Unlike other headless CMS, Payload doesn't stop at websites. It can power ecommerce apps, SaaS, video game backends, and any other web app you can dream up.

Let us help you get started

Code Driven

Payload's is entirely driven from a code-based configuration, all fully typed in TypeScript. No fumbling around with a GUI. All code is stored in your version control - exactly how it should be.

Instant APIs

Get instant and fully-featured REST, GraphQL, and server-side Node APIs based upon the shape of your data. Extend them easily with hooks, access control, and more.

Customize with hooks

Payload's hooks enable an unprecedented amount of control over your data and logic flow. Inject your custom business logic wherever you need.

Access Control

Deep access-control written purely with code for maximum flexibility. Want to integrate with another auth provider? No problem, drop in your code.

Admin Panel

Admin UI back-office that is automatically generated based upon your data configuration. Easily swap in custom React components and add additional views.

Authentication

Make use of highly secure and customizable user auth out of the box, including function-based access control.

Retain full control

Keep full control over your Express app.

Nothing is imposed on the structure of your app. Just initialize Payload and pass it your Express app. Maintain your own functionality outside of Payload.

1const payload = require('payload');
2const express = require('express');
3
4const app = express();
5
6// Just pass your app into Payload and everything
7// will be scoped to Payload routers.
8
9payload.init({
10  secret: 'XXXXXXXXXXXXXXXXXXXXXXXXX',
11  express: app,
12});
13
14app.listen(process.env.PORT, () => {
15  console.log(\`Application listening on \${3000}...\`);
16});
17                          

Extend via Hooks

Implement custom business logic with Hooks.

Both collection and field-level hooks enable an unprecedented amount of control over your data and logic flow. Customize output, sanitize incoming data, or easily integrate with third-party platforms.

Learn about Hooks

1const Customers = {
// ...
hooks: {
  beforeChange: [
    // Before the Customer is created or updated,
    // sync it to Hubspot
    syncCustomerToHubspot,
  ],
  afterChange: [
    // Send the new Customer a welcome email
    // after it's successfully created
    sendWelcomeEmail,
  ],
  afterRead: [
    // Dynamically append user's active subscriptions
    // straight from Stripe
    addStripeSubscriptions,
  ],
},
20};
                        

Powerful Access Control

Secure your app with function‑based access control.

Access control functions give you control based on either a document or field level. Build out your own RBAC or any access control pattern you need.

Read about access control

1const Orders = {
// ...
access: {
  create: () => true, // Everyone can create
  read: ({ req: { user } }) => {
    if (user) {
      return { // Users can only read their own
        owner: { equals: user.id, },
      };
    }
11
    return false; // Not logged in? Can't read any
  },
  update: ({ req: { user } }) => {
    // Only Admins can update Orders
    if (user.roles.includes('admin')) return true;
    return false;
  },
  delete: () => false, // No one can delete
},
21};
                        

Auto-generated admin panel

Don't build an admin panel to manage your app from scratch.

An Admin UI back-office is automatically generated based upon your data configuration. Fully-extensible, easily modify an existing component or swap in your own custom React components.

Learn about the Admin UI

Web app admin panel created with Payload

Payload provides solutions, not roadblocks.

You can host it yourself, or let us handle hosting for you on Payload Cloud.

Get Started on Payload Cloud