable a deactivated user account |
| Deactivate | Disable a user's access across the platform |
Activating / Deactivating Users
- Deactivate: The user can no longer log in. Their data and history remain intact. Useful for addressing compromised accounts or policy violations.
- Activate: Restores the user's ability to log in with their existing credentials and role.
INFO
Platform-level deactivation overrides organization-level status. Even if the org admin activates the user, a platform-level deactivation takes precedence.
Support Ticket System
Manage support requests from organizations and users.
Ticket List
| Column | Description |
|---|---|
| Ticket ID | Auto-generated unique identifier |
| Subject | Brief description of the issue |
| Organization | Which organization submitted it |
| Submitted By | User who created the ticket |
| Priority | Low, Medium, High, Critical |
| Status | Open, In Progress, Resolved, Closed |
| Created | Submission date |
| Last Updated | Date of most recent activity |
Ticket Workflow
- Open — A user submits a support ticket from their organization
- In Progress — An admin picks up the ticket and begins investigation
- Resolved — The issue is addressed; the user is notified
- Closed — The ticket is archived after resolution
Ticket Actions
- View Details — Read the full ticket, including description and attachments
- Add Response — Reply to the user with updates or resolution
- Change Priority — Escalate or de-escalate
- Change Status — Move through the workflow stages
- Assign — Assign to a specific admin (if multiple platform admins exist)
Activity Logs
Monitor all user activity across the platform.
Log Entries
Each activity log entry records:
| Field | Description |
|---|---|
| Timestamp | When the action occurred |
| User | Who performed the action |
| Organization | Which organization context |
| Action | What was done (e.g., "Created Booking", "Updated Invoice") |
| Resource | The affected record type and ID |
| IP Address | User's IP address |
| User Agent | Browser/client information |
Filtering
Filter activity logs by:
- Date range — narrow to a specific period
- User — filter by specific user
- Organization — filter by organization
- Action type — filter by create, update, delete, login, etc.
- Resource type — filter by bookings, invoices, guests, etc.
Retention
Activity logs are retained based on the platform's data retention policy. Older logs may be archived or purged based on configuration.
Live Status Monitoring
Monitor the real-time health of the platform.
System Status Dashboard
| Metric | Description |
|---|---|
| Server Uptime | Time since last restart |
| Active Users | Currently logged-in users (via WebSocket connections) |
| Active Organizations | Organizations with at least one active session |
| API Response Time | Average response time over the last hour |
| Database Status | Connection health and query performance |
| Redis Status | Cache server connection and memory usage |
| WebSocket Connections | Number of active real-time connections |
Health Checks
The admin panel runs periodic health checks against:
- API Server — HTTP response and latency
- Database — MongoDB connection and query responsiveness
- Redis Cache — connection and memory availability
- External Services — Gmail API, GST API availability
Each service shows a status indicator:
- 🟢 Healthy — operating normally
- 🟡 Degraded — responding slowly or partially
- 🔴 Down — unresponsive or erroring
Audit Log Viewing
The audit log provides a detailed, tamper-resistant record of significant system events.
What's Logged
| Event Category | Examples |
|---|---|
| Authentication | Login, logout, failed login attempts |
| User Management | User created, role changed, account deactivated |
| Organization | Organization created, settings changed, disabled |
| Data Changes | Booking created/modified, invoice generated, payment recorded |
| Settings | Tax rates changed, series updated, integrations connected |
| Security | Password changed, permissions modified, API key generated |
Audit Log Entry Structure
Each audit log entry contains:
| Field | Description |
|---|---|
| Event ID | Unique identifier for the event |
| Timestamp | Precise time the event occurred |
| Actor | User who performed the action |
| Action | The specific action taken |
| Resource Type | Type of record affected |
| Resource ID | Identifier of the affected record |
| Changes | Before/after values for update events |
| Organization | Organization context |
| IP Address | Source IP of the request |
| Metadata | Additional context-specific data |
Searching Audit Logs
Use the search and filter controls to find specific events:
- Full-text search — search across all fields
- Date range — restrict to a time period
- Actor — find actions by a specific user
- Action type — filter by create, update, delete, login, etc.
- Resource type — filter by entity type
- Organization — scope to a specific organization
API Analytics
Monitor API usage patterns and performance across the platform.
Analytics Dashboard
The API analytics view provides:
| Metric | Description |
|---|---|
| Total Requests | Total API calls in the selected period |
| Requests by Endpoint | Breakdown of traffic per API route |
| Response Times | Average, P95, and P99 latency per endpoint |
| Error Rate | Percentage of 4xx and 5xx responses |
| Requests by Organization | API usage per organization |
| Requests Over Time | Time-series chart of request volume |
Endpoint Analysis
Drill down into individual endpoints to see:
- Request count and trend
- Average response time
- Error rate and common error codes
- Request payload patterns
Rate Limiting Visibility
View rate limiting statistics:
- Requests approaching rate limits
- Blocked requests (429 responses)
- Rate limit configuration per endpoint
Usage Patterns
Identify:
- Peak hours — when the system is busiest
- Heavy users — organizations or users making the most requests
- Slow endpoints — routes that need optimization
- Error hotspots — endpoints with high failure rates
TIP
API analytics data can be used to plan capacity, identify performance bottlenecks, and detect unusual usage patterns that may indicate issues.
Admin Permissions
The admin panel is accessible only to platform admin accounts. There is no RBAC within the admin panel — all platform admins have full access to all admin features.
For organization-level role and permission management, see Settings → Roles & Permissions.