Payload is now completely free and open-source.
If you like what we're doing, stop by GitHub and give us a star!
Power your entire web app. Focus on what matters.
Unlike other headless CMS, Payload doesn't stop at websites. It can power ecommerce apps, SaaS, video game backends, and any other web app you can dream up.
Native app, My290, powered by Payload

Payload provides out-of-the-box features to dramatically accelerate your engineering efficiency.


Payload's is entirely driven from a code-based configuration, all fully typed in TypeScript. No fumbling around with a GUI. All code is stored in your version control - exactly how it should be.

Instant APIs

Get instant and fully-featured REST, GraphQL, and server-side Node APIs based upon the shape of your data. Extend them easily with hooks, access control, and more.

Customize with Hooks

Payload's hooks enable an unprecedented amount of control over your data and logic flow. Inject your custom business logic wherever you need.

Access Control

Deep access-control written purely with code for maximum flexibility. Want to integrate with another auth provider? No problem, drop in your code.

Admin Panel

Admin UI back-office that is automatically generated based upon your data configuration. Easily swap in custom React components and add additional views.


Make use of highly secure and customizable user auth out of the box, including function-based access control.

Retain full control

Keep full control over your Express application

Nothing is imposed on the structure of your app. Just initialize Payload and pass it your Express app. Maintain your own functionality outside of Payload.

Learn how Payload integrates
const payload = require('payload');
const express = require('express');
const app = express();
// Just pass your app into Payload and everything
// will be scoped to Payload routers.
mongoURL: 'mongodb://localhost/payload',
express: app,
// Your other custom routes here
app.listen(process.env.PORT, () => {
console.log(`Application listening on ${3000}...`);
Extend via hooks

Implement custom business logic with Hooks.

Both collection and field-level hooks enable an unprecedented amount of control over your data and logic flow. Customize output, sanitize incoming data, or easily integrate with third-party platforms.

See the power of hooks
const Customers = {
// ...
hooks: {
beforeChange: [
// Before the Customer is created or updated,
// sync it to Hubspot
afterChange: [
// Send the new Customer a welcome email
// after it's successfully created
afterRead: [
// Dynamically append user's active subscriptions
// straight from Stripe
Access Control

Extremely powerful function-based access control

Secure your data by writing access control functions based on either a document or field level. Build out your own RBAC or any access control pattern you need.

Read more on Access Control
const Orders = {
// ...
access: {
create: () => true, // Everyone can create
read: ({ req: { user } }) => {
if (user) {
return { // Users can only read their own
owner: { equals:, },
return false; // Not logged in? Can't read any
update: ({ req: { user } }) => {
// Only Admins can update Orders
if (user.roles.includes('admin')) return true;
return false;
delete: () => false, // No one can delete
Auto-generated admin panel

Don’t build an admin panel to manage your app from scratch.

An Admin UI back-office is automatically generated based upon your data configuration. Fully-extensible, easily modify an existing component or swap in your own custom React components.

Learn about Payload's Admin UI
CMS Admin Panel UI - edit screen for a home page. Showing input fields that can be edited to update the home page from within the CMS.
Get started with one line.

npx create-payload-app