Skip to content

Get Admin Menu

EndpointMethod
/api/admin/menuGET

Returns the admin sidebar as a nested tree, filtered to what the authenticated token's role is allowed to see. Use it to build a back-office navigation/sidebar dynamically and to discover which API endpoint backs each screen.

The response is a one-element array. The single element wraps the navigation under tree — a nested array of menu nodes.

Permission Filtering

The tree is scoped to the token's role:

  • A token whose permission type is all sees every menu node.
  • A token with custom permissions sees only the nodes its role permits; menus it cannot access are omitted entirely.

So two admins with different roles will receive different trees from the same endpoint.

Response Fields

Each node in tree (and in any nested children) has the shape:

FieldTypeDescription
keystringUnique node identifier (e.g. sales.orders).
labelstringHuman-readable menu title.
iconstring | nullIcon class for top-level menus; null for sub-items.
sortintegerDisplay order among its siblings.
permissionstringACL key controlling visibility of this node.
apiResourceobject | nullMaps the menu entry to its API endpoint, or null.
childrenarrayNested child nodes (empty array when there are none).

When present, apiResource carries:

FieldTypeDescription
reststringThe REST endpoint backing this screen.
graphqlstringThe GraphQL operation backing this screen.

apiResource is null for group headers (parent menus that only contain children, such as Sales or Catalog) and for panel-only screens that have no API counterpart (such as Integration).

Errors

A request without a valid token returns 401 Unauthorized.

All admin endpoints require an admin Bearer token — see Authentication.

Released under the MIT License.