Unauthorized

Admin access is restricted. The server must have ADMIN_DASHBOARD_KEY set to the same secret you put in the URL or header. Locally use .env.local and restart npm run dev; on production (e.g. Hostinger) add it under Environment variables and restart the Node app — ?adminKey= alone is not enough. Then use either:

• Query string: /admin?adminKey=YOUR_KEY (and the same ?adminKey= on submission detail URLs).
• Header x-admin-key: YOUR_KEY (API clients / curl).

If your key contains $, wrap the whole value in single quotes in .env.local / host env (e.g. ADMIN_DASHBOARD_KEY='Vhkr$012118'). Otherwise Next.js treats $012118 like a variable reference and the loaded key becomes wrong. In the URL you can also encode $ as %24.