Skip to main content

Endpoint

PATCH /api/admin/waitlist/[id]
Updates fields on an existing waitlist request. Requires admin authentication.

Authentication

Requires a valid Supabase session with the admin role in user metadata.

Path Parameters

id
string
required
UUID of the waitlist request to update

Request Body

All fields are optional. At least one field must be provided.
status
string
New status value. Must be one of:
  • requested
  • contacted
  • invited
  • activated
  • archived
notes
string
Admin notes about this request. Maximum 2000 characters. Pass null or empty string to clear notes.
priority
number
Priority level from 0 to 10 (higher = more urgent). Pass null or empty string to clear priority.
mark_contacted
boolean
If true, sets last_contacted_at to the current timestamp

Response

request
object
The updated waitlist request object with all fieldsSee the List Waitlist endpoint for the full object schema.

Error Responses

  • 400 Bad Request: No updates provided, invalid status, or invalid request ID
  • 401 Unauthorized: Not authenticated
  • 403 Forbidden: Not an admin user or cross-origin request
  • 404 Not Found: Waitlist entry not found
  • 415 Unsupported Media Type: Content-Type is not application/json
  • 500 Internal Server Error: Database update failed

Example Request

curl -X PATCH "https://your-domain.com/api/admin/waitlist/550e8400-e29b-41d4-a716-446655440000" \
  -H "Content-Type: application/json" \
  -H "Cookie: sb-access-token=..." \
  -H "Origin: https://your-domain.com" \
  -d '{
    "status": "contacted",
    "notes": "Sent intro email with onboarding instructions",
    "priority": 8,
    "mark_contacted": true
  }'

Example Response

{
  "request": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "[email protected]",
    "name": "Jane Doe",
    "company": "Acme Corp",
    "use_case": "Processing medical records",
    "status": "contacted",
    "notes": "Sent intro email with onboarding instructions",
    "priority": 8,
    "last_contacted_at": "2024-03-05T14:22:00Z",
    "created_at": "2024-03-05T10:30:00Z",
    "updated_at": "2024-03-05T14:22:00Z"
  }
}

Validation Rules

  • status: Must be a valid waitlist status string
  • notes: Trimmed and limited to 2000 characters. Empty strings become null.
  • priority: Rounded to integer, clamped to range 0-10. Empty strings or null clear the priority.

Security

  • Same-origin enforcement: Requests must come from the same origin
  • Admin role required: Uses requireAdminUser() helper
  • JSON validation: Content-Type must be application/json
  • Service role client: Bypasses RLS for database access

Source

Implementation: frontend/app/api/admin/waitlist/[id]/route.ts

Build docs developers (and LLMs) love

Get started for freeTalk to us