Next.js Admin Panel — Architecture, Auth Middleware, API Route Design

When you run your own service, an admin panel is inevitable. Member management, content management, SEO monitoring, performance tracking—building a proper admin panel is far more efficient than checking the database directly. Here’s how we built a production-ready admin panel with Next.js.

Sidebar

Navigation

Role-based

Access control

RESTful

API design

One-click

Key operations

1Admin Panel Architecture

The first decision is whether to embed the admin inside the main site or build it as a separate project. Each approach has trade-offs depending on project scale.

Structure	Pros	Cons	Best For
/admin route in main site	Shared code, simple deploy	Larger bundle	Small projects
Separate Next.js project	Independent deploy, clean separation	Code duplication	Medium+ scale
Subdomain (admin.example.com)	Full isolation, stronger security	CORS setup, auth sharing	Team development

We recommend a separate project

Separating the admin from the main site keeps the main site’s build size clean and allows independent deployment. Share the database and auth, but keep the frontends separate.

2UI Framework Choice

Admin panels are internal tools—functionality and development speed matter more than visual polish. Tailwind CSS + shadcn/ui delivers fast iteration with consistent UI.

Admin sidebar layout structure

// app/admin/layout.tsx
export default function AdminLayout({
  children,
}: {
  children: React.ReactNode;
}) {
  return (
    <div className="flex min-h-screen">
      {/* Sidebar: fixed width, independent scroll */}
      <aside className="w-64 bg-sidebar border-r
                        flex-shrink-0 overflow-y-auto">
        <AdminSidebar />
      </aside>

      {/* Main content area */}
      <main className="flex-1 p-6 overflow-y-auto">
        {children}
      </main>
    </div>
  );
}

Essential Sidebar Menus

▶Dashboard (overview)

▶Member Management

▶Content Management

▶SEO Management

▶PageSpeed Monitoring

▶Email Sending

▶Settings

▶Logout

3Page Structure

Next.js App Router makes it easy to organize admin pages systematically. Each feature gets its own route, with a shared layout applied across all pages.

Admin route structure

app/admin/
  layout.tsx          # Sidebar + main layout
  page.tsx            # Dashboard (stats overview)
  members/
    page.tsx          # Member list + search
    [id]/page.tsx     # Member detail/edit
  content/
    page.tsx          # Content management
  seo/
    page.tsx          # SEO status (IndexNow, etc.)
  pagespeed/
    page.tsx          # PageSpeed results
  email/
    page.tsx          # Email sending
  settings/
    page.tsx          # Service settings

Dashboard page example

// app/admin/page.tsx
export default async function AdminDashboard() {
  const stats = await getAdminStats();

  return (
    <div>
      <h1 className="text-2xl font-bold mb-6">Dashboard</h1>
      <div className="grid grid-cols-4 gap-4">
        <StatCard label="Total Members" value={stats.totalMembers} />
        <StatCard label="Today's Visitors" value={stats.todayVisitors} />
        <StatCard label="Blog Posts" value={stats.totalPosts} />
        <StatCard label="Avg PageSpeed" value={stats.avgPageSpeed} />
      </div>
    </div>
  );
}

4Auth Middleware

Admin pages must be protected from unauthorized access. Using Next.js middleware to guard all /admin routes ensures nothing is accidentally left exposed.

middleware.ts — protecting admin routes

import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";

export function middleware(request: NextRequest) {
  const { pathname } = request.nextUrl;

  // Protect /admin routes
  if (pathname.startsWith("/admin")) {
    const sessionCookie = request.cookies.get("better-auth.session_token");

    if (!sessionCookie) {
      return NextResponse.redirect(
        new URL("/auth/login", request.url)
      );
    }

    // Session validity verified in server components
  }

  return NextResponse.next();
}

export const config = {
  matcher: ["/admin/:path*"],
};

Middleware alone is not enough

Middleware only checks for cookie presence. Actual session validity and admin role verification must happen in server components or API routes by querying the database. Middleware is the first gate; real auth/authorization is the second gate.

5API Route Design

Data queries and mutations in the admin panel go through API routes. Following RESTful patterns keeps the API consistent and predictable.

API route structure

app/api/admin/
  members/
    route.ts           # GET: list, POST: create
    [id]/
      route.ts         # GET: detail, PUT: update, DELETE: delete
  pagespeed/
    route.ts           # POST: run measurement
    results/
      route.ts         # GET: fetch results
  indexnow/
    route.ts           # POST: submit URLs
    history/
      route.ts         # GET: submission history

Member management API example

// app/api/admin/members/route.ts
import { adminGuard } from "@/lib/admin-auth";
import { db } from "@/lib/db";
import { users } from "@/lib/db/schema";

export async function GET(req: Request) {
  const session = await adminGuard();
  if (session instanceof NextResponse) return session;

  const { searchParams } = new URL(req.url);
  const page = Number(searchParams.get("page")) || 1;
  const limit = 20;

  const members = await db
    .select()
    .from(users)
    .limit(limit)
    .offset((page - 1) * limit)
    .orderBy(users.createdAt);

  return NextResponse.json({ members, page, limit });
}

Method	Path	Action
GET	/api/admin/members	List members
POST	/api/admin/members	Create member
GET	/api/admin/members/[id]	Get member detail
PUT	/api/admin/members/[id]	Update member
DELETE	/api/admin/members/[id]	Delete member

6Third-Party Integrations

The real value of an admin panel is centralizing external service management. Integrating PageSpeed API, IndexNow, and email sending into the admin UI dramatically improves operational efficiency.

Service	Admin Feature	Impact
PageSpeed Insights API	Full-site performance scans	Catch regressions early
IndexNow	URL indexing requests + history	Faster search visibility
Email SMTP	Newsletters and notifications	User retention
Google Analytics	Traffic summary dashboard	Data-driven decisions

Admin panels grow over time

Start with member and content management, then add features as needs arise. Trying to build everything at once delays launch. Take an MVP approach.

Summary Checklist

Admin Panel Build Essentials

✓Separate admin from main site as an independent project
✓Use Tailwind + shadcn/ui for rapid, consistent UI development
✓Sidebar + content area layout as the base structure
✓Protect /admin routes with middleware, double-verify in API routes
✓Design RESTful API endpoints for CRUD operations
✓Add third-party integrations incrementally, starting with MVP features

This article is based on Next.js 15 App Router. Admin panel security is critical—always conduct a security review of your auth/authorization logic. Non-commercial sharing is welcome. For commercial use, please reach out via our contact page.

Need an Admin Panel Built?

Treeru builds full-stack Next.js admin panels—member management, API design, auth systems, and third-party integrations included.

Request Admin Development Consultation