Admin

This guide is for the store owner who uses the /admin area — your single back-office. You run the eSIM business here (orders, providers, catalog, customers, KYC, marketing, support) and configure the system (email, currencies, languages, payment gateways, roles, branding).

Accessing the admin panel

Admin routes live under /admin; sign in at /admin/login (the admin guard is separate from the customer storefront login).
Demo login (change in production): admin@spagreen.net / 123456.
Inside admin, access is permission-based (RBAC). If you lack permission for a screen, you’re redirected away. The Super Admin role has every permission.

eSIM business

Running the eSIM side of the store.

Area	Route	Purpose
Dashboard	`/admin/dashboard`	Gross revenue, profit / margin, fulfillment health, trends; shows the active provisioning mode badge
eSIM Orders	`/admin/esim/orders`	Every order across the store; fulfill / resend / refund / cancel / complete; create custom and top-up orders
eSIM Catalog	`/admin/esim/catalog`	Enable/disable any package; adjust margins
Supply chain	`/admin/esim/topup-packages`, `/admin/esim/regions`, `/admin/esim/countries`	Top-ups, regional bundles, destinations — with manual Sync
eSIM Providers	`/admin/esim/providers`	Provider health and package counts; enable/disable; set margin; edit settings/test/sync
eSIM Customers	`/admin/esim/customers`	All customers; update KYC; block/unblock

Money flow

Each order records what the customer paid (revenue), the provider cost (wholesale), and the difference (margin / profit). The dashboard aggregates these into gross revenue, total cost, and profit.

provider wholesale  +  your margin %  =  customer price
($4.00)                (+50%)            ($6.00)

eSIM customers & KYC

Storefront buyers who submit identity documents appear under Customers → KYC (/admin/customers/kyc). Documents stream from a private disk; review and approve or reject each submission.

Payment gateways

Payment Gateways (/admin/payment-gateways) holds the gateway configuration customers pay through at storefront checkout (Stripe / PayPal). Open a gateway to enter its keys. Webhooks are received at /webhooks/stripe, /webhooks/paypal, and /webhooks/paddle (CSRF-exempt).

Webhook signatures are verified and fail closed. Each incoming webhook is cryptographically checked against the gateway's signing secret — Stripe's webhook signing secret, PayPal's Webhook ID, Paddle's webhook secret. If that value isn't configured, the webhook is rejected (it can't be trusted). Set the signing secret/ID for any gateway whose webhooks you rely on.

Email system

Email System (/admin/email-system) configures SMTP and email templates.

SMTP is required to deliver eSIM/QR emails. Add a configuration, activate it, and use Test email to verify. You can store multiple SMTP configs and switch the active one.
Templates (including esim_delivery) are editable here. Without an active SMTP config, orders still fulfill but no email is sent (it’s logged, never breaks checkout).

Currencies & languages

Currencies (/admin/currencies) — money formats and exchange rates for storefront display and charges.
Languages (/admin/locales) — locales for the multi-language UI (with RTL). Set the default, add new languages (creates a {code}.json from English), and edit Translations — including optional auto-translate for missing entries. See Setup → i18n.

Social Login (/admin/social-login) enables and configures Sign in with Google (via Firebase) for the storefront customer login.

AI assistant

AI Settings (/admin/ai-settings) connects an optional AI provider — OpenAI, Claude (Anthropic), or DeepSeek — and turns on AI features. Add an API key (stored encrypted), pick the Active provider, run Test connection, then enable:

AI eSIM Advisor — a storefront widget that recommends plans from your catalog.
Support reply drafting — a Suggest reply button on admin and reseller support tickets that drafts an answer for an agent to edit before sending.

AI is off by default, and every AI request is billed to your provider account (not included in the purchase price). Full details: AI assistant guide.

Website templates

Website Templates (/admin/website-templates) manages the starter templates used for storefront/landing pages.

Roles, permissions & admins

Roles & Permissions (/admin/roles-permissions) — define which admin screens and actions each role can access (single page with tabs for roles and permissions).
Admin Users (/admin/admins) — manage staff logins for the /admin panel; activate/deactivate accounts.

General settings, notifications & audit

General Settings (/admin/general-settings) — company name, logo/branding, timezone, and global defaults.
Notifications (/admin/notifications) — the in-app bell for admins.
Audit Log (/admin/audit-log) — history of admin actions.

Security practices

Restrict /admin to trusted networks where practical.
Keep APP_KEY strong and stable — it decrypts stored provider credentials.
Never commit .env; use the host’s secret storage.
Schedule database backups and follow your organization’s hardening standards alongside the Setup checklist.