Remove custom API endpoints in favor of Payload's native REST API

- Removed custom endpoint handler and endpoints directory
- Removed enableApi configuration option from plugin
- Updated client hooks to use Payload's native collection API
- Updated documentation to reflect API changes
- Updated view component to handle Payload API response format

The plugin now uses Payload CMS's built-in REST API for the feature-flags collection, which provides standard query syntax, pagination, and automatic access control enforcement.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

README.md

@@ -51,7 +51,6 @@ export default buildConfig({
       defaultValue: false,       // New flags start disabled
       enableRollouts: true,      // Allow percentage rollouts
       enableVariants: true,      // Allow A/B testing
-      enableApi: false,          // REST API endpoints
       disabled: false,           // Plugin enabled
     }),
   ],
@@ -82,12 +81,6 @@ export type PayloadFeatureFlagsConfig = {
    */
   enableVariants?: boolean
   
-  /**
-   * Enable REST API endpoints for feature flags
-   * @default false
-   */
-  enableApi?: boolean
-  
   /**
    * Disable the plugin while keeping the database schema intact
    * @default false
@@ -166,14 +159,14 @@ payloadFeatureFlags({
 
 ### Security Considerations
 
-**API Access Control:** When `enableApi: true`, the REST endpoints respect your collection access controls:
+**Collection Access Control:** The feature flags collection uses Payload's standard access control system:
 
 ```typescript
-// Example: Secure API access
+// Example: Secure collection access
 access: {
   // Option 1: Simple authentication check
   read: ({ req: { user } }) => !!user, // Only authenticated users
-  
+
   // Option 2: More granular control
   read: ({ req: { user } }) => {
     if (!user) return false                      // No anonymous access
@@ -183,7 +176,7 @@ access: {
 }
 ```
 
-**Important:** The plugin does not implement separate API authentication - it uses Payload's collection access system for security.
+**Important:** The plugin uses Payload's native REST API for the collection, which respects all access control rules.
 
 ## Usage
 
@@ -259,75 +252,109 @@ export default async function ProductPage({ userId }: { userId: string }) {
 
 ### Using Feature Flags via REST API
 
-If you have `enableApi: true`, you can use the REST API endpoints:
+The plugin uses Payload's native REST API for the collection. You can access feature flags through the standard Payload REST endpoints:
 
 ```typescript
-// Check if a specific feature is enabled
-const response = await fetch('/api/feature-flags/new-dashboard')
-const flag = await response.json()
+// Get all feature flags
+const response = await fetch('/api/feature-flags')
+const result = await response.json()
+// result.docs contains the array of feature flags
 
-if (flag.enabled) {
+// Query specific feature flags
+const response = await fetch('/api/feature-flags?where[name][equals]=new-dashboard')
+const result = await response.json()
+if (result.docs.length > 0 && result.docs[0].enabled) {
   // Show new dashboard
 }
 
-// Get all active feature flags
-const allFlags = await fetch('/api/feature-flags')
-const flags = await allFlags.json()
+// Get only enabled flags
+const response = await fetch('/api/feature-flags?where[enabled][equals]=true')
+const result = await response.json()
 ```
 
 **Important Security Notes:**
-- REST API endpoints are disabled by default (`enableApi: false`)
 - **API endpoints respect your collection access controls** - they don't bypass security
 - Configure access permissions using `collectionOverrides.access` (see example above)
 - Anonymous users can only access flags if you explicitly allow it in access controls
 
 ### API Endpoints
 
-When `enableApi: true`, the plugin exposes the following endpoints:
+The plugin uses Payload's standard REST API endpoints for the feature-flags collection:
 
-#### Get All Active Feature Flags
+#### Get All Feature Flags
 
 ```http
 GET /api/feature-flags
 ```
 
-Returns all enabled feature flags:
+Returns paginated feature flags:
 
 ```json
 {
-  "new-dashboard": {
-    "enabled": true,
-    "rolloutPercentage": 50,
-    "variants": null,
-    "metadata": {}
-  },
-  "beta-feature": {
-    "enabled": true,
-    "rolloutPercentage": 100,
-    "variants": [
-      { "name": "control", "weight": 50, "metadata": {} },
-      { "name": "variant-a", "weight": 50, "metadata": {} }
-    ],
-    "metadata": {}
-  }
+  "docs": [
+    {
+      "id": "...",
+      "name": "new-dashboard",
+      "enabled": true,
+      "rolloutPercentage": 50,
+      "variants": null,
+      "metadata": {},
+      "createdAt": "...",
+      "updatedAt": "..."
+    },
+    {
+      "id": "...",
+      "name": "beta-feature",
+      "enabled": true,
+      "rolloutPercentage": 100,
+      "variants": [
+        { "name": "control", "weight": 50, "metadata": {} },
+        { "name": "variant-a", "weight": 50, "metadata": {} }
+      ],
+      "metadata": {},
+      "createdAt": "...",
+      "updatedAt": "..."
+    }
+  ],
+  "totalDocs": 2,
+  "limit": 10,
+  "page": 1,
+  "totalPages": 1,
+  "pagingCounter": 1,
+  "hasPrevPage": false,
+  "hasNextPage": false
 }
 ```
 
-#### Get Specific Feature Flag
+#### Query Specific Feature Flag
 
 ```http
-GET /api/feature-flags/:flagName
+GET /api/feature-flags?where[name][equals]=new-dashboard
 ```
 
-Returns a specific feature flag:
+Returns matching feature flags:
 
 ```json
 {
-  "name": "new-dashboard",
-  "enabled": true,
-  "rolloutPercentage": 50,
-  "variants": null,
-  "metadata": {}
+  "docs": [
+    {
+      "id": "...",
+      "name": "new-dashboard",
+      "enabled": true,
+      "rolloutPercentage": 50,
+      "variants": null,
+      "metadata": {},
+      "createdAt": "...",
+      "updatedAt": "..."
+    }
+  ],
+  "totalDocs": 1,
+  "limit": 10,
+  "page": 1,
+  "totalPages": 1,
+  "pagingCounter": 1,
+  "hasPrevPage": false,
+  "hasNextPage": false
 }
 ```