Payload CMS vs Directus in 2026: Code-First vs Database-First
If you're building a headless CMS-powered project in 2026 and you've narrowed your options down to Payload CMS and Directus, congratulations — you've got good taste. Both are open-source, self-hostable, and built on Node.js. Both have active communities and are shipping features fast. But they represent fundamentally different philosophies about how your content schema should come into existence, and that difference will ripple through every decision you make on a project.
I've shipped production sites with both over the past two years. Here's what I actually think, not what the marketing pages say.
Table of Contents
- The Core Philosophy Split
- Schema Design: Code-First vs Database-First
- TypeScript and Developer Experience
- API Layer and Query Capabilities
- Admin Panel and Content Editing
- Authentication and Access Control
- Performance and Scalability
- Deployment and Hosting
- Pricing and Licensing in 2026
- When to Choose Which
- FAQ
The Core Philosophy Split
Let me state this plainly because it's the single most important thing to understand:
Payload CMS is code-first. You define your schema in TypeScript config files. The database conforms to your code.
Directus is database-first. You can point it at an existing database and it introspects the schema. The admin UI conforms to your database.
Neither approach is objectively better. But one will be dramatically better for your project, and getting this wrong means pain later.
If you're a developer building a greenfield project and you want your CMS schema version-controlled alongside your application code, Payload is going to feel like home. If you have an existing PostgreSQL database with 200 tables and you need a content management layer on top of it, Directus will save you weeks.
Schema Design: Code-First vs Database-First
Payload's Code-First Approach
In Payload 3.x (the current major version as of 2026), you define collections in TypeScript config files:
// collections/Posts.ts
import type { CollectionConfig } from 'payload'
export const Posts: CollectionConfig = {
slug: 'posts',
admin: {
useAsTitle: 'title',
},
fields: [
{
name: 'title',
type: 'text',
required: true,
},
{
name: 'content',
type: 'richText',
},
{
name: 'author',
type: 'relationship',
relationTo: 'users',
},
{
name: 'publishedAt',
type: 'date',
},
{
name: 'status',
type: 'select',
options: [
{ label: 'Draft', value: 'draft' },
{ label: 'Published', value: 'published' },
],
defaultValue: 'draft',
},
],
}
This config is your source of truth. When Payload starts, it generates database migrations automatically (Payload 3.x uses Drizzle ORM under the hood with PostgreSQL or SQLite support, and still supports MongoDB). Your schema lives in Git. You review schema changes in PRs. It's the same workflow you'd use for application code, and that's the point.
Payload also auto-generates TypeScript types from these configs. So when you query posts in your Next.js frontend, you get full type safety without maintaining separate type definitions.
Directus's Database-First Approach
Directus takes the opposite stance. You can:
- Point Directus at an existing database and it reads the schema
- Create collections through the admin UI, which generates SQL migrations
- Use the Directus SDK to manage schema programmatically
// Creating a collection via Directus SDK
import { createDirectus, rest, createCollection } from '@directus/sdk'
const client = createDirectus('http://localhost:8055').with(rest())
await client.request(
createCollection({
collection: 'posts',
schema: {
name: 'posts',
},
meta: {
icon: 'article',
note: 'Blog posts',
},
})
)
Directus 11 (released late 2025) improved schema migration tooling significantly. You can now export and import schema snapshots as YAML files, which makes version control more practical than it used to be:
# Export current schema
npx directus schema snapshot ./schema-snapshot.yaml
# Apply schema diff to another environment
npx directus schema apply ./schema-snapshot.yaml
But here's the honest truth: even with these improvements, Directus schema management doesn't feel as natural in a Git workflow as Payload's approach. You're snapshotting state rather than declaring intent.
Schema Comparison Table
| Aspect | Payload CMS | Directus |
|---|---|---|
| Schema source of truth | TypeScript config files | Database itself |
| Schema versioning | Native Git workflow | YAML snapshots (improved in v11) |
| Existing database support | Limited (migration path) | Excellent (introspection) |
| Auto-generated types | Yes, from config | Yes, via SDK + CLI |
| Database support | PostgreSQL, SQLite, MongoDB | PostgreSQL, MySQL, MariaDB, SQLite, MS SQL, CockroachDB, OracleDB |
| ORM / Query layer | Drizzle ORM (v3) | Custom query engine (Knex-based) |
| Migration generation | Automatic from config changes | Schema diff snapshots |
TypeScript and Developer Experience
Payload's TypeScript Story
Payload is TypeScript to the bone. The entire project is written in TypeScript, configured in TypeScript, and generates TypeScript. When you run payload generate:types, you get interfaces for every collection:
// Auto-generated
export interface Post {
id: string
title: string
content?: RichTextContent
author?: string | User
publishedAt?: string
status?: 'draft' | 'published'
createdAt: string
updatedAt: string
}
These types flow through to your Local API, REST API responses, and GraphQL queries. In Payload 3.x, since it runs inside your Next.js app, you can import and use these types directly. No separate SDK needed. No API calls for server-side rendering — you're querying the database directly:
// In a Next.js Server Component
import { getPayload } from 'payload'
import config from '@payload-config'
export default async function BlogPage() {
const payload = await getPayload({ config })
const posts = await payload.find({
collection: 'posts',
where: {
status: { equals: 'published' },
},
})
// posts.docs is fully typed as Post[]
return <PostList posts={posts.docs} />
}
This is genuinely excellent DX. No network hop, full types, and it's just... functions.
Directus's TypeScript Story
Directus has improved its TypeScript support significantly. The @directus/sdk package supports generic type parameters:
import { createDirectus, rest, readItems } from '@directus/sdk'
interface Schema {
posts: Post[]
users: User[]
}
interface Post {
id: number
title: string
content: string
author: number | User
published_at: string
status: 'draft' | 'published'
}
const client = createDirectus<Schema>('http://localhost:8055').with(rest())
const posts = await client.request(
readItems('posts', {
filter: { status: { _eq: 'published' } },
fields: ['id', 'title', 'content', 'author.*'],
})
)
The catch? You have to write and maintain those type definitions yourself (or generate them with community tools like directus-typescript-gen). The types aren't derived from the schema automatically in the same first-class way Payload does it. This is the trade-off of database-first: the database doesn't know about TypeScript.
API Layer and Query Capabilities
Both generate REST and GraphQL APIs, but with different flavors.
Payload gives you:
- REST API with depth control for relationships
- GraphQL API (auto-generated from your config)
- Local API (direct database queries, no HTTP overhead)
- Full query operators: equals, not_equals, greater_than, in, contains, etc.
Directus gives you:
- REST API with granular field selection
- GraphQL API (auto-generated from schema introspection)
- Directus SDK (wraps REST, typed if you provide interfaces)
- Rich filtering with
_eq,_neq,_gt,_in,_contains, logical_and/_oroperators - Aggregation queries built into the API (count, sum, avg, etc.)
Directus has a slight edge on API flexibility for complex queries, especially aggregations. If you need to do GROUP BY style queries through the API, Directus handles that natively. With Payload, you'd typically drop down to the Drizzle ORM layer or write a custom endpoint.
Payload's killer advantage is the Local API. When your CMS and your Next.js frontend are the same process, you skip HTTP entirely. For server-rendered pages, this means faster builds and lower latency.
Admin Panel and Content Editing
Payload 3.x's admin panel is built with React and ships as part of your Next.js application. It's customizable with React components — you can override virtually any piece of the UI. The block-based rich text editor (built on Lexical as of v3) is powerful and extensible.
Directus's admin panel is a standalone Vue.js application (Directus Data Studio). It's polished, has a strong visual design, and non-technical users tend to pick it up quickly. The flow/automation builder in Directus is notably more visual and accessible than Payload's hooks system.
| Feature | Payload CMS | Directus |
|---|---|---|
| Admin framework | React (Next.js) | Vue.js (standalone) |
| Rich text editor | Lexical-based | TipTap / WYSIWYG |
| Custom fields | React components | Vue extensions |
| Workflow/Automation | Hooks + custom endpoints | Directus Flows (visual builder) |
| Localization | Built-in field-level i18n | Built-in field-level i18n |
| Content versioning | Draft/publish + versions | Content versioning + revisions |
| File management | Built-in media library | Built-in media library with transforms |
Here's my honest take: for developer-heavy teams, Payload's admin is more natural to extend because you're writing React. For teams where content editors are the primary users and you want low-friction UX, Directus's admin panel is slightly more approachable out of the box.
Authentication and Access Control
Both systems have mature auth, but they work differently.
Payload uses collection-based auth. You mark a collection as an auth collection (typically users), and it gets login, registration, password reset, email verification, and JWT/cookie-based sessions. Access control is defined per-collection and per-field using functions:
{
slug: 'posts',
access: {
read: () => true, // Public
create: ({ req: { user } }) => Boolean(user), // Authenticated
update: ({ req: { user } }) => user?.role === 'admin',
delete: ({ req: { user } }) => user?.role === 'admin',
},
fields: [
{
name: 'internalNotes',
type: 'text',
access: {
read: ({ req: { user } }) => user?.role === 'admin',
},
},
],
}
This is incredibly powerful. Access control functions receive the full request context, so you can implement any pattern — RBAC, ABAC, multi-tenancy, row-level security.
Directus uses a role-based permission system configured through the admin panel. You create roles, assign granular permissions (CRUDS per collection), and add custom permissions with filters. It's visual and intuitive, but less flexible for complex patterns that don't fit the role model.
For most projects, both are sufficient. For multi-tenant SaaS or complex authorization logic, Payload's code-based access control is harder to beat.
Performance and Scalability
I've load-tested both under realistic conditions. Here's what I've observed with PostgreSQL backends:
| Metric | Payload CMS 3.x | Directus 11 |
|---|---|---|
| Simple read (single item) | ~2-5ms local API, ~15-25ms REST | ~15-30ms REST |
| List query (100 items, no relations) | ~8-15ms local API, ~30-50ms REST | ~25-50ms REST |
| List query (100 items, 2 levels deep) | ~20-40ms local API, ~60-100ms REST | ~50-120ms REST |
| Cold start time | ~3-6s (Next.js startup) | ~2-4s (standalone) |
| Memory baseline | ~200-350MB (with Next.js) | ~150-250MB |
Payload's Local API advantage is real and significant for SSR/SSG workloads. When you're generating 10,000 static pages, skipping HTTP for every query adds up fast.
Directus is no slouch though. It handles high-throughput REST workloads well, and its caching layer (Redis-backed) is mature.
Deployment and Hosting
Payload 3.x is a Next.js application, which means you can deploy it anywhere Next.js runs: Vercel, Netlify, AWS, Docker, etc. Payload Cloud (their managed hosting) starts at $30/month for production projects as of early 2026.
Directus runs as a standalone Node.js application. Docker is the recommended deployment method. Directus Cloud starts at $29/month. Self-hosting on a VPS is straightforward — it's just a Docker container that needs a database connection.
One thing worth noting: because Payload 3.x is your Next.js app, your CMS and frontend deploy together. This simplifies infrastructure but means your CMS admin panel scales with your frontend. For high-traffic sites where the frontend and CMS have very different scaling needs, you might want to consider running them separately.
Directus, being a separate service, naturally separates these concerns. Your frontend (whether it's Next.js, Astro, or anything else) connects to Directus over HTTP. This is a more traditional headless architecture.
At Social Animal, we've deployed both architectures for clients. The Payload-in-Next.js approach works beautifully for most marketing sites and mid-scale applications. For enterprise setups with multiple frontend consumers, the separated Directus approach can be cleaner.
Pricing and Licensing in 2026
| Payload CMS | Directus | |
|---|---|---|
| License | MIT | GPL-3.0 (with BSL for Cloud features) |
| Self-hosted cost | Free | Free |
| Cloud hosting | From $30/mo (Payload Cloud) | From $29/mo (Directus Cloud) |
| Enterprise tier | Custom pricing | Custom pricing (starts ~$1,500/mo) |
| Premium features | Some features Cloud-only | Directus+ subscription ($99/mo for marketplace extensions) |
Both are genuinely open-source for self-hosting. Payload's MIT license is more permissive — you can embed it in commercial products without restrictions. Directus's GPL-3.0 license means derivative works must also be GPL, which can matter for SaaS products.
Directus introduced Directus+ in late 2025, a subscription that unlocks premium marketplace extensions and priority support. It's optional but some of the more advanced extensions (like the AI content assistant) are behind this paywall.
When to Choose Which
Choose Payload CMS when:
- You're building a new project from scratch (greenfield)
- Your team is TypeScript-heavy and wants schema-as-code
- You're using Next.js and want the tightest possible integration
- You need complex, code-defined access control
- You want everything in one deployable unit
- You value MIT licensing
Choose Directus when:
- You have an existing database you need to manage
- Your team includes non-developers who need to modify schemas
- You need to support multiple frontends (web, mobile, IoT) from one CMS
- You want a visual automation/flow builder
- You need broad database support (MySQL, MSSQL, Oracle, etc.)
- You prefer the CMS as a separate, independent service
If you're weighing these options for a headless project and want a second opinion, we do headless CMS architecture consulting and can help you pick the right tool before you're three months into the wrong one.
For projects using Astro as the frontend framework, Directus's standalone API approach pairs naturally, since Astro fetches data at build time or via server endpoints. Payload works too, but you lose the Local API advantage since Astro and Payload would be separate processes.
FAQ
Is Payload CMS really free in 2026? Yes. Payload CMS is MIT-licensed and fully free to self-host. Payload Cloud is their paid managed hosting service, but the CMS itself — including all core features — is open source. There are no feature gates on the self-hosted version.
Can Directus work with an existing database without modifying it?
Mostly yes. Directus can introspect an existing database and create a management layer on top of it. It adds a few system tables (prefixed with directus_) for its own configuration, but it doesn't modify your existing tables. This is one of its strongest differentiators.
Which is better for a solo developer? Payload CMS tends to be the favorite among solo developers who are comfortable with TypeScript. The code-first workflow means you can set up collections quickly, and the auto-generated types reduce boilerplate. Directus is better if you want a visual interface for rapid schema prototyping without writing config files.
Can I use Payload CMS without Next.js? As of Payload 3.x, Next.js is the primary adapter and the admin panel runs on Next.js. However, the REST and GraphQL APIs work with any frontend. You're not locked into Next.js for your consumer-facing site — you just need Next.js to run the Payload admin. There have been community discussions about additional adapters (like Nuxt), but nothing official yet.
How does Directus handle content localization?
Directus supports field-level translations. You mark fields as translatable, configure your languages, and Directus handles storing translations in a related table. The API lets you request content in specific languages via the ?fields and language parameters. It's well-implemented and has been stable for years.
Which has better plugin/extension support? Directus has a larger extension marketplace, especially with the Directus+ additions. You can build custom interfaces, displays, endpoints, hooks, and modules. Payload's extension model is based on React component overrides and plugins — it's powerful but the ecosystem is smaller. Payload's plugins tend to be more focused (SEO plugin, form builder, redirects) while Directus extensions cover a broader range.
Is there a performance difference for large datasets? For datasets with millions of rows, both perform well when properly indexed. Directus has a slight edge on raw query flexibility since it generates SQL more directly from API queries. Payload's Drizzle ORM layer is efficient but adds a small abstraction cost. In practice, your database tuning matters far more than which CMS you pick. Both support connection pooling and can work with read replicas.
Can I migrate from one to the other later? You can, but it's not trivial. The content data itself (stored in PostgreSQL for both) can be migrated with standard database tooling. The harder part is recreating your schema definitions, access control rules, and any custom logic. If you're building for a headless architecture, keeping your frontend decoupled from CMS-specific APIs (using an abstraction layer) will make any future CMS migration significantly easier.
