NX Health backend relay

Admin access
without browser trust.

The console does not own data, business rules, or authorization. It renders backend truth and keeps the bearer token inside a server-held encrypted cookie.

Session contract

Login uses the backend JWT flow you already operate.
Only backend admin routes can drive the UI.
Client JavaScript never sees the backend token.

Secure sign-in

Validate your admin role

Authentication succeeds only if the backend confirms your admin session through /api/admin/me.

Admin accesswithout browser trust.

Validate your admin role

Admin access
without browser trust.