Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/ALEJ4NDRO2025/urban-store/llms.txt

Use this file to discover all available pages before exploring further.

The profile endpoints let authenticated users read their account details, update their display name, change their password, and deactivate their account. All four operations require a valid JWT Bearer token in the Authorization header. The DELETE method performs a soft delete — the record stays in the database with is_active set to False — no data is permanently removed.

GET /api/users/profile/

Retrieve the profile of the currently authenticated user.

Authentication

Authorization
string
required
Bearer <token> — JWT obtained from POST /api/users/login/.

Request Example

curl -X GET https://your-domain.com/api/users/profile/ \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Response — 200 OK

{
  "email": "alex@example.com",
  "first_name": "Alex",
  "last_name": "Rivera",
  "is_admin": false,
  "created_at": "2025-01-15T10:30:00"
}
email
string
The user’s registered email address.
first_name
string
The user’s first name. Returns an empty string "" if not set.
last_name
string
The user’s last name. Returns an empty string "" if not set.
is_admin
boolean
true if the account has admin privileges.
created_at
string
ISO 8601 timestamp of when the account was created (UTC).

PUT /api/users/profile/

Update the authenticated user’s first_name and/or last_name.

Authentication

Authorization
string
required
Bearer <token> — JWT obtained from POST /api/users/login/.

Request Body

first_name
string
required
The new first name. Maximum 30 characters. Cannot be blank.
last_name
string
The new last name (optional). Maximum 30 characters. Pass an empty string to clear it.

Request Example

curl -X PUT https://your-domain.com/api/users/profile/ \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "Content-Type: application/json" \
  -d '{
    "first_name": "Alexander",
    "last_name": "Rivera"
  }'

Response — 200 OK

{
  "message": "Perfil actualizado",
  "first_name": "Alexander",
  "last_name": "Rivera"
}
message
string
Confirmation string: "Perfil actualizado".
first_name
string
The updated first name as saved to the database.
last_name
string
The updated last name as saved to the database.

PUT Error Responses

StatusBodyCause
400{ "error": "El nombre no puede estar vacío" }first_name was provided but is blank after stripping whitespace
400{ "error": "El nombre no puede exceder los 30 caracteres" }first_name exceeds 30 characters
400{ "error": "El apellido no puede exceder los 30 caracteres" }last_name exceeds 30 characters

DELETE /api/users/profile/

Soft-delete the authenticated user’s account by setting is_active to False. The document is not removed from MongoDB.

Authentication

Authorization
string
required
Bearer <token> — JWT obtained from POST /api/users/login/.

Request Example

curl -X DELETE https://your-domain.com/api/users/profile/ \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Response — 200 OK

{
  "message": "Cuenta desactivada correctamente"
}
Deactivated accounts (is_active=False) are immediately blocked from logging in. Any subsequent call to POST /api/users/login/ with these credentials will return 403 Forbidden with "Cuenta desactivada. Contacta al soporte.". Contact support to reactivate the account — it is not permanently deleted.

POST /api/users/change-password/

Change the password for the currently authenticated user. Requires the existing password for confirmation before accepting the new one.

Authentication

Authorization
string
required
Bearer <token> — JWT obtained from POST /api/users/login/.

Request Body

current_password
string
required
The user’s current plain-text password. Validated against the stored bcrypt hash.
new_password
string
required
The desired new password. Must be at least 6 characters long. Stored as a new bcrypt hash.

Request Example

curl -X POST https://your-domain.com/api/users/change-password/ \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "Content-Type: application/json" \
  -d '{
    "current_password": "mysecret123",
    "new_password": "newpassword456"
  }'

Response — 200 OK

{
  "message": "Contraseña actualizada correctamente"
}

Change Password Error Responses

StatusBodyCause
400{ "error": "Contraseña actual incorrecta" }current_password does not match the stored bcrypt hash
400{ "error": "La nueva contraseña debe tener al menos 6 caracteres" }new_password is fewer than 6 characters
401{ "error": "Token inválido" }Missing, malformed, or expired JWT

Common Error Responses

All profile endpoints share the following auth-level errors:
StatusBodyCause
401{ "error": "Token inválido" }Authorization header is missing, the token is malformed, or the token has expired
404{ "error": "Usuario no encontrado" }The user_id in the JWT does not match an active user record (is_active=True)

Build docs developers (and LLMs) love

Get started for freeTalk to us