The Botica Nova Salud API is a RESTful HTTP service built with Node.js and Express. It powers the pharmacy sales management frontend and exposes resources for authentication, sales, products, clients, receipts, dashboard metrics, and user management. Every data operation delegates to a MySQL Stored Procedure — the backend does not execute raw SQL queries directly. All request and response bodies use JSON. SetDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/15aozzz/Lab-Nova-Salud/llms.txt
Use this file to discover all available pages before exploring further.
Content-Type: application/json on every request that sends a body.
Base URL
PORT environment variable in backend/.env. When PORT is not set, the server defaults to 3000.
Health check
Use the health endpoint to verify the server is running before making other requests.The health endpoint does not require authentication.
Endpoint groups
All endpoints are protected with JWT Bearer token authentication exceptPOST /api/auth/login. See Authentication for details on obtaining and using tokens.
Authentication
Login and obtain a JWT token. Required before calling any other endpoint.
Comprobantes
Retrieve receipt types (
BOLETA, FACTURA) and series/correlative numbers for new sales documents.Clientes
List, search, create, and update client records by document number.
Productos
Browse, search, create, and update products with their pricing tiers.
Ventas
Register a complete sale transaction and retrieve the detail of an existing sale by ID.
Dashboard
Fetch aggregated KPIs, weekly sales charts, and low-stock alerts for the dashboard view.
Usuarios
List, search, create, update, and delete system user accounts and employee records.
Available endpoints
The table below lists every endpoint, the Stored Procedure it invokes, and a short description.| Method | Endpoint | Stored procedure | Description |
|---|---|---|---|
POST | /api/auth/login | sp_login | Authenticate and receive a JWT |
GET | /api/comprobantes | sp_listar_comprobantes | List vouchers with optional date/type/search filters |
GET | /api/comprobantes/tipos | sp_get_tipos_comprobante | List receipt types (BOLETA, FACTURA, …) |
GET | /api/comprobantes/serie/:id_tipo | sp_get_serie_correlativo | Series and next correlative number |
GET | /api/clientes | sp_get_todos_clientes | List all clients with optional search filter |
GET | /api/clientes/buscar?doc= | sp_buscar_cliente | Search client by document number |
POST | /api/clientes | sp_crear_cliente | Create a new client |
PUT | /api/clientes/:id | sp_actualizar_cliente | Update a client’s document or name |
GET | /api/productos | sp_get_todos_productos | Full product catalog with pricing tiers |
GET | /api/productos/buscar?q= | sp_buscar_productos | Search products with prices |
GET | /api/productos/:id/precios | sp_get_precios_producto | Available price tiers for a product |
POST | /api/productos | sp_crear_producto + sp_agregar_precio_producto | Create a new product with pricing |
PUT | /api/productos/:id | sp_actualizar_producto_completo | Update a product and its pricing tiers |
POST | /api/ventas/registrar | sp_registrar_venta | Register a complete sale |
GET | /api/ventas/:id | sp_get_venta_detalle | Retrieve sale detail by ID |
GET | /api/dashboard/resumen | Multiple SPs | KPIs, weekly chart, alerts, recent vouchers |
GET | /api/usuarios | sp_get_todos_usuarios | List all users with optional search filter |
GET | /api/usuarios/buscar?username= | sp_buscar_usuario | Search user by username |
GET | /api/usuarios/empleados | sp_get_empleados | List employees available for user assignment |
POST | /api/usuarios | sp_crear_usuario | Create a new user account |
PUT | /api/usuarios/:id | sp_actualizar_usuario | Update user credentials or employee link |
DELETE | /api/usuarios/:id | sp_eliminar_usuario | Delete a user account |
GET | /api/health | — | Health check — no auth required |
Request format
- Content-Type:
application/jsonfor all requests with a body. - Authorization:
Authorization: Bearer <token>for all protected endpoints. - Encoding: UTF-8.
Response format
All responses return JSON. Successful responses use2xx status codes. Errors return an object with an error string field and an appropriate 4xx or 5xx status code.
Stored procedures
The backend uses MySQL Stored Procedures for all data operations. This means:- No raw SQL runs in the route handlers.
- Business logic such as stock validation and sale registration lives inside the database (
sp_registrar_venta, triggers, etc.). - The MySQL pool is configured with
multipleStatements: trueto handle SPs that return multiple result sets.