Your storefront is only half the story. The Bagisto Admin API lets you run the entire store from your own tools and automations.
It mirrors the Bagisto admin panel over REST and GraphQL — catalog, sales, customers, marketing, CMS, and settings.
Here’s what it manages, how it stays secure, and where to try it live.
What Is the Bagisto Admin API?
The Bagisto Admin API is the management layer of Bagisto’s headless toolkit.
Anything an admin can do in the panel, a client can do over the API.
So it powers back-office automation, integrations, and custom admin tools.
Secure by Design
Instead of passwords, pre-issued integration tokens control every admin request.
- Per-admin tokens — each inherits its owner’s role permissions.
- Permission modes — All, Custom, or Same as Web.
- Optional guards — IP allowlist, rate limits, and expiry.
- Full control — revoke or regenerate anytime, with email alerts.
So a token can never do more than its owner could in the admin panel.
A Full Audit Trail
Behind the scenes, the API records every write — who changed what, when, and with which token.
Then the Integration → History screen shows before/after diffs and version history.
Plus, cleanup tools and retention settings keep the log manageable.
What You Can Manage
The Admin API covers the full admin surface, not a subset:
- Catalog — products, categories, attributes, families.
- Sales — orders, invoices, shipments, refunds, transactions, bookings.
- Customers — customers, groups, reviews, GDPR requests.
- Marketing — cart & catalog rules, coupons, campaigns, SEO.
- CMS & Settings — pages, currencies, locales, channels, taxes, users.
- Configuration, dashboard & reporting — the whole back office.
In short, it mirrors the admin panel one-to-one — now over the API.
Built for Real Operations
The Admin API handles day-to-day store running, not just reads:
- Create orders end to end, including the admin draft-cart flow.
- Mass actions — bulk delete and status updates.
- CSV export on listings, honouring your current filters.
- Detailed reporting — headline stats plus a full table view.
As a result, everything you’d do by hand becomes a repeatable API call.
REST or GraphQL — Your Choice
The Admin API treats both transports as first-class, so your team picks one:
- REST — familiar, cache-friendly, and easy to integrate anywhere.
- GraphQL — request exactly the data you need in one round trip.
Same data, same capabilities — you choose the developer experience.
Explore the Docs and Test Locally
Because each admin uses their own token, there’s no shared public playground.
Read the full reference, then try it on your own install:
- API documentation — every admin endpoint, request, and response.
To try it hands-on, run it on your own Bagisto instance.
No Bagisto yet? Follow the Bagisto installation guide first.
Then install the package by following the installation guide in the docs.
After that, generate an integration token and call the admin endpoints.
Your install includes the admin GraphQL playground at /api/admin/graphiql, scoped to your own token.
What’s Next
The Admin API is one half of the Bagisto headless story.
For the big picture, read the Bagisto API overview.
To build the storefront, see the Bagisto Shop API post.
And remember: an AI agent can scaffold your admin integration straight from the package’s skill files.
Ready to automate your store? Explore the Bagisto Admin API today.
