Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/15aozzz/Lab-Nova-Salud/llms.txt

Use this file to discover all available pages before exploring further.

The Botica Nova Salud API uses JSON Web Tokens (JWT) for authentication. You first exchange a username and password for a signed token, then include that token in the Authorization header of every subsequent request. Tokens are signed with HS256 using the JWT_SECRET value set in backend/.env and expire after 8 hours.
Only POST /api/auth/login is public. Every other endpoint requires a valid Bearer token.

Authentication flow

1

Login to obtain a token

Send a POST request to /api/auth/login with your credentials in the request body.Endpoint
POST /api/auth/login
Request body fields
username
string
required
The username of the system user (e.g. admin, cajero1).
password
string
required
The user’s plaintext password. The server hashes it with SHA-256 before comparing against the stored hash.
Example request
curl --request POST \
  --url http://localhost:3000/api/auth/login \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "admin",
    "password": "admin123"
  }'
Successful response — 200 OK
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "usuario": {
    "id": 1,
    "nombre": "Admin Usuario",
    "cargo": "Administrador"
  }
}
Response fields
token
string
required
Signed JWT Bearer token. Valid for 8 hours from the time of issue.
usuario
object
required
Basic profile of the authenticated user.
Store the token in localStorage (as the frontend does) or a secure cookie. Include it in every subsequent request.
2

Attach the token to requests

Pass the token in the Authorization header using the Bearer scheme.
Authorization: Bearer <your_token>
Example authenticated request
curl --request GET \
  --url http://localhost:3000/api/dashboard/resumen \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
Requests with a missing or invalid token are rejected with a 401 response before any route logic executes.

Token expiration

Tokens expire 8 hours after they are issued. After expiration, requests will receive a 401 Token inválido response. Log in again to obtain a fresh token.

Error responses

StatusBodyWhen
401{ "error": "Usuario no encontrado" }No user exists with the given username
401{ "error": "Contraseña incorrecta" }Username found but password hash does not match
401{ "error": "Token requerido" }Authorization header is absent or empty
401{ "error": "Token inválido" }Token is expired, malformed, or signed with a different secret
If you rotate JWT_SECRET in your .env file, all previously issued tokens become invalid immediately. Users will need to log in again.

Build docs developers (and LLMs) love

Get started for freeTalk to us