Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Blackterz2/Proyecto_5to_Semestre/llms.txt

Use this file to discover all available pages before exploring further.

The Blackterz REST API is a Node.js + Express + MySQL backend that powers the Blackterz Gym App. All communication happens over HTTP using JSON. This page covers the base URL, how to authenticate, which route groups exist, and the conventions every response follows.

Base URL

http://localhost:3000
The port is configurable via the PORT environment variable. If PORT is not set, the server defaults to 3000. Every API endpoint is prefixed with /api.
You can confirm the server is running and the database is reachable at any time by calling GET /api/health — no authentication required.

Route Groups

MethodPathDescription
GET/api/healthDatabase health check
POST/api/auth/registerCreate a new user account
POST/api/auth/loginAuthenticate and receive a JWT
POST/api/auth/forgot-passwordRequest a password reset email
POST/api/auth/reset-passwordSet a new password using a reset token

Authentication

Protected endpoints verify a JSON Web Token (JWT) on every request. The token is issued by POST /api/auth/login and is valid for 7 days. Include the token in the Authorization header using the Bearer scheme:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
The JWT payload contains usuario_id, nombre, and email. It is Base64-encoded, not encrypted — never place sensitive data in request or response payloads beyond what is documented here.
The middleware validates the token on every protected request. Possible rejection responses:
ScenarioStatusmessage
No Authorization header401"Token de acceso requerido"
Header not in Bearer <token> format401"Formato de token inválido. Usar: Bearer <token>"
Token has expired401"Token expirado. Iniciá sesión nuevamente"
Token signature invalid401"Token inválido"

Request Format

All endpoints that accept a body expect JSON with the appropriate content type header:
Content-Type: application/json

Response Format

Every response body is JSON. Success responses include "status": "ok" and error responses include "status": "error" alongside a message field.
{
  "status": "ok",
  "message": "Descripción del resultado",
  "data": { }
}

HTTP Status Codes

CodeMeaningWhen It Occurs
200 OKRequest succeededSuccessful GET, PUT, or DELETE
201 CreatedResource createdSuccessful POST that creates a new record
400 Bad RequestValidation errorMissing or invalid fields in the request body
401 UnauthorizedAuthentication failedMissing, invalid, or expired JWT
403 ForbiddenAuthorization deniedAuthenticated but not permitted (e.g. account deactivated, routine limit reached, not your resource)
404 Not FoundResource missingThe requested record does not exist
409 ConflictDuplicate resourceAttempting to register an email already in use
429 Too Many RequestsRate limit exceededMore than the allowed auth attempts in a 15-minute window
500 Internal Server ErrorUnexpected failureUnhandled server-side error

Rate Limiting

Auth endpoints (/api/auth/*) are rate-limited per IP address to prevent brute-force attacks:
EnvironmentLimit
NODE_ENV=production10 requests per 15 minutes
Development (default)100 requests per 15 minutes
When the limit is exceeded the API returns 429 with the following body:
{
  "ok": false,
  "mensaje": "Demasiados intentos. Esperá 15 minutos e intentá de nuevo."
}
Standard rate-limit headers (RateLimit-*) are included in every auth response.

Health Check

Verify connectivity to both the server and the MySQL database with a single public endpoint:
curl http://localhost:3000/api/health
Response 200 OK
{ "status": "ok", "db": "conectada" }

Authenticated Request Example

The following example retrieves the authenticated user’s profile. Replace <token> with the JWT received from POST /api/auth/login.
curl -X GET http://localhost:3000/api/usuarios/perfil \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json"

Build docs developers (and LLMs) love