# Build Payload CMS Applications Creating backend APIs and admin panels with Payload CMS requires understanding collections, fields, hooks, and access control patterns. This skill provides comprehensive documentation and code examples for building TypeScript-first CMS applications with Next.js integration. ## Install ```bash npx skillstore add payloadcms/payload ``` ## Metadata - - Slug: payloadcms-payload - - Version: 3.0.0 - - Author: payloadcms - - GitHub username: payloadcms - - License: MIT - - Repository: https://github.com/payloadcms/payload/tree/main/tools/claude-plugin/skills/payload/ - - Ref: main - - Supported tools: Claude, Codex, Claude Code - - Risk level: safe - - Risk factors: external\_commands, network, env\_access, filesystem - - Quality score: 84 - - Quality tier: gold - - Public page: https://skillstore.pages.dev/skills/payloadcms-payload - - Manifest: https://skillstore.pages.dev/api/skills/payloadcms-payload/manifest ## Capabilities - Generate collection configurations with auth, uploads, and versioning - Create field types including relationships, arrays, blocks, and rich text - Implement access control with role-based permissions and row-level security - Build custom hooks for data validation, transformations, and side effects - Query data using Local API, REST endpoints, and GraphQL - Develop plugins that extend Payload CMS functionality ## Use Cases - Build CMS backends: Create headless CMS backends with collections, fields, and authentication using TypeScript patterns. - Integrate with Next.js: Connect Payload CMS with Next.js applications using Local API and revalidation patterns. - Extend Payload CMS: Create plugins that add collections, fields, hooks, and admin components to Payload projects. ## Prompt Templates ### Basic collection setup ``` Show me how to create a Payload CMS collection with text fields, relationship fields, and access control for authenticated users. ``` ### Custom hooks ``` How do I create beforeChange and afterChange hooks in Payload CMS to auto-generate slugs and send notifications? ``` ### Access control ``` Show me how to implement row-level access control in Payload CMS so users can only see their own documents. ``` ### Plugin development ``` How do I create a Payload CMS plugin that adds SEO fields to specified collections? ``` ## Limitations - Does not execute code or modify live Payload CMS instances - Does not provide direct database access or migrations - Does not install or configure Payload CMS projects - Limited to documentation and pattern guidance only ## Best Practices - Use TypeScript types from payload package for type-safe configurations - Pass req parameter to nested operations in hooks for transaction safety - Set overrideAccess false when operating on behalf of authenticated users - Use context object to share data between hooks and prevent infinite loops ## Anti Patterns - Passing user to Local API without setting overrideAccess false \(bypasses security\) - Missing req parameter in nested operations within hooks \(breaks atomicity\) - Not using context to prevent recursive hook calls \(causes infinite loops\) - Storing secrets or credentials in field configurations or client-side code ## Security Audit - - Safe to publish: true - - Audited at: 2026-01-17T08:10:53.915\+00:00 - - Summary: This is a pure documentation skill containing only markdown reference files with TypeScript code examples for Payload CMS. No executable code exists. All 1016 static findings are FALSE POSITIVES: the analyzer incorrectly flagged JavaScript template literals \(backticks\) as Ruby shell execution, standard configuration patterns as credential access, and documentation URLs as network calls. ## Stats - - Views: 1024 - - Downloads: 8 - - Favorites: 0 - - Popularity score: 0