The Payload Local API gives you the ability to execute the same operations that are available through REST and GraphQL within Node, directly on your server. Here, you don't need to deal with server latency or network speed whatsoever and can interact directly with your database.
The Local API is incredibly powerful when used with server-side rendering app
frameworks like NextJS. With other headless CMS, you need to request your data
from third-party servers which can add significant loading time to your
server-rendered pages. With Payload, you don't have to leave your server to
gather the data you need. It can be incredibly fast and is definitely a game
Here are some common examples of how you can use the Local API:
Seeding data via Node seed scripts that you write and maintain
Opening custom Express routes which feature additional functionality but still rely on Payload
You can gain access to the currently running payload object via two ways:
You can import or require payload into your own files after it's been initialized, but you need to make sure that your import / require statements come after you call payload.init()—otherwise Payload won't have been initialized yet. That might be obvious. To us, it's usually not.
Skip access control. By default, this property is set to true within all Local API operations.
If you set overrideAccess to false, you can pass a user to use against the access control checks.
Opt-in to receiving hidden fields. By default, they are hidden from returned documents in accordance to your config.
Set to false to return all documents and avoid querying for document counts.
Context, which will then be passed to context and req.context, which can be read by hooks. Useful if you want to pass additional information to the hooks which shouldn't be necessarily part of the document, for example a triggerBeforeChange option which can be read by the BeforeChange hook to determine if it should run or not.
There are more options available on an operation by operation basis outlined below.
By default, all access control checks are disabled in the Local API, but you
can re-enable them if you'd like, as well as pass a specific user to run the