Admin users are the humans who operate the Zippi platform — from super administrators with global access to branch-level cashiers scoped to a single business location. Every admin account is bound to a role, a scope type, and (for non-global scopes) a scope ID that together determine what data and actions the account can access. All endpoints in this section are mounted underDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/CRISTIANCAMACH34/Zippi/llms.txt
Use this file to discover all available pages before exploring further.
/api/v1/auth/ and protected by the admins.read or admins.manage permission.
Role reference
Zippi defines 16 platform roles. Therole field must be one of these exact keys when creating or updating an admin.
| Role key | Label | Default scope |
|---|---|---|
super_admin | Super administrador | global |
platform_admin | Administrador plataforma | global |
country_admin | Administrador pais | country |
city_admin | Administrador ciudad | city |
zippi_branch_admin | Administrador sucursal Zippi | zippi_branch |
operations_admin | Administrador operaciones | city |
finance_admin | Administrador financiero | city |
support_agent | Agente soporte | city |
business_owner | Dueño de negocio | business_group |
business_admin | Administrador negocio | business |
business_branch_admin | Administrador sucursal negocio | business_branch |
kitchen_staff | Cocina | business_branch |
cashier | Cajero | business_branch |
waiter | Mesero | business_branch |
delivery_driver | Domiciliario | self |
customer | Cliente | self |
default_scope_type. The scope_type supplied in a create/update request must match the role’s default scope type; mismatches are rejected with 422.
GET /api/v1/auth/admins
Requiresadmins.read permission. Returns a paginated, filterable list of admin accounts ordered by active status (active first), then name ascending.
Page number (1-based).
Records per page. Clamped to a maximum of
100.Full-text search across admin name, email, and scope label.
When
true (or 1/yes/si), returns only active admins. When false, returns only inactive. Omit to return all.Filter by exact role key (e.g.,
city_admin, business_admin).Filter by scope type key (e.g.,
city, business). Using global also matches records where scope_tipo is NULL.200 OK
List of serialized admin objects. Each entry includes the full access profile from
build_access_profile().Current page number.
Records per page as applied.
Total matching records across all pages.
POST /api/v1/auth/admins
Requiresadmins.manage permission. Creates a new admin account. Returns 409 Conflict if an admin with the same email already exists.
Admin’s full name. Maximum 120 characters.
Admin’s unique email address. Normalized to lowercase. Maximum 160 characters.
Initial password. Minimum 6 characters, maximum 120 characters. Stored as a
pbkdf2:sha256 hash.One of the 16 role keys listed in the Role reference table above. Must be a valid console role.
Scope type key. Must match the role’s
default_scope_type. Omit to use the role default.Accepted values: global · country · city · zippi_branch · business_group · business · business_branch · selfDatabase ID of the scoped entity. Required for all non-global scope types. Must be a positive integer. For
business and business_branch scopes, the referenced entity must exist and be active.Human-readable label for the scope (e.g.,
"Bogotá", "Pizza Palace - Chapinero"). Required for non-business/non-global scopes if no entity name can be resolved automatically. Maximum 160 characters.201 Created
Returns the same admin object shape as the list endpoint, including the resolved build_access_profile() fields.
GET /api/v1/auth/admins/:admin_id
Requiresadmins.read permission. Returns the serialized admin object for the given admin ID.
The numeric admin ID (
id_admin).200 OK
404 Not Found if the admin does not exist.
GET /api/v1/auth/admins/:admin_id/detail
Requiresadmins.read permission. Returns the admin record plus an enriched access breakdown (modules with routes and labels, permissions with descriptions) and a top-level event_summary.
The numeric admin ID.
200 OK
Full admin record (same as the single-admin GET endpoint).
GET /api/v1/auth/admins/:admin_id/events
Requiresadmins.read permission. Returns the paginated activity log for a specific admin — events where this admin was either the actor or the target. Results are ordered by fecha_evento descending.
The numeric admin ID.
Page number (1-based).
Items per page. Clamped to a maximum of
100.200 OK
POST /api/v1/auth/admins/:admin_id/revoke-sessions
Requiresadmins.manage permission. Increments the target admin’s token_version, immediately invalidating all their active JWT sessions. Any currently-active access token for that admin will be rejected on the next token validation call. A sessions_revoked audit event is recorded.
The numeric admin ID whose sessions should be revoked.
200 OK
The updated admin record. The
token_version will be incremented by 1.ISO 8601 UTC timestamp of the revocation.
true if the requesting admin revoked their own sessions.PATCH /api/v1/auth/admins/:admin_id
Requiresadmins.manage permission. Partially updates an admin account. At least one valid field must be present in the request body. If password is changed, the admin’s token_version is incremented and all active sessions are revoked automatically.
An admin cannot use this endpoint to deactivate their own account, change their own role, or modify their own scope. Attempting to do so returns
409 Conflict. These self-protection rules apply only when the authenticated viewer is the same admin being edited.The numeric admin ID to update.
Updated display name. Maximum 120 characters.
Updated email address. Must be unique. Returns
409 if another admin already holds this email.New password. Minimum 6 characters. Triggers automatic session revocation and
token_version increment.New role key from the Role reference table.
New scope type. Must match the new role’s
default_scope_type.New scope entity ID. Required when the new scope type is non-global.
New scope label. Maximum 160 characters.
Set to
false to deactivate (cannot deactivate your own account). Set to true to reactivate.200 OK
Returns the updated admin object. The tipo_evento in the audit log will be one of admin_updated, admin_deactivated, or admin_reactivated depending on the activo state change.
DELETE /api/v1/auth/admins/:admin_id
Requiresadmins.manage permission. Deactivates an admin account.
The numeric admin ID to deactivate.
200 OK
activo: false and an incremented token_version. An admin_deactivated audit event is recorded.
How build_access_profile() shapes the response
Every admin response object (from list, create, get, update, and delete) is serialized usingbuild_access_profile(). This function accepts the raw role, scope_type, scope_id, and scope_label stored in the database and returns a fully resolved profile. The resulting fields are:
| Field | Description |
|---|---|
rol | Normalized role key |
role_label | Human-readable role name |
role_description | One-sentence role description |
surface | UI surface identifier |
home_route | Default post-login route |
permissions | Expanded list of permission strings |
modules | List of accessible module keys |
scope_type | Resolved scope type key |
scope_id | Scoped entity ID (null for global) |
scope_label | Human-readable scope label |
catalog.manage will also have all fine-grained catalog.* action permissions (catalog.create, catalog.edit_price, etc.) included in their permissions array.