-
Notifications
You must be signed in to change notification settings - Fork 138
Admin REST API
The admin port runs on port 4985 (by default), where you create and inspect users and roles. It also has APIs for listing users and roles.
It also has everything that's available on the standard :4984 port but without read-restrictions. (Not yet!)
DO NOT EXPOSE THIS PORT! It belongs behind your firewall. Anyone who can reach this port has superuser access to your database and user accounts.
/$DB/user/$name -- represents a user account. Supports GET, PUT, DELETE; you can also POST to /$DB/user/. The body is a JSON object; for details see the Authentication page. The special user name GUEST applies to unauthenticated requests.
/$DB/role/$name -- represents a role. API is similar to users.
/$DB/_session -- POST to this to create a login session. The body should be a JSON object containing the username in name and the duration of the session (in seconds) in ttl. The response will be a JSON object with properties session_id (the session cookie string), expires (the time the session expires) and cookie_name (the name of the HTTP cookie to set.)
/$DB/_all_docs -- Same as the regular public _all_docs, but bypasses all auth, so you can see every document in the database without having to authenticate.
/$DB/_changes -- Same as the regular public _changes, but bypasses all auth.