Platform admin
After deploying new code, run central migrations then tenant migrations. HTTP triggers help when SSH is limited—protect with SYSTEM_DEPLOY_TOKEN.
Security: Set
SYSTEM_DEPLOY_TOKEN in .env. All /system/* routes require ?token=... or Authorization: Bearer ... when the token is configured.Recommended deploy order
- Deploy code (git pull, composer install on server).
-
php artisan migrate --force— central database. -
php artisan db:seed --class=SystemDeploySeeder --force— permissions, packages, platform data. -
php artisan permission:cache-reset -
php artisan tenants:migrate --force— each tenant DB using saved credentials. -
php artisan optimize:clearand restart queue workers if used.
HTTP endpoints (when token set)
| Endpoint | Action |
|---|---|
| /system/migrate-seed | Full setup: migrate + SystemDeploySeeder + permission cache + tenants (if enabled) + storage:link + optimize:clear |
| /system/migrate | Central migrate --force only |
| /system/tenants-migrate | tenants:migrate --force for all tenants |
| /system/migrate-all | Central migrate then tenants |
| /system/permission-cache-reset | Clear Spatie permission cache |
| /system/workspace-roles-seed | WorkspaceRolesAndPermissionsSeeder |
| /system/optimize-clear | Clear config/route/view cache |
| /system/queue-restart | Restart queue workers |
Per-organization migrations
From Organizations expanded row: Save & run migrations runs tenant migrations for that org only. Use this after fixing one customer database.
Tenant migrate fails for one org?
Verify credentials in Organizations → expand row → Verify database. Check MySQL user has rights on that database.
Skip all tenants?
Set system_maintenance.run_tenants_migrate false in config for migrate-seed only.