diff --git a/api/admin/platform/maintenance.ts b/api/admin/platform/maintenance.ts
index 0e808cd3..f5a98620 100644
--- a/api/admin/platform/maintenance.ts
+++ b/api/admin/platform/maintenance.ts
@@ -1,32 +1,57 @@
 import type { VercelRequest, VercelResponse } from "@vercel/node";
 import { createClient } from "@supabase/supabase-js";
 
-const supabaseUrl = process.env.VITE_SUPABASE_URL || "";
-const supabaseServiceRole = process.env.SUPABASE_SERVICE_ROLE || "";
+const supabaseUrl = process.env.VITE_SUPABASE_URL || process.env.SUPABASE_URL || process.env.NEXT_PUBLIC_SUPABASE_URL || "";
+const supabaseServiceRole = process.env.SUPABASE_SERVICE_ROLE || process.env.SUPABASE_SERVICE_ROLE_KEY || "";
 
 let maintenanceModeCache: boolean | null = null;
 
 const ADMIN_ROLES = ["admin", "super_admin", "staff", "owner"];
 
-async function verifyAdmin(token: string): Promise<boolean> {
-  if (!supabaseUrl || !supabaseServiceRole) return false;
+async function verifyAdmin(token: string, res?: VercelResponse): Promise<{ isAdmin: boolean; debug?: any }> {
+  if (!supabaseUrl || !supabaseServiceRole) {
+    return { 
+      isAdmin: false, 
+      debug: { 
+        error: "Missing env vars",
+        hasUrl: !!supabaseUrl,
+        hasKey: !!supabaseServiceRole
+      }
+    };
+  }
   
   const supabase = createClient(supabaseUrl, supabaseServiceRole);
   
   try {
     const { data: { user }, error } = await supabase.auth.getUser(token);
-    if (error || !user) return false;
+    if (error || !user) {
+      return { isAdmin: false, debug: { error: "Auth failed", authError: error?.message } };
+    }
     
-    const { data: roles } = await supabase
+    const { data: roles, error: rolesError } = await supabase
       .from("user_roles")
       .select("role")
       .eq("user_id", user.id);
     
-    if (!roles) return false;
+    if (rolesError) {
+      return { isAdmin: false, debug: { error: "Roles query failed", rolesError: rolesError.message } };
+    }
     
-    return roles.some(r => ADMIN_ROLES.includes(r.role?.toLowerCase()));
-  } catch {
-    return false;
+    if (!roles || roles.length === 0) {
+      return { isAdmin: false, debug: { error: "No roles found", userId: user.id } };
+    }
+    
+    const hasAdminRole = roles.some(r => ADMIN_ROLES.includes(r.role?.toLowerCase()));
+    return { 
+      isAdmin: hasAdminRole, 
+      debug: { 
+        userId: user.id,
+        roles: roles.map(r => r.role),
+        hasAdminRole 
+      }
+    };
+  } catch (e: any) {
+    return { isAdmin: false, debug: { error: "Exception", message: e?.message } };
   }
 }
 
@@ -69,9 +94,9 @@ export default async function handler(req: VercelRequest, res: VercelResponse) {
       return res.status(401).json({ error: "Unauthorized" });
     }
 
-    const isAdmin = await verifyAdmin(token);
+    const { isAdmin, debug } = await verifyAdmin(token);
     if (!isAdmin) {
-      return res.status(403).json({ error: "Forbidden - Admin access required" });
+      return res.status(403).json({ error: "Forbidden - Admin access required", debug });
     }
 
     const { maintenance_mode } = req.body;