Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Carlos-Gnd/FERRED-Inventario-y-Ventas/llms.txt

Use this file to discover all available pages before exploring further.

User management in Ferred is restricted to the Administrator role. Admins can create new users, assign roles (ADMIN, CAJERO, BODEGA), assign a branch (sucursalId), and activate/deactivate accounts. An admin can only manage users who belong to the same branch — cross-branch operations return 403. Base URL: https://server-production-3252.up.railway.app
Passwords are never returned in any response. The server stores a bcrypt hash (contrasenaHash) internally and never exposes it through the API.
Deactivating a user (DELETE /api/usuarios/:id) sets activo = false in the database, but does not immediately invalidate any JWT tokens the user currently holds. Existing tokens remain valid until they naturally expire. If immediate revocation is required, the JWT secret must be rotated server-side.

GET /api/usuarios

Returns all users belonging to the authenticated admin’s branch. Supports optional filtering by role, active status, and name/email search. Required role: ADMIN

Query parameters

buscar
string
Free-text search against nombre and email (case-insensitive).
rol
string
Filter by role. One of: ADMIN, CAJERO, BODEGA.
activo
boolean
Filter by account status. Pass true for active accounts, false for deactivated.

Response

Array of user objects, ordered by id descending.
id
number
Internal user ID.
nombre
string
Display name.
email
string
Email address (normalized to lowercase).
rol
string
Assigned role: ADMIN, CAJERO, or BODEGA.
sucursalId
number | null
ID of the branch this user belongs to.
activo
boolean
Whether the account is active.
creadoEn
string
ISO 8601 timestamp when the account was created.
list users
curl --request GET \
  --url 'https://server-production-3252.up.railway.app/api/usuarios?rol=CAJERO&activo=true' \
  --header 'Authorization: Bearer <token>'

GET /api/usuarios/:id

Returns a single user by ID. The user must belong to the authenticated admin’s branch. Required role: ADMIN

Path parameters

id
number
required
ID of the user to retrieve.

Response

Single user object (same shape as list response, without creadoEn).

Error responses

StatusCondition
400id is not a finite number.
403The user belongs to a different branch than the admin.
404No user found with the given ID.

POST /api/usuarios

Creates a new user account. The new user is automatically assigned to the authenticated admin’s branch — you cannot create a user in a different branch. Required role: ADMIN

Request body

nombre
string
required
Display name. Minimum 2 characters.
email
string
required
Email address. Must be a valid email format and unique across all users. Normalized to lowercase before storage.
contrasena
string
required
Plain-text password. Minimum 6 characters. Hashed with bcrypt (12 rounds) before storage and never returned.
rol
string
required
Role to assign. One of: ADMIN, CAJERO, BODEGA.
sucursalId
number
required
Branch ID to assign the user to. Must match the authenticated admin’s own sucursalId.
activo
boolean
default:"true"
Whether the account is active immediately upon creation.

Response

mensaje
string
Confirmation: "Usuario creado".
usuario
object
The newly created user profile (password hash is never included).

Error responses

StatusCondition
400Validation failed, or the email is already registered.
403sucursalId does not match the admin’s own branch.
create user
curl --request POST \
  --url https://server-production-3252.up.railway.app/api/usuarios \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "nombre": "María López",
    "email": "maria.lopez@ferred.sv",
    "contrasena": "segura123",
    "rol": "CAJERO",
    "sucursalId": 1
  }'

PUT /api/usuarios/:id

Updates an existing user’s profile. All fields are optional (partial update). The user’s sucursalId cannot be changed through this endpoint — branch membership is fixed at creation time. Required role: ADMIN

Path parameters

id
number
required
ID of the user to update. Must belong to the admin’s branch.

Request body

nombre
string
New display name. Minimum 2 characters.
email
string
New email address. Must be valid and unique.
contrasena
string
New plain-text password. Minimum 6 characters. Re-hashed before storage. Omit to leave the existing password unchanged.
rol
string
New role: ADMIN, CAJERO, or BODEGA.
activo
boolean
Account active status.

Response

mensaje
string
Confirmation: "Usuario actualizado".
usuario
object
The updated user profile (same shape as create response, no password).

Error responses

StatusCondition
400Validation failed.
403The target user belongs to a different branch.
404No user found with the given ID.

DELETE /api/usuarios/:id

Soft-deactivates a user account by setting activo = false. The user can no longer log in, but their historical data (sales, sync logs) is preserved. Required role: ADMIN

Path parameters

id
number
required
ID of the user to deactivate. Must belong to the admin’s branch.

Response

mensaje
string
Confirmation: "Usuario desactivado correctamente".

Error responses

StatusCondition
400id is not a finite number.
403The target user belongs to a different branch.
404No user found with the given ID.

Build docs developers (and LLMs) love

Get started for freeTalk to us