Get Admin Menu
| Endpoint | Method |
|---|---|
/api/admin/menu | GET |
Returns the admin sidebar as a nested tree, filtered to what the authenticated token's role is allowed to see. Use it to build a back-office navigation/sidebar dynamically and to discover which API endpoint backs each screen.
The response is a one-element array. The single element wraps the navigation under tree — a nested array of menu nodes.
Permission Filtering
The tree is scoped to the token's role:
- A token whose permission type is
allsees every menu node. - A token with custom permissions sees only the nodes its role permits; menus it cannot access are omitted entirely.
So two admins with different roles will receive different trees from the same endpoint.
Response Fields
Each node in tree (and in any nested children) has the shape:
| Field | Type | Description |
|---|---|---|
key | string | Unique node identifier (e.g. sales.orders). |
label | string | Human-readable menu title. |
icon | string | null | Icon class for top-level menus; null for sub-items. |
sort | integer | Display order among its siblings. |
permission | string | ACL key controlling visibility of this node. |
apiResource | object | null | Maps the menu entry to its API endpoint, or null. |
children | array | Nested child nodes (empty array when there are none). |
When present, apiResource carries:
| Field | Type | Description |
|---|---|---|
rest | string | The REST endpoint backing this screen. |
graphql | string | The GraphQL operation backing this screen. |
apiResource is null for group headers (parent menus that only contain children, such as Sales or Catalog) and for panel-only screens that have no API counterpart (such as Integration).
Errors
A request without a valid token returns 401 Unauthorized.
All admin endpoints require an admin Bearer token — see Authentication.

