Admin Features (Mobile)
When an admin or reseller logs in to the ProxRad mobile app, they land in admin mode: a near-complete management surface delivered as a tab bar plus a “More” drawer. Every screen calls the same /api/* endpoints the web portal uses, so the permission system, audit log, and license enforcement behave identically.
The mobile admin mode is designed for operations on the go: confirm a payment, disconnect a problem subscriber, check why the dashboard alert fired at 02:00, switch a customer’s plan from a coffee shop. Heavy work — bulk CSV import, network configuration, building releases — still lives on the web.
How to get here
Section titled “How to get here”- Install ProxRad from the App Store or Google Play.
- Enter your ISP’s ProxPanel URL (e.g.
https://panel.example.com). - Log in with your panel username and password.
- The app detects
user_typeand routes admins to the admin tab bar; resellers see the same UI but their permission group filters what’s visible.
Tab bar layout
Section titled “Tab bar layout”The bottom tab bar has 4 fixed slots and a More menu for everything else.
| Slot | Default tab | Permission needed |
|---|---|---|
| 1 | Dashboard | (none) |
| 2 | Subscribers | subscribers.view |
| 3 | Sessions | sessions.view |
| 4 | More | (none — items inside are individually gated) |
The More drawer surfaces the rest of the admin screens listed below.
Screens covered here
Section titled “Screens covered here”This page documents the screens that are mobile-specific or non-obvious. The basics — Dashboard, Subscribers, Services, Sessions, Tickets, Resellers — are the same as the web pages and are linked at the end.
Bandwidth Rules
Section titled “Bandwidth Rules”Screen: mobile/src/screens/admin/BandwidthRulesScreen.js
API: GET / POST / PUT / DELETE /api/bandwidth-rules
Create and edit time-based bandwidth rules (e.g. “NIGHT_BOOST 22:00–06:00, +200% download speed”). On mobile you can:
- List existing rules and tap to edit.
- Toggle a rule on / off.
- Create a new rule from scratch (name, time window, percentage, service binding).
The actual enforcement runs in bandwidth_rule_service.go on the panel server every 30 s — see Bandwidth Rules for the algorithm.
Sharing Detection
Section titled “Sharing Detection”Screen: mobile/src/screens/admin/CDNScreen.js (separate Sharing tab under more) — BandwidthManagerScreen.js
API: GET /api/sharing/results, POST /api/sharing/scan-now
View the most recent nightly TTL-analysis scan results (each row: subscriber, suspected device count, TTL spread, action taken). Triggers a manual scan with one tap. If sharing_detection_auto_disconnect is enabled in Settings, flagged subscribers are also disconnected.
See Sharing Detection for how TTL analysis works.
Screen: mobile/src/screens/admin/CDNScreen.js
API: GET /api/cdn, POST /api/cdn/sync, GET /api/cdn/traffic/:id
List configured CDN entries with their live traffic graph (read from MikroTik torch on the subscriber’s PPPoE interface). Tap Sync to MikroTik to push the IP / subnet list down to the router’s address-list. CDN port rules are read-only on mobile; create them on the web.
WAN Check
Section titled “WAN Check”Screen: mobile/src/screens/admin/WanCheckScreen.js
API: GET /api/wan-check, POST /api/wan-check/run
WAN Check pings configured uplinks (per-reseller in some installations) and surfaces packet loss or latency spikes. Useful for confirming “my customers are complaining of slow internet” is upstream and not internal.
Screen: mobile/src/screens/admin/NASScreen.js
API: GET / POST / PUT / DELETE /api/nas
List, edit, and create NAS devices (your MikroTik routers or generic-RADIUS BNGs). On mobile you can:
- Toggle a NAS active / inactive.
- Update RADIUS secret, API username and password, CoA port.
- See per-NAS active session count and online status.
Adding a new NAS auto-imports its IP pools (see IP Pool Management) — the import runs server-side asynchronously, so the screen will show “Importing…” for a few seconds after save.
API Keys
Section titled “API Keys”Screen: mobile/src/screens/admin/APIKeysScreen.js
API: GET / POST / DELETE /api/api-keys
Create scoped API keys for external integrations. The full secret is shown once at creation time; copy it immediately. Tap the trash icon to revoke a key.
Public IPs
Section titled “Public IPs”Screen: mobile/src/screens/admin/PublicIPsScreen.js
API: GET / POST / DELETE /api/public-ips
The admin side of the public IP feature — manage the inventory of routable IPs that customers can rent.
| Action | What it does |
|---|---|
| Add IP / subnet | Push a single IP or a CIDR block into the pool. |
| Set monthly price | The fee charged when a customer rents from this pool. |
| Force-release | Strip the IP from whichever subscriber currently holds it (also stops billing). |
Customer-side rent / release lives in the customer app.
CPE Devices
Section titled “CPE Devices”Screen: mobile/src/screens/admin/CPEDevicesScreen.js
API: GET /api/cpe/devices, POST /api/cpe/devices/:id/wifi, POST /api/cpe/devices/:id/reboot
Manage every TR-069 router that has phoned home. Tap a row to see WiFi SSID/password (per band), connected client count, link to subscriber, and serial / manufacturer / model. From the detail view you can change WiFi credentials and reboot — same actions the customer has on their own router, but you can do it to anyone you can see.
Reports
Section titled “Reports”Screen: mobile/src/screens/admin/ReportsScreen.js
API: GET /api/reports/revenue, GET /api/reports/subscribers
Read-only on mobile. The four most-asked reports:
- Revenue by day and by type (new / renewal / top-up / etc.).
- Subscriber growth by month.
- Churn — expired-and-not-renewed in the last 30 days.
- Per-reseller breakdown of the above three.
PDF / CSV export hands off to the system file viewer.
Screen: mobile/src/screens/admin/AuditScreen.js
API: GET /api/audit/logs
Scroll the audit log with filters for action type and user. Every administrative action in the panel — subscriber edit, password change, NAS add, license re-validation — produces an audit row. See Audit Logs for the full schema.
Permissions
Section titled “Permissions”Screen: mobile/src/screens/admin/PermissionsScreen.js
API: GET / POST / PUT / DELETE /api/permission-groups
Manage permission groups and the permissions inside each. From mobile you can:
- Create a new group.
- Toggle individual permissions on / off in a group.
- See which resellers are assigned to a group (resellers shown as blue badges).
Assigning a reseller to a group is done from the reseller edit screen.
Prepaid Cards
Section titled “Prepaid Cards”Screen: mobile/src/screens/admin/PrepaidScreen.js
API: GET / POST /api/prepaid-cards, POST /api/prepaid-cards/generate
Generate a batch of prepaid cards (set quantity, denomination, expiry, optional service binding). The generated codes are returned in the response and rendered as a printable list — long-press a code to copy. See Prepaid Cards for the lifecycle.
Backups
Section titled “Backups”Screen: mobile/src/screens/admin/BackupsScreen.js
API: GET / POST /api/backups, POST /api/backups/:filename/restore, GET /api/backups/:filename/token
List existing backups (size, date, type). Tap Create now to trigger an immediate full backup. Restore is intentionally also available on mobile — but the app shows a hard red confirmation modal listing exactly what will be replaced.
Downloads use the token endpoint (one-time, five-minute token) so the browser / system viewer can fetch the file without an Authorization header.
Communication Rules
Section titled “Communication Rules”Screen: mobile/src/screens/admin/CommunicationScreen.js
API: GET / POST / PUT / DELETE /api/communication-rules
Edit the WhatsApp / SMS / email rules that fire on subscriber events (expiry approaching, payment received, FUP tier crossed). For each rule:
- Pick the event trigger.
- Edit the message template (supports
{username},{plan},{expiry_date},{balance}placeholders). - Choose channels.
Sending a test message from this screen calls the same /api/notifications/test-* endpoints the web portal uses.
Users / Resellers
Section titled “Users / Resellers”Screens: mobile/src/screens/admin/UsersScreen.js, ResellersScreen.js, WalletScreen.js
API: GET / POST / PUT / DELETE /api/users, /api/resellers, /api/resellers/:id/wallet
- Users — create and edit panel logins (admin, support agents).
- Resellers — full reseller CRUD plus parent / sub-reseller hierarchy. Tap a reseller to see their subscriber count, balance, and recent transactions.
- Wallet — add or withdraw reseller balance; the operation creates a
transactionsrow of typetransfer/withdraw.
Settings
Section titled “Settings”Screen: mobile/src/screens/admin/SettingsScreen.js
API: GET / PUT /api/settings, POST /api/system/restart-services
Most settings tabs are available on mobile:
| Tab | Mobile? |
|---|---|
| General (timezone, currency) | Yes |
| Branding (logo, colors, login background) | Yes |
| RADIUS (CoA port, daily reset time) | Yes |
| Notifications (SMTP, SMS provider, WhatsApp) | Yes — including the test buttons. |
| License (status, refresh, restart services) | Yes |
| System Info (CPU / memory / disk / capacity) | Yes |
| Network Configuration (netplan) | No — web only. Editing IPs from a phone is a footgun. |
| Cluster HA setup | No — web only. |
Common workflows
Section titled “Common workflows””A customer is complaining their internet is slow — confirm and reboot their router.”
Section titled “”A customer is complaining their internet is slow — confirm and reboot their router.””- Open Subscribers, search the customer’s username.
- Tap the row → tap Torch to see live per-flow traffic. If a single connection is saturating the line, the customer is the cause, not your network.
- Back out → tap CPE Devices → search the same customer → tap Reboot.
- The reboot is queued as a TR-069 task. Confirm via the customer’s next online status on the Sessions screen ~30 s later.
”Mass-disconnect everyone on a flapping NAS to force fresh sessions.”
Section titled “”Mass-disconnect everyone on a flapping NAS to force fresh sessions.””- Open NAS, find the affected router. Confirm
online = truefirst. - Open Sessions, filter by
nas_ip = <router IP>. - Select all sessions visible on screen (max 50 per page on mobile).
- Tap Disconnect. Each one fires a
Disconnect-Requestvia CoA — see CoA & Disconnect.
”A reseller’s wallet is overdrawn — see what they spent it on.”
Section titled “”A reseller’s wallet is overdrawn — see what they spent it on.””- More → Resellers → tap the reseller.
- Scroll to Transactions — every charge against the wallet is listed in reverse-chronological order.
- Tap any row to see the underlying subscriber action that consumed the balance.
Permissions
Section titled “Permissions”Every screen above is gated by the same permissions as the web portal. A small selection of the most relevant ones:
| Permission | Effect on mobile |
|---|---|
subscribers.view | Subscribers tab appears at all. |
subscribers.view_all | Resellers see system-wide subscribers, not just their own. |
nas.view / .edit | NAS screen visible / save button enabled. |
backups.create / .restore | Create and Restore buttons enabled on the Backups screen. |
settings.view / .edit | Settings screen visible / fields editable. |
permissions.view | Permissions screen visible. |
audit.view | Audit screen visible. |
prepaid.create | Generate-cards button enabled. |
If the user’s permission group strips one of these, the corresponding screen disappears from the More drawer.
Related pages
Section titled “Related pages”- Mobile App Overview — architecture, version history, parity.
- Customer Features (Mobile) — what end-subscribers see.
- Authentication — login, JWT blacklist, brute-force protection.
- Permissions — full list of permission keys and what they gate.
- NAS / Routers — the web equivalent of the mobile NAS screen.