Instance Settings

Base path: /v1/admin/settings

Session admin only. These endpoints manage the database-backed runtime settings registry used by the API and admin UI. The admin UI shows a curated subset of this registry; deployment-sensitive settings such as CORS origins and session-cookie policy are intentionally managed through bootstrap config, this API, or SDK automation. Secret settings are Fernet-encrypted at rest and redacted on read.

Admin UI vs API registry

Surface	Use it for
`/settings → Security`	Trusted proxy ranges, outbound provider URL policy, private-network escape hatches, local webhook policy, and embedding-cache posture
Deployment config or this API	CORS origins and session-cookie flags: `cors_origins`, `session_cookie_secure`, `session_cookie_samesite`, and `session_cookie_domain`. These can lock admins out when changed incorrectly, so they are best handled deliberately during deployment
Other Settings pages	Ingestion, queue, retention, webhooks, model defaults, and Turbopuffer search settings

Instance Settings

Admin UI vs API registry

Endpoints

On this page

Instance Settings

Admin UI vs API registry

Endpoints

GET /v1/admin/settings — List settings

PUT /v1/admin/settings — Update settings

POST /v1/admin/settings/test — Test settings

POST /v1/admin/settings/reset — Reset settings

POST /v1/admin/settings/embedding-cache/purge — Purge embedding cache

On this page