A headless CMS for web apps that lets you focus on what matters.

Unlike other headless CMS, Payload doesn't stop at websites. It can power ecommerce apps, SaaS, video game backends, and any other web app you can dream up.

Let us help you get started
My290 Web App

No field limits or API Quotas

Payload provides out-of-the-box features to dramatically accelerate your engineering efficiency.


Code Driven

Payload's is entirely driven from a code-based configuration, all fully typed in TypeScript. No fumbling around with a GUI. All code is stored in your version control - exactly how it should be.


Instant APIs

Get instant and fully-featured REST, GraphQL, and server-side Node APIs based upon the shape of your data. Extend them easily with hooks, access control, and more.


Customize with hooks

Payload's hooks enable an unprecedented amount of control over your data and logic flow. Inject your custom business logic wherever you need.


Access Control

Deep access-control written purely with code for maximum flexibility. Want to integrate with another auth provider? No problem, drop in your code.


Admin Panel

Admin UI back-office that is automatically generated based upon your data configuration. Easily swap in custom React components and add additional views.



Make use of highly secure and customizable user auth out of the box, including function-based access control.

Retain full control

Keep full control over your Express app.

Nothing is imposed on the structure of your app. Just initialize Payload and pass it your Express app. Maintain your own functionality outside of Payload.

const payload = require('payload');
const express = require('express');
const app = express();
// Just pass your app into Payload and everything
// will be scoped to Payload routers.
express: app,
app.listen(process.env.PORT, () => {
console.log(\`Application listening on \${3000}...\`);

Extend via Hooks

Implement custom business logic with Hooks.

Both collection and field-level hooks enable an unprecedented amount of control over your data and logic flow. Customize output, sanitize incoming data, or easily integrate with third-party platforms.

Learn about Hooks
const Customers = {
// ...
hooks: {
beforeChange: [
// Before the Customer is created or updated,
// sync it to Hubspot
afterChange: [
// Send the new Customer a welcome email
// after it's successfully created
afterRead: [
// Dynamically append user's active subscriptions
// straight from Stripe

Powerful Access Control

Secure your app with function-based access control.

Access control functions give you control based on either a document or field level. Build out your own RBAC or any access control pattern you need.

Read about access control
const Orders = {
// ...
access: {
create: () => true, // Everyone can create
read: ({ req: { user } }) => {
if (user) {
return { // Users can only read their own
owner: { equals: user.id, },
return false; // Not logged in? Can't read any
update: ({ req: { user } }) => {
// Only Admins can update Orders
if (user.roles.includes('admin')) return true;
return false;
delete: () => false, // No one can delete

Auto-generated admin panel

Don't build an admin panel to manage your app from scratch.

An Admin UI back-office is automatically generated based upon your data configuration. Fully-extensible, easily modify an existing component or swap in your own custom React components.

Learn about the Admin UI
Web app admin panel created with Payload

Payload is free and open-source.

You can host it yourself, or let us handle hosting for you on Payload Cloud.

Get started in one line

npx create-payload-app