Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/160906/Yakultt-App/llms.txt

Use this file to discover all available pages before exploring further.

The Auth API handles everything from creating new accounts to managing existing users. On registration, roles are assigned automatically based on the email domain — addresses ending in @upa.edu.mx become Master accounts, while all other addresses receive the Promotor role. Every successful registration or login returns a signed JWT valid for 30 days that must be included as a Bearer token on protected routes.

POST /api/auth/registro

Registers a new user account and returns the created user object along with a JWT.
nombre
string
required
Full name of the user.
correo
string
required
Email address. Accounts registered with an @upa.edu.mx address are automatically assigned the Master role; all other addresses receive the Promotor role.
contrasena
string
required
Plain-text password. Stored as a bcrypt hash.
Example request
curl -X POST http://localhost:3000/api/auth/registro \
  -H "Content-Type: application/json" \
  -d '{
    "nombre": "Ana García",
    "correo": "ana.garcia@upa.edu.mx",
    "contrasena": "secreto123"
  }'
Example response
{
  "usuario": {
    "id": 1,
    "nombre": "Ana García",
    "correo": "ana.garcia@upa.edu.mx",
    "rol": "Master"
  },
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
usuario
object
The newly created user record.
token
string
Signed JWT. Include as Authorization: Bearer <token> on protected requests. Expires after 30 days.
Errors
StatusError message
400'Todos los campos son obligatorios.' — one or more required fields are missing.
400'Este correo ya está registrado.' — a user with that email address already exists.

POST /api/auth/login

Authenticates an existing user and returns a fresh JWT.
correo
string
required
Registered email address.
contrasena
string
required
Account password.
Example request
curl -X POST http://localhost:3000/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "correo": "ana.garcia@upa.edu.mx",
    "contrasena": "secreto123"
  }'
Example response
{
  "usuario": {
    "id": 1,
    "nombre": "Ana García",
    "correo": "ana.garcia@upa.edu.mx",
    "rol": "Master"
  },
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
usuario
object
The authenticated user record.
token
string
Signed JWT valid for 30 days.
Errors
StatusError message
400'Correo y contraseña son obligatorios.'correo or contrasena field is missing.
401'Correo o contraseña incorrectos.' — email not found or password is wrong.
403'Tu cuenta está desactivada. Contacta al administrador.' — the account has been disabled.

GET /api/auth/usuarios

Returns a list of all registered users ordered by creation date descending. Intended for Master users to monitor and manage accounts. Example request
curl http://localhost:3000/api/auth/usuarios
Example response
[
  {
    "id": 1,
    "nombre": "Ana García",
    "correo": "ana.garcia@upa.edu.mx",
    "rol": "Master",
    "activo": 1,
    "creado_en": "2025-01-10T08:00:00.000Z"
  },
  {
    "id": 2,
    "nombre": "Carlos Ruiz",
    "correo": "carlos.ruiz@gmail.com",
    "rol": "Promotor",
    "activo": 1,
    "creado_en": "2025-01-11T09:15:00.000Z"
  }
]
id
number
Unique numeric ID of the user.
nombre
string
Display name.
correo
string
Email address.
rol
string
Role: Master, Promotor, or Repartidor.
activo
number
Account status as a TINYINT: 1 = active, 0 = disabled.
creado_en
string
ISO 8601 timestamp of when the account was created.

PUT /api/auth/usuarios/:id

Enables or disables a user account. Disabled users receive a 403 on login.
id
number
required
Numeric ID of the user to update.
activo
boolean
required
Pass true to re-enable the account or false to disable it.
Example request
curl -X PUT http://localhost:3000/api/auth/usuarios/2 \
  -H "Content-Type: application/json" \
  -d '{ "activo": false }'
Example response
{ "ok": true }

PUT /api/auth/usuarios/:id/rol

Changes the role of an existing user.
id
number
required
Numeric ID of the user whose role should be updated.
rol
string
required
New role to assign. Must be one of Master, Promotor, or Repartidor.
Example request
curl -X PUT http://localhost:3000/api/auth/usuarios/2/rol \
  -H "Content-Type: application/json" \
  -d '{ "rol": "Repartidor" }'
Example response
{ "ok": true }
Errors
StatusError message
400'Rol inválido.' — the value of rol is not one of the three valid options.

DELETE /api/auth/usuarios/:id

Permanently deletes a user account. This action cannot be undone.
id
number
required
Numeric ID of the user to delete.
Example request
curl -X DELETE http://localhost:3000/api/auth/usuarios/2
Example response
{ "ok": true }

Build docs developers (and LLMs) love