The Collections API allows superusers to manage database collections, schemas, and configurations. All collection endpoints require superuser authentication.
All collection management endpoints require superuser authentication.
List collections Retrieve a list of all collections.
Sort fields (e.g., -created,name)
Filter expression (e.g., type='base', system=true)
Authentication: Superuser requiredResponse Returns paginated list of collection objects.
curl http://127.0.0.1:8090/api/collections \ -H "Authorization: Bearer SUPERUSER_TOKEN"
View collection Get a single collection by name or ID.
GET /api/collections/{collection}
Authentication: Superuser requiredResponse Returns the collection object with full configuration.
Collection unique identifier
Collection name (must be unique)
Collection type: base, auth, or view
Whether this is a system collection
Array of field definitions
Database indexes configuration
API rule for listing records
API rule for viewing individual records
API rule for creating records
API rule for updating records
API rule for deleting records
curl http://127.0.0.1:8090/api/collections/posts \ -H "Authorization: Bearer SUPERUSER_TOKEN"
Create collection Create a new collection.
Authentication: Superuser requiredRequest body Collection name (alphanumeric and underscores only)
Collection type: base, auth, or view
Response Returns the created collection object (200 OK).
Base collection
Auth collection
curl -X POST http://127.0.0.1:8090/api/collections \ -H "Authorization: Bearer SUPERUSER_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "name": "posts", "type": "base", "fields": [ { "name": "title", "type": "text", "required": true }, { "name": "content", "type": "editor" } ], "listRule": "", "viewRule": "", "createRule": "@request.auth.id != '""'", "updateRule": "@request.auth.id = author", "deleteRule": "@request.auth.id = author" }'
Update collection Update an existing collection.
PATCH /api/collections/{collection}
Collection name or ID to update
Authentication: Superuser requiredRequest body Same as create collection. Only include fields you want to update.
Response Returns the updated collection object (200 OK).
curl -X PATCH http://127.0.0.1:8090/api/collections/posts \ -H "Authorization: Bearer SUPERUSER_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "listRule": "status = '"published'" || @request.auth.id = author", "viewRule": "status = '"published'" || @request.auth.id = author" } '
Modifying collection schema may cause data loss. Always backup before making structural changes.
Delete collection Delete a collection and all its records.
DELETE /api/collections/{collection}
Collection name or ID to delete
Authentication: Superuser requiredResponse Returns 204 No Content on success.
curl -X DELETE http://127.0.0.1:8090/api/collections/posts \ -H "Authorization: Bearer SUPERUSER_TOKEN"
Deleting a collection permanently removes all its records and cannot be undone. Collections with references from other collections cannot be deleted.
Truncate collection Delete all records from a collection without deleting the collection itself.
DELETE /api/collections/{collection}/truncate
Collection name or ID to truncate
Authentication: Superuser requiredResponse Returns 204 No Content on success.
curl -X DELETE http://127.0.0.1:8090/api/collections/posts/truncate \ -H "Authorization: Bearer SUPERUSER_TOKEN"
View collections cannot be truncated since they don’t store their own records.
Import collections Bulk import/update collections from JSON.
PUT /api/collections/import
Authentication: Superuser requiredRequest body Array of collection objects to import
Whether to delete collections not present in the import
Response Returns 204 No Content on success.
curl -X PUT http://127.0.0.1:8090/api/collections/import \ -H "Authorization: Bearer SUPERUSER_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "collections": [ { "name": "posts", "type": "base", "fields": [...] }, { "name": "users", "type": "auth", "fields": [...] } ], "deleteMissing": false }'
Get collection scaffolds Get empty collection templates for each type.
GET /api/collections/meta/scaffolds
Authentication: Superuser requiredResponse Returns scaffold objects for base, auth, and view collection types.
curl http://127.0.0.1:8090/api/collections/meta/scaffolds \ -H "Authorization: Bearer SUPERUSER_TOKEN"
Collection types Base collection Standard collection for storing records.
{ "name" : "posts" , "type" : "base" , "fields" : [ { "name" : "title" , "type" : "text" , "required" : true }, { "name" : "content" , "type" : "editor" } ] }
Auth collection Collection for user authentication with built-in auth fields.
{ "name" : "users" , "type" : "auth" , "fields" : [ { "name" : "name" , "type" : "text" } ] }
Auth collections automatically include:
email - User email addressverified - Email verification statusemailVisibility - Whether email is publicly visiblepassword - Hashed password
View collection Virtual collection based on SQL query.
{ "name" : "posts_view" , "type" : "view" , "options" : { "query" : "SELECT id, title, created FROM posts WHERE status = 'published'" } }
View collections are read-only. Create, update, and delete operations are not supported.
Field types Supported field types:
text - Single line texteditor - Rich text editornumber - Numeric valuebool - Boolean (true/false)email - Email addressurl - URLdate - Date onlyselect - Single select dropdownjson - JSON datafile - File uploadrelation - Relation to another collectionautodate - Auto-updated timestamp
API rules API rules control record access:
Rule examples // Anyone can read, only auth users can create listRule : "" viewRule : "" createRule : "@request.auth.id != ''" // Only owners can update/delete updateRule : "@request.auth.id = author" deleteRule : "@request.auth.id = author" // Admin or owner updateRule : "@request.auth.role = 'admin' || @request.auth.id = author"