Questions? Email [email protected] · All prices are one-time unless stated otherwise
D
Datapad Projects
Self-hosting

The web admin

First-run setup, managing users, and viewing server settings from the embedded admin UI.

A deliberately small dashboard

The web admin is embedded in the server binary and served at /admin/. Its scope is intentionally narrow: set up the first administrator, manage the people who can sync, and see basic storage information. There is no file browser and no sprawling settings — that simplicity is the point.

First-run setup

When the server has no administrator yet, opening /admin/ presents a one-time setup screen that creates the first admin account. After that, the same URL shows the normal login.

Logging in and out

Admin sessions use a server-side session cookie that is HttpOnly and SameSite=Strict, protected by a same-origin check. When the request arrives over TLS — directly or through a reverse proxy that sets X-Forwarded-Proto — the cookie is also marked Secure, so it is never sent over plain HTTP; on plain localhost HTTP the admin still works without it. This is entirely separate from the bearer tokens your devices use for the sync API, so an admin session can never be used to sync and vice versa.

Managing users

The Users page lists everyone who can sync and lets you:

  • Create a user with a username and password.
  • Reset a user's password.
  • Delete a user. The last remaining administrator cannot be deleted, so you can never lock yourself out.

An administrator is simply a user with the admin flag set; the account that completes first-run setup gets it.

Server settings

The Server page shows storage statistics — number of users, number of stored chunks, and total bytes — and lets you set how many versions to keep per file. This limit is enforced: the server retains the newest N versions of each file and a background cleanup reclaims storage that no kept version still needs; see Conflicts and versioning.