Admin Settings API

Admin endpoints require Authorization: Bearer <ADMIN_PASSWORD>. The password is set via wrangler secret put ADMIN_PASSWORD and never stored in source.

Get settings

GET /admin/settings

{
  "resolved": {
    "emailTtlHours": 8,
    "passwordTtlHours": 1,
    "emailCountCap": 50
  },
  "overrides": {
    "EMAIL_COUNT_CAP": "100"
  },
  "defaults": {
    "EMAIL_TTL_HOURS": "8",
    "PASSWORD_TTL_HOURS": "1",
    "EMAIL_COUNT_CAP": "50"
  }
}

resolved shows the effective values. overrides shows which settings have DB overrides. defaults shows the env var fallbacks.

Update settings

PUT /admin/settings

Body (all fields optional)

{
  "EMAIL_TTL_HOURS": "12",
  "PASSWORD_TTL_HOURS": "2",
  "EMAIL_COUNT_CAP": "100"
}

Changes take effect immediately on the next request — no redeploy needed.

Reset a setting

DELETE /admin/settings/:key

Removes the DB override and falls back to the env var default.

Valid keys: EMAIL_TTL_HOURS, PASSWORD_TTL_HOURS, EMAIL_COUNT_CAP