User management in Yakult App is restricted exclusively to accounts with the Master role. Masters can view all registered users, activate or deactivate accounts, promote or demote users between the three available roles, and permanently delete accounts. These operations are accessible both from the in-app Admin screen and directly through the REST API.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/160906/Yakultt-App/llms.txt
Use this file to discover all available pages before exploring further.
Roles overview
Every user in Yakult App belongs to exactly one of three roles. The table below summarises what each role can do:| Role | Description | Can manage users | Can access admin panel |
|---|---|---|---|
| Master | Full administrator. Assigned automatically to @upa.edu.mx email addresses or promoted manually. | ✅ | ✅ |
| Promotor | Sales promoter. Default role for non-institutional email addresses. | ❌ | ❌ |
| Repartidor | Delivery driver. Assigned manually by a Master via the role-change endpoint. Never auto-assigned at registration. | ❌ | ❌ |
API endpoints
All user management endpoints live under/api/auth/ and require a valid Master JWT token in the Authorization header.
List all users
Retrieves every registered account ordered by creation date (newest first).GET /api/auth/usuarios
Example
Response 200 OK
| Field | Type | Description |
|---|---|---|
id | number | Unique user identifier. |
nombre | string | Display name. |
correo | string | Email address (lowercase). |
rol | string | Current role: Master, Promotor, or Repartidor. |
activo | boolean | true if the account can log in; false if deactivated. |
creado_en | string | ISO 8601 timestamp of account creation. |
Activate or deactivate an account
Toggles whether a user can log in. A deactivated user receives a403 error on login attempts until reactivated.
PUT /api/auth/usuarios/:id
Request body
| Field | Type | Description |
|---|---|---|
activo | boolean | true to enable the account, false to disable it. |
Example — deactivate user 2
Example — reactivate user 2
Response 200 OK
Change a user’s role
Updates the role of any user. Only the three canonical role values are accepted; any other value returns a400 error.
PUT /api/auth/usuarios/:id/rol
Request body
| Field | Accepted values |
|---|---|
rol | "Master" | "Promotor" | "Repartidor" |
Example — promote user 2 to Master
Example — assign Repartidor role to user 3
Response 200 OK
Error — invalid role value
Delete a user
Permanently removes the account from the database.DELETE /api/auth/usuarios/:id
Example — delete user 5
Response 200 OK
Admin screen (mobile app)
The Admin screen in the Yakult App mobile interface gives Master users a visual dashboard to manage all accounts without needing direct API access.Open the Admin panel
Tap the Admin option in the navigation menu. This option is only visible to users with the Master role.
Review the user list
All registered accounts are displayed in a scrollable table. Each row shows the user’s name, email, and a colour-coded role badge (Master, Promotor, or Repartidor).
Activate or deactivate an account
Tap the toggle button on any row to flip the account’s active status. Deactivated accounts are visually dimmed. The change takes effect immediately.
Change a user's role
Use the compact role selector on each row. Roles are shown as single-letter initials — M (Master), P (Promotor), R (Repartidor) — to keep the table readable on small screens. Selecting a new initial sends the role-change request automatically.
Constraints and safeguards
The following rules are enforced by the application to prevent accidental lock-outs:Deletion is permanent
There is no recycle bin or undo for deleted users. Always deactivate first, wait for any dispute period, then delete only when certain.
Role values are strict
The API rejects any role value outside of
Master, Promotor, and Repartidor with a 400 Bad Request response and the message "Rol inválido.".Repartidor is manually assigned
The
Repartidor role is never auto-assigned at registration. It must be explicitly set by a Master user via PUT /api/auth/usuarios/:id/rol.Deactivated accounts cannot log in
A deactivated user receives a
403 response on every login attempt until a Master reactivates their account.