Merchant dashboard
Every merchant runs their box from a single admin app (dashboard). It is a
Next.js 16 App Router application (React 19) that renders
the merchant-facing control surface — catalog, orders, customers, money,
marketing, content and settings — and talks to the Box API only through a
server-side proxy that never exposes the backend to the browser.
Unlike the storefront render app, which serves the public shopfront, the dashboard is the private operator console. One dashboard deployment serves many merchants; what each merchant sees is shaped by their business intent and enabled behaviors (see Intent-driven navigation).
Where it sits
- The browser only ever calls the dashboard’s own origin.
- Every backend call goes through the in-app
proxy route
(
/api/proxy/[...path]), which allowlists path prefixes, filters cookies, and rate-limits before forwarding to the Box API. - Auth is carried by HTTP-only cookies (
pb_auth_token,pb_refresh_token,pb_csrf_token) — the access token is never readable from client JavaScript.
What’s in the box
| Area | Examples |
|---|---|
| Commerce | Catalog, inventory, collections, categories, discounts |
| Orders & money | Orders, finance, payments, invoices, subscriptions |
| Scheduling | Bookings, calendar, calendar-sync, resources, check-in, attendees |
| Customers | Customers, segments, loyalty, reviews |
| Marketing | Email, SMS, WhatsApp, automations, abandoned-cart |
| Content & brand | Blog, templates, editor, appearance, bio |
| Insights | Analytics, customer analytics |
| Organization | Workspaces, team, business profile, builds |
| Settings | Features, domains, shipping, taxes, billing, policies, and more |
The dashboard adapts to the merchant. A bookings business sees Services, Appointments and Calendar; a retail business sees Product Catalog, Orders and Fulfillment — the same routes, relabelled and gated by intent. See Intent-driven navigation.
Sections
- App architecture — the route tree, the server-side proxy, auth, the data layer, and the one-URL mobile model.
- Intent-driven navigation — how the sidebar is built per business type and gated by behaviors.
- Components & UI kit — the shared UI primitives, feature modules, and the mobile component system.
- Page catalog — every route the dashboard mounts, with its React page component, grouped by domain.