Parse Dashboard is a standalone dashboard for managing your Parse Server apps.
- Getting Started
- Running as Express Middleware
- Deploying Parse Dashboard
- Features
- Contributing
Install the dashboard from npm
.
npm install -g parse-dashboard
You can launch the dashboard for an app with a single command by supplying an app ID, master key, URL, and name like this:
parse-dashboard --dev --appId yourAppId --masterKey yourMasterKey --serverURL "https://example.com/parse" --appName optionalName
You may set the host, port and mount path by supplying the --host
, --port
and --mountPath
options to parse-dashboard. You can use anything you want as the app name, or leave it out in which case the app ID will be used.
The --dev
parameter disables production-ready security features. This parameter is useful when running Parse Dashboard on Docker. Using this parameter will:
- allow insecure http connections from anywhere, bypassing the option
allowInsecureHTTP
- allow the Parse Server
masterKey
to be transmitted in cleartext without encryption - allow dashboard access without user authentication
⚠️ Do not use this parameter when deploying Parse Dashboard in a production environment.
After starting the dashboard, you can visit http://localhost:4040 in your browser:
Parse Dashboard is compatible with the following Parse Server versions.
Parse Dashboard Version | Parse Server Version | Compatible |
---|---|---|
>=1.0 | >= 2.1.4 | ✅ Yes |
Parse Dashboard is continuously tested with the most recent releases of Node.js to ensure compatibility. We follow the Node.js Long Term Support plan and only test against versions that are officially supported and have not reached their end-of-life date.
Version | Latest Version | End-of-Life | Compatible |
---|---|---|---|
Node.js 14 | 14.20.1 | April 2023 | ✅ Yes |
Node.js 16 | 16.17.0 | April 2024 | ✅ Yes |
Node.js 18 | 18.9.0 | May 2025 | ✅ Yes |
Parameter | Type | Optional | Default | Example | Description |
---|---|---|---|---|---|
apps |
Array<Object> | no | - | [{ ... }, { ... }] |
The apps that are configured for the dashboard. |
apps.scripts |
Array<Object> | yes | [] |
[{ ... }, { ... }] |
The scripts that can be executed for that app. |
apps.scripts.title |
String | no | - | 'Delete User' |
The title that will be displayed in the data browser context menu and the script run confirmation dialog. |
apps.scripts.classes |
Array<String> | no | - | ['_User'] |
The classes of Parse Objects for which the scripts can be executed. |
apps.scripts.cloudCodeFunction |
String | no | - | 'deleteUser' |
The name of the Parse Cloud Function to execute. |
apps.scripts.showConfirmationDialog |
Bool | yes | false |
true |
Is true if a confirmation dialog should be displayed before the script is executed, false if the script should be executed immediately. |
apps.scripts.confirmationDialogStyle |
String | yes | info |
critical |
The style of the confirmation dialog. Valid values: info (blue style), critical (red style). |
You can also start the dashboard from the command line with a config file. To do this, create a new file called parse-dashboard-config.json
inside your local Parse Dashboard directory hierarchy. The file should match the following format:
{
"apps": [
{
"serverURL": "http://localhost:1337/parse",
"appId": "myAppId",
"masterKey": "myMasterKey",
"appName": "MyApp"
}
]
}
You can then start the dashboard using parse-dashboard --config parse-dashboard-config.json
.
This only works when starting the app using the
parse-dashboard
command
There are also two methods you can use to configure the dashboard using environment variables.
Provide the entire JSON configuration in PARSE_DASHBOARD_CONFIG
and it will be parsed just like the config file.
You can also define each configuration option individually.
HOST: "0.0.0.0"
PORT: "4040"
MOUNT_PATH: "/"
PARSE_DASHBOARD_TRUST_PROXY: undefined // Or "1" to trust connection info from a proxy's X-Forwarded-* headers
PARSE_DASHBOARD_SERVER_URL: "http://localhost:1337/parse"
PARSE_DASHBOARD_MASTER_KEY: "myMasterKey"
PARSE_DASHBOARD_APP_ID: "myAppId"
PARSE_DASHBOARD_APP_NAME: "MyApp"
PARSE_DASHBOARD_USER_ID: "user1"
PARSE_DASHBOARD_USER_PASSWORD: "pass"
PARSE_DASHBOARD_SSL_KEY: "sslKey"
PARSE_DASHBOARD_SSL_CERT: "sslCert"
PARSE_DASHBOARD_CONFIG: undefined // Only for reference, it must not exist
PARSE_DASHBOARD_COOKIE_SESSION_SECRET: undefined // set the cookie session secret, defaults to a random string. Use this option if you want sessions to work across multiple servers, or across restarts
Managing multiple apps from the same dashboard is also possible. Simply add additional entries into the parse-dashboard-config.json
file's "apps"
array:
{
"apps": [
{
"serverURL": "http://localhost:1337/parse", // Self-hosted Parse Server
"appId": "myAppId",
"masterKey": "myMasterKey",
"appName": "My Parse Server App"
},
{
"serverURL": "http://localhost:1337/parse2", // Self-hosted Parse Server
"appId": "myAppId",
"masterKey": "myMasterKey",
"appName": "My Parse Server App 2"
}
]
}
Parse Dashboard has a built-in GraphQL Playground to play with the auto-generated Parse GraphQL API.
You can setup the GraphQL Playground by passing the --graphQLServerURL
option to the parse-dashboard
CLI:
parse-dashboard --dev --appId yourAppId --masterKey yourMasterKey --serverURL "https://example.com/parse" --graphQLServerURL "https://example.com/graphql" --appName optionalName
The graphQLServerURL
option is also available through an environment variable called PARSE_DASHBOARD_GRAPHQL_SERVER_URL
:
HOST: "0.0.0.0"
PORT: "4040"
MOUNT_PATH: "/"
PARSE_DASHBOARD_SERVER_URL: "http://localhost:1337/parse"
PARSE_DASHBOARD_GRAPHQL_SERVER_URL: "http://localhost:1337/graphql"
PARSE_DASHBOARD_MASTER_KEY: "myMasterKey"
PARSE_DASHBOARD_APP_ID: "myAppId"
PARSE_DASHBOARD_APP_NAME: "MyApp"
You can also setup the GraphQL Playground in your parse-dashboard-config.json
file:
{
"apps": [
{
"serverURL": "http://localhost:1337/parse",
"graphQLServerURL": "http://localhost:1337/graphql",
"appId": "myAppId",
"masterKey": "myMasterKey",
"appName": "My Parse Server App"
},
{
"serverURL": "http://localhost:1337/parse2",
"graphQLServerURL": "http://localhost:1337/graphql2",
"appId": "myAppId",
"masterKey": "myMasterKey",
"appName": "My Parse Server App 2"
}
]
}
After starting the dashboard, you can visit http://0.0.0.0:4040/apps/MyTestApp/api_console/graphql in your browser:
Parse Dashboard supports adding an optional icon for each app, so you can identify them easier in the list. To do so, you must use the configuration file, define an iconsFolder
in it, and define the iconName
parameter for each app (including the extension). The path of the iconsFolder
is relative to the configuration file. If you have installed ParseDashboard globally you need to use the full path as value for the iconsFolder
. To visualize what it means, in the following example icons
is a directory located under the same directory as the configuration file:
{
"apps": [
{
"serverURL": "http://localhost:1337/parse",
"appId": "myAppId",
"masterKey": "myMasterKey",
"appName": "My Parse Server App",
"iconName": "MyAppIcon.png",
}
],
"iconsFolder": "icons"
}
Parse Dashboard supports adding an optional background color for each app, so you can identify them easier in the list. To do so, you must use the configuration file, define an primaryBackgroundColor
and secondaryBackgroundColor
in it, parameter for each app. It is CSS style
. To visualize what it means, in the following example backgroundColor
is a configuration file:
{
"apps": [
{
"serverURL": "http://localhost:1337/parse",
"appId": "myAppId",
"masterKey": "myMasterKey",
"appName": "My Parse Server App",
"primaryBackgroundColor": "#FFA500", // Orange
"secondaryBackgroundColor": "#FF4500" // OrangeRed
},
{
"serverURL": "http://localhost:1337/parse",
"appId": "myAppId",
"masterKey": "myMasterKey",
"appName": "My Parse Server App [2]",
"primaryBackgroundColor": "rgb(255, 0, 0)", // Red
"secondaryBackgroundColor": "rgb(204, 0, 0)" // DarkRed
}
]
}
You can set appNameForURL
in the config file for each app to control the url of your app within the dashboard. This can make it easier to use bookmarks or share links on your dashboard.
To change the app to production, simply set production
to true
in your config file. The default value is false if not specified.
You can prevent some columns to be sortable by adding preventSort
to columnPreference options in each app configuration
"apps": [
{
"appId": "local_app_id",
"columnPreference": {
"_User": [
{
"name": "createdAt",
"visible": true,
"preventSort": true
},
{
"name": "updatedAt",
"visible": true,
"preventSort": false
},
]
}
}
]
If you have classes with a lot of columns and you filter them often with the same columns you can sort those to the top by extending the columnPreference
setting with the filterSortToTop
option:
"apps": [
{
"columnPreference": {
"_User": [
{
"name": "objectId",
"filterSortToTop": true
},
{
"name": "email",
"filterSortToTop": true
}
]
}
}
]
The filters you save in the data browser of Parse Dashboard are only available for the current dashboard user in the current browser session. To make filters permanently available for all dashboard users of an app, you can define filters in the classPreference
setting.
For example:
"apps": [{
"classPreference": {
"_Role": {
"filters": [{
"name": "Filter Name",
"filter": [
{
"field": "objectId",
"constraint": "exists"
}
]
}]
}
}
}]
You can conveniently create a filter definition without having to write it by hand by first saving a filter in the data browser, then exporting the filter definition under App Settings > Export Class Preferences.
You can specify scripts to execute Cloud Functions with the scripts
option:
"apps": [
{
"scripts": [
{
"title": "Delete Account",
"classes": ["_User"],
"cloudCodeFunction": "deleteAccount",
"showConfirmationDialog": true,
"confirmationDialogStyle": "critical"
}
]
}
]
Next, define the Cloud Function in Parse Server that will be called. The object that has been selected in the data browser will be made available as a request parameter:
Parse.Cloud.define('deleteAccount', async (req) => {
req.params.object.set('deleted', true);
await req.params.object.save(null, {useMasterKey: true});
}, {
requireMaster: true
});
The field which the script was invoked on can be accessed by selectedField
:
Parse.Cloud.define('deleteAccount', async (req) => {
if (req.params.selectedField !== 'objectId') {
throw new Parse.Error(Parse.Error.SCRIPT_FAILED, 'Deleting accounts is only available on the objectId field.');
}
req.params.object.set('deleted', true);
await req.params.object.save(null, {useMasterKey: true});
}, {
requireMaster: true
});
encodeParseObjectInCloudFunction
to true
so that the selected object in the data browser is made available in the Cloud Function as an instance of Parse.Object
. If the option is not set, is set to false
, or you are using an older version of Parse Server, the object is made available as a plain JavaScript object and needs to be converted from a JSON object to a Parse.Object
instance with req.params.object = Parse.Object.fromJSON(req.params.object);
, before you can call any Parse.Object
properties and methods on it.
For older versions of Parse Server:
Parse Server >=4.4.0 <6.2.0
Parse.Cloud.define('deleteAccount', async (req) => {
req.params.object = Parse.Object.fromJSON(req.params.object);
req.params.object.set('deleted', true);
await req.params.object.save(null, {useMasterKey: true});
}, {
requireMaster: true
});
Parse Server >=2.1.4 <4.4.0
Parse.Cloud.define('deleteAccount', async (req) => {
if (!req.master || !req.params.object) {
throw 'Unauthorized';
}
req.params.object = Parse.Object.fromJSON(req.params.object);
req.params.object.set('deleted', true);
await req.params.object.save(null, {useMasterKey: true});
});
Instead of starting Parse Dashboard with the CLI, you can also run it as an express middleware.
var express = require('express');
var ParseDashboard = require('parse-dashboard');
var dashboard = new ParseDashboard({
"apps": [
{
"serverURL": "http://localhost:1337/parse",
"appId": "myAppId",
"masterKey": "myMasterKey",
"appName": "MyApp"
}
]
});
var app = express();
// make the Parse Dashboard available at /dashboard
app.use('/dashboard', dashboard);
var httpServer = require('http').createServer(app);
httpServer.listen(4040);
If you want to run both Parse Server and Parse Dashboard on the same server/port, you can run them both as express middleware:
var express = require('express');
var ParseServer = require('parse-server').ParseServer;
var ParseDashboard = require('parse-dashboard');
var api = new ParseServer({
// Parse Server settings
});
var options = { allowInsecureHTTP: false };
var dashboard = new ParseDashboard({
// Parse Dashboard settings
}, options);
var app = express();
// make the Parse Server available at /parse
app.use('/parse', api);
// make the Parse Dashboard available at /dashboard
app.use('/dashboard', dashboard);
var httpServer = require('http').createServer(app);
httpServer.listen(4040);
Make sure the server URLs for your apps can be accessed by your browser. If you are deploying the dashboard, then localhost
urls will not work.
In order to securely deploy the dashboard without leaking your apps master key, you will need to use HTTPS and Basic Authentication.
The deployed dashboard detects if you are using a secure connection. If you are deploying the dashboard behind a load balancer or front-facing proxy, then the app won't be able to detect that the connection is secure. In this case, you can start the dashboard with the --trustProxy=1
option (or set the PARSE_DASHBOARD_TRUST_PROXY config var to 1) to rely on the X-Forwarded-* headers for the client's connection security. This is useful for hosting on services like Heroku, where you can trust the provided proxy headers to correctly determine whether you're using HTTP or HTTPS. You can also turn on this setting when using the dashboard as express middleware:
var trustProxy = true;
var dashboard = new ParseDashboard({
"apps": [
{
"serverURL": "http://localhost:1337/parse",
"appId": "myAppId",
"masterKey": "myMasterKey",
"appName": "MyApp"
}
],
"trustProxy": 1
});
You can view the security status of your Parse Server by enabling the dashboard option enableSecurityChecks
, and visiting App Settings > Security.
const dashboard = new ParseDashboard({
"apps": [
{
"serverURL": "http://localhost:1337/parse",
"appId": "myAppId",
"masterKey": "myMasterKey",
"appName": "MyApp"
"enableSecurityChecks": true
}
],
});
You can configure your dashboard for Basic Authentication by adding usernames and passwords your parse-dashboard-config.json
configuration file:
{
"apps": [{"...": "..."}],
"users": [
{
"user":"user1",
"pass":"pass"
},
{
"user":"user2",
"pass":"pass"
}
],
"useEncryptedPasswords": true | false
}
You can store the password in either plain text
or bcrypt
formats. To use the bcrypt
format, you must set the config useEncryptedPasswords
parameter to true
.
You can generate encrypted passwords by using parse-dashboard --createUser
, and pasting the result in your users config.
You can add an additional layer of security for a user account by requiring multi-factor authentication (MFA) for the user to login.
With MFA enabled, a user must provide a one-time password that is typically bound to a physical device, in addition to their login password. This means in addition to knowing the login password, the user needs to have physical access to a device to generate the one-time password. This one-time password is time-based (TOTP) and only valid for a short amount of time, typically 30 seconds, until it expires.
The user requires an authenticator app to generate the one-time password. These apps are provided by many 3rd parties and mostly for free.
If you create a new user by running parse-dashboard --createUser
, you will be asked whether you want to enable MFA for the new user. To enable MFA for an existing user, run parse-dashboard --createMFA
to generate a mfa
secret that you then add to the existing user configuration, for example:
{
"apps": [{"...": "..."}],
"users": [
{
"user":"user1",
"pass":"pass",
"mfa": "lmvmOIZGMTQklhOIhveqkumss"
}
]
}
Parse Dashboard follows the industry standard and supports the common OTP algorithm SHA-1
by default, to be compatible with most authenticator apps. If you have specific security requirements regarding TOTP characteristics (algorithm, digit length, time period) you can customize them by using the guided configuration mentioned above.
If you have configured your dashboard to manage multiple applications, you can restrict the management of apps based on user identity.
To do so, update your parse-dashboard-config.json
configuration file to match the following format:
{
"apps": [{"...": "..."}],
"users": [
{
"user":"user1",
"pass":"pass1",
"apps": [{"appId": "myAppId1"}, {"appId": "myAppId2"}]
},
{
"user":"user2",
"pass":"pass2",
"apps": [{"appId": "myAppId1"}]
} ]
}
The effect of such a configuration is as follows:
When user1
logs in, he/she will be able to manage myAppId1
and myAppId2
from the dashboard.
When user2
logs in, he/she will only be able to manage myAppId1
from the dashboard.
Starting parse-server 2.6.5, it is possible to provide a readOnlyMasterKey
to parse-server to prevent mutations on objects from a client.
If you want to protect your dashboard with this feature, just use the readOnlyMasterKey
instead of the masterKey
. All write calls will fail.
Start your parse-server
with
{
"masterKey": "YOUR_MASTER_KEY_HERE",
"readOnlyMasterKey": "YOUR_READ_ONLY_MASTER_KEY",
}
Then in your dashboard configuration:
var trustProxy = true;
var dashboard = new ParseDashboard({
"apps": [
{
"serverURL": "http://localhost:1337/parse",
"appId": "myAppId",
"masterKey": "YOUR_READ_ONLY_MASTER_KEY",
"appName": "MyApp"
}
],
"trustProxy": 1
});
Make sure you specify the readOnlyMasterKey
for the apps that you want to use read-only feature in "apps" configuration.
You can mark a user as a read-only user:
{
"apps": [
{
"appId": "myAppId1",
"masterKey": "myMasterKey1",
"readOnlyMasterKey": "myReadOnlyMasterKey1",
"serverURL": "myURL1",
"port": 4040,
"production": true
},
{
"appId": "myAppId2",
"masterKey": "myMasterKey2",
"readOnlyMasterKey": "myReadOnlyMasterKey2",
"serverURL": "myURL2",
"port": 4041,
"production": true
}
],
"users": [
{
"user":"user1",
"pass":"pass1",
"readOnly": true,
"apps": [{"appId": "myAppId1"}, {"appId": "myAppId2"}]
},
{
"user":"user2",
"pass":"pass2",
"apps": [{"appId": "myAppId1"}]
}
]
}
This way user1
will have a readOnly access to myAppId1
and myAppId2
Make sure you specify the readOnlyMasterKey
for the apps that you want to use read-only feature in "apps" configuration.
You can give read only access to a user on a per-app basis:
{
"apps": [
{
"appId": "myAppId1",
"masterKey": "myMasterKey1",
"readOnlyMasterKey": "myReadOnlyMasterKey1",
"serverURL": "myURL",
"port": 4040,
"production": true
},
{"...": "..."}
],
"users": [
{
"user":"user",
"pass":"pass",
"apps": [{"appId": "myAppId", "readOnly": true}, {"appId": "myAppId2"}]
}
]
}
With this configuration, user1 will have read only access to myAppId1
and read/write access to myAppId2
.
With the latest version of the dashboard, it is possible to send localized messages for push notifications. You can provide a list of locales or languages you want to support for your dashboard users.
{
"apps": [
{
"serverURL": "http://localhost:1337/parse",
"appId": "myAppId",
"masterKey": "myMasterKey",
"appName": "My Parse Server App",
"iconName": "MyAppIcon.png",
"supportedPushLocales": ["en", "ru", "fr"]
}
],
"iconsFolder": "icons"
}
The official docker image is published on docker hub
Run the image with your config.json
mounted as a volume
docker run -d -p 8080:4040 -v host/path/to/config.json:/src/Parse-Dashboard/parse-dashboard-config.json parseplatform/parse-dashboard --dev
You can also pass the appId, masterKey and serverURL as arguments:
docker run -d -p 4040:4040 parseplatform/parse-dashboard --dev --appId $APP_ID --masterKey $MASTER_KEY --serverURL $SERVER_URL
By default, the container will start the app at port 4040 inside the container. However, you can run custom command as well (see Deploying in production
for custom setup).
In this example, we want to run the application in production mode at port 80 of the host machine.
docker run -d -p 80:8080 -v host/path/to/config.json:/src/Parse-Dashboard/parse-dashboard-config.json parse-dashboard --port 8080 --dev
If you are not familiar with Docker, --port 8080
will be passed in as argument to the entrypoint to form the full command npm start -- --port 8080
. The application will start at port 8080 inside the container and port 8080
will be mounted to port 80
on your host machine.
(The following is not a complete list of features but a work in progress to build a comprehensive feature list.)
This feature allows you to use the data browser as another user, respecting that user's data permissions. For example, you will only see records and fields the user has permission to see.
⚠️ Logging in as another user will trigger the same Cloud Triggers as if the user logged in themselves using any other login method. Logging in as another user requires to enter that user's password.
This feature allows you to change how a pointer is represented in the browser. By default, a pointer is represented by the objectId
of the linked object. You can change this to any other column of the object class. For example, if class Installation
has a field that contains a pointer to class User
, the pointer will show the objectId
of the user by default. You can change this to display the field email
of the user, so that a pointer displays the user's email address instead.
- This does not work for an array of pointers; the pointer will always display the
objectId
. - System columns like
createdAt
,updatedAt
,ACL
cannot be set as pointer key. - This feature uses browser storage; switching to a different browser resets the pointer key to
objectId
.
⚠️ For each custom pointer key in each row, a server request is triggered to resolve the custom pointer key. For example, if the browser shows a class with 50 rows and each row contains 3 custom pointer keys, a total of 150 separate server requests are triggered.
This feature will take either selected rows or all rows of an individual class and saves them to a CSV file, which is then downloaded. CSV headers are added to the top of the file matching the column names.
⚠️ There is currently a 10,000 row limit when exporting all data. If more than 10,000 rows are present in the class, the CSV file will only contain 10,000 rows.
We really want Parse to be yours, to see it grow and thrive in the open source community. Please see the Contributing to Parse Dashboard guide.
As of April 5, 2017, Parse, LLC has transferred this code to the parse-community organization, and will no longer be contributing to or distributing this code.