diff --git a/index.js b/index.js
index 481a88d..715aab0 100644
--- a/index.js
+++ b/index.js
@@ -105,6 +105,7 @@ app.use('/api/calendar', calendarRoutes);
 app.use('/api/metrics',  metricsRoutes);
 app.use('/api/usage',    usageRoutes);
 app.use('/api/billing', require('./src/routes/billing'));
+app.use('/api/admin',   require('./src/routes/billing')); // /admin/plans, /admin/credit-costs
 app.use('/api/channels', require('./src/routes/polls'));
 app.use('/api', inboxRoutes);
 app.use('/api', require('./src/routes/drafts'));
diff --git a/src/routes/billing.js b/src/routes/billing.js
index 6263490..389a404 100644
--- a/src/routes/billing.js
+++ b/src/routes/billing.js
@@ -120,3 +120,36 @@ router.post('/monthly-reset', async (req, res) => {
     res.status(500).json({ error: err.message });
   }
 });
+
+// PATCH /api/admin/plans/:id — обновить план (только admin)
+router.patch('/admin/plans/:id', async (req, res) => {
+  const adminId = uid(req);
+  if (!adminId) return res.status(401).json({ error: 'x-user-id required' });
+  const { rows: [admin] } = await query('SELECT is_admin FROM users WHERE id=$1', [adminId]);
+  if (!admin?.is_admin) return res.status(403).json({ error: 'Forbidden' });
+  const { price_rub, credits_month, channels_max, name } = req.body;
+  try {
+    const sets = []; const vals = [];
+    if (price_rub    !== undefined) sets.push(`price_rub=$${vals.push(price_rub)}`);
+    if (credits_month!== undefined) sets.push(`credits_month=$${vals.push(credits_month)}`);
+    if (channels_max !== undefined) sets.push(`channels_max=$${vals.push(channels_max)}`);
+    if (name         !== undefined) sets.push(`name=$${vals.push(name)}`);
+    if (!sets.length) return res.status(400).json({ error: 'nothing to update' });
+    vals.push(req.params.id);
+    const { rows: [plan] } = await query(`UPDATE plans SET ${sets.join(',')} WHERE id=$${vals.length} RETURNING *`, vals);
+    res.json(plan);
+  } catch (err) { res.status(500).json({ error: err.message }); }
+});
+
+// PATCH /api/admin/credit-costs/:operation — обновить стоимость операции
+router.patch('/admin/credit-costs/:operation', async (req, res) => {
+  const adminId = uid(req);
+  if (!adminId) return res.status(401).json({ error: 'x-user-id required' });
+  const { rows: [admin] } = await query('SELECT is_admin FROM users WHERE id=$1', [adminId]);
+  if (!admin?.is_admin) return res.status(403).json({ error: 'Forbidden' });
+  const { credits } = req.body;
+  try {
+    await query('UPDATE credit_costs SET credits=$1 WHERE operation=$2', [credits, req.params.operation]);
+    res.json({ ok: true, operation: req.params.operation, credits });
+  } catch (err) { res.status(500).json({ error: err.message }); }
+});