Vaultwarden Admin API

Sloknatos · January 21, 2026, 9:41pm

What app is this about, and its version: vaultwarden 1.35.2~ynh1
What YunoHost version are you running: 12.1.39 (stable)
What type of hardware are you using: VPS bought online

Describe your issue

i’m trying to use the Admin API to be able to automatically send user invite (for example).
i do not find any documentation (something as a swagger or an openapi documentation)
can someone have something like or an example of the URL and how to be recognize as administrator ?

Share relevant logs or error messages

no logs to display, i can make screen from the admin panel if needed
(assume i have an URL as subdomain.domain.tld)

djez · January 21, 2026, 10:46pm

Hi @Sloknatos,

Unfortunately, Vaultwarden does not have OpenAPI/Swagger documentation for its Admin API. This is a recurring question in the community, and the maintainers have confirmed this (see this discussion). The only “doc” available is the source code.

Tips for using the Admin API

According to GitHub discussions, authentication to the Admin API does not seem to work via a simple Authorization: Bearer header. Instead, it appears to use a session cookie obtained after authentication.

Here is an approach that might work (to be tested):

Step 1: Authenticate and obtain the session cookie

curl -c cookies.txt -X POST “https://subdomain.domain.tld/admin” \
  -H “Content-Type: application/x-www-form-urlencoded” \
  -d “token=YOUR_ADMIN_TOKEN”

Step 2: Use the cookie to invite a user

curl -b cookies.txt -X POST “https://subdomain.domain.tld/admin/invite” \
  -H “Content-Type: application/json” \
  -d ‘{“email”: “user@example.com”}’

This two-step approach was suggested by a user in this discussion, but I haven’t been able to test it myself.

Other endpoints seem to exist according to the source code (user management, deletion, etc.).

Note to retrieve your ADMIN_TOKEN under YunoHost

Warning: the token can be stored in two different places depending on whether you have modified it or not via the Vaultwarden interface:

# Initial token generated by YunoHost
sudo grep “admin_token” /etc/yunohost/apps/vaultwarden/settings.yml

# Token actually used by Vaultwarden
sudo grep “admin_token” /home/yunohost.app/vaultwarden/config.json

Feel free to share your results if you test it, it may help other users!

Sloknatos · January 22, 2026, 8:52am

Hello @djez

thanks to you, it worked !

for people who set a Argon2 token, it’s the same you have to push in the token value and you have to set the admin panel permission on visitors in yunohost administrator configuration

system · February 6, 2026, 8:52am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.