Skip to main content
GET
/
admin
/
users
/
stats
Get User Statistics
curl --request GET \
  --url https://auth.nullpass.xyz/api/admin/users/stats \
  --header 'Authorization: Bearer <token>'
{
  "totalUsers": 123,
  "premiumUsers": 123,
  "freeUsers": 123
}

Endpoint

GET /api/admin/users/stats

Overview

Retrieves aggregate user statistics including total users, premium users, and free users. Requires admin access via DROP service accessFlags or INTERNAL_SECRET.

Request

Requires authentication via Bearer token (with admin privileges) or x-internal-secret header.

Response

totalUsers
number
Total number of users in the system
premiumUsers
number
Number of users with premium DROP service access
freeUsers
number
Number of users without premium DROP service access (totalUsers - premiumUsers)

Authentication

Admin Access via DROP Service

User must have DROP service entitlement with:
  • accessFlags.isNullDropTeam: true
  • accessFlags.nullDropTeamRole: "founder" or "dev"

Internal Secret

Alternatively, use x-internal-secret header with INTERNAL_SECRET value.

Implementation Details

Code Reference

export async function GET(request: NextRequest) {
  const corsResponse = handleCors(request)
  if (corsResponse) return corsResponse

  const internalSecret = request.headers.get('x-internal-secret')
  const isInternal = INTERNAL_SECRET && internalSecret === INTERNAL_SECRET

  if (!isInternal) {
    const auth = await requireAuth(request)
    if ('error' in auth) {
      return auth.error
    }

    const dropService = await prisma.userServiceEntitlement.findUnique({
      where: {
        userId_service: {
          userId: auth.userId,
          service: 'DROP',
        },
      },
    })

    const accessFlags = (dropService?.accessFlags as any) || {}
    const isAdmin = accessFlags.isNullDropTeam && ['founder', 'dev'].includes(accessFlags.nullDropTeamRole)

    if (!isAdmin) {
      return errorResponse('Forbidden - Admin access required', 403, request.headers.get('origin'))
    }
  }

  try {
    const totalUsers = await prisma.user.count()
    
    const premiumUsers = await prisma.userServiceEntitlement.count({
      where: {
        service: 'DROP',
        isPremium: true,
      },
    })

    return jsonResponse({
      totalUsers,
      premiumUsers,
      freeUsers: totalUsers - premiumUsers,
    }, 200, request.headers.get('origin'))
  } catch (error) {
    console.error('Admin users stats error:', error)
    return errorResponse('Internal server error', 500, request.headers.get('origin'))
  }
}

Status Codes

200
OK
Success
401
Unauthorized
Missing or invalid authentication
403
Forbidden
Admin access required

Example Request

curl -X GET https://auth.nullpass.xyz/api/admin/users/stats \
  -H "Authorization: Bearer YOUR_TOKEN"

Example Response

{
  "totalUsers": 1000,
  "premiumUsers": 250,
  "freeUsers": 750
}

Notes

  • Premium users are counted based on DROP service isPremium flag
  • Free users calculation: totalUsers - premiumUsers
  • Statistics are real-time (not cached)

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Response

200 - application/json

User statistics

totalUsers
integer
premiumUsers
integer
freeUsers
integer