Bypass for admin authentication

[Jcaster99]

Hello, i am new for pocketbase (switch from supabase)
Example i have 2 table table user and user can modify this table, and table user_points only admin can modify
In supabase i have options is secret_key will be instance new database with bypass all rule

For frontend user can CURD the users table, when user submit they profiles avatar i will add more points to him in user_points tables.
and i have api router only admin can modify user points
How to do that with pocketbase ?
Thanks

[ganigeorgiev]

I'm not sure if that is what you are looking for but we don't have fixed API keys/secrets.
You can interact with the web APIs as admin using the same credentials that use to login into the Admin UI.
Collection API rules don't apply for admins and they can access and modify everything (including creating or deleting other admins).

Here is an example JS server-side admin client setup:

// pb.js
//
// this file can be imported from everywhere inside your node actions but
// keep in mind that the exported client can be used only as admin and
// it is not intended to deal with regular app user authentication
import PocketBase from "pocketbase"

const pb = new PocketBase("http://127.0.0.1:8090")

await pb.admins.authWithPassword("test@example.com", "1234567890", {
  // (new feature available with the latest JS SDK that is not documented at the moment)
  // This will trigger auto refresh or auto reauthentication in case
  // the token has expired or is going to expire in the next 30 minutes.
  autoRefreshThreshold: 30 * 60
})

export default pb

// app.js
import pb from "./pb.js"

...

// the below request will be submitted as admin, bypassing the collection update API rule
await pb.collection("user_points").update("RECORD_ID", {
    // your data...
})

[ganigeorgiev]

Alternatively, you can also use PocketBase as framework and interact directly with the database using the embedded JS engine - https://pocketbase.io/docs/js-overview/ (you need only the executable and don't have to install anything to use it).

It comes with some limitations and it is not the same as Node/Deno/Bun environment but it is a good starting point if you don't like or don't want to invest too much time learning the Go APIs.