ServiciosYa exposes two distinct user-registration flows. The first is a fully public endpoint that allows customers to create their own accounts. The second is a protected endpoint used by administrators and managers to create internal staff accounts; it enforces a role hierarchy so that a caller can only assign roles equal to or below their own level in the hierarchy. Both flows assign an initial password ofDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/CodexaCP/SERVICIOS-BACK/llms.txt
Use this file to discover all available pages before exploring further.
123456 and set mustChangePassword = true, so every newly registered user is required to change their password on first use.
POST /api/auth/register — Public customer registration
| Method | URL |
|---|---|
POST | /api/auth/register |
POST | /api/v1/auth/register |
companyId is always forced to 1 (the base ServiciosYa company) by the server and cannot be overridden by the caller. The phone field is normalised to E.164 format by PhoneNumberPolicy before it is stored.
Request body
Desired login username. Must be unique within the company. Typically an email address, but any non-empty string is accepted.
User’s email address. Must be unique within the company.
User’s phone number. Normalised to E.164 format (e.g.
+595981123456). Raw digits, country-prefixed strings, or formatted numbers are all accepted; the server strips non-numeric characters and infers the country from phoneCountryIso or from the leading digits.ISO 3166-1 alpha-2 country code used to resolve the dial prefix for
phone. Supported values: PY, AR, BR, US. When omitted, the API attempts to infer the country from the number itself.User’s first name.
User’s last name.
Response fields
On success the endpoint returns200 OK with the same shape as POST /api/auth/login.
Signed JWT Bearer token for immediate use.
Always
true for newly registered users. The user must call POST /api/auth/change-password before using other endpoints.Example request
Example response
Error responses
| HTTP status | Body | Cause |
|---|---|---|
400 Bad Request | {"error": "El formato del número de celular no es válido para el país seleccionado."} | Phone number cannot be normalised for the given country |
500 / DB error | SQL-thrown message | Username ya registrado. or Email ya registrado. — uniqueness enforced in the stored procedure |
POST /api/auth/register/internal — Internal user registration
| Method | URL |
|---|---|
POST | /api/auth/register/internal |
POST | /api/v1/auth/register/internal |
SUPER_ADMIN, ADMIN_GENERAL, GESTOR_SUPREMO, GESTOR.
This endpoint creates staff accounts according to a strict role hierarchy. The caller may only assign roles that are subordinate to their own. The server reads the caller’s role and companyId directly from the JWT claims; they cannot be spoofed via the request body.
Role hierarchy
| Caller role | Can create roles |
|---|---|
SUPER_ADMIN | ADMIN_GENERAL, GESTOR_SUPREMO, GESTOR, CUSTOMER |
ADMIN_GENERAL | GESTOR_SUPREMO, GESTOR, CUSTOMER |
GESTOR_SUPREMO | GESTOR, CUSTOMER |
GESTOR | CUSTOMER only |
Request body
Desired login username for the new internal user.
Email address for the new internal user.
Phone number. Normalised to E.164 format using the same rules as the public registration endpoint.
ISO country code used for phone normalisation (
PY, AR, BR, US).First name of the new user.
Last name of the new user.
Role to assign to the new user. Must be one of the roles the caller is permitted to create (see hierarchy table above). Valid values:
ADMIN_GENERAL, GESTOR_SUPREMO, GESTOR, CUSTOMER.Company to assign the new user to. Only
SUPER_ADMIN callers may specify a company other than their own. For all other roles, this field is ignored and the caller’s own companyId is used.Response fields
On success the endpoint returns200 OK with the full PortalUserDto object for the created user.
Numeric ID assigned to the new user.
Company the user was created in.
Name of the company.
Login username.
First name.
Last name.
Email address.
Normalised E.164 phone number.
Assigned role name.
Always
true for newly created users.Always
true — the initial password is 123456.UTC timestamp of creation.
UTC timestamp of last update, or
null.Example request
Example response
Error responses
| HTTP status | Body | Cause |
|---|---|---|
400 Bad Request | {"error": "El formato del número de celular no es válido..."} | Phone normalisation failure |
401 Unauthorized | — | Missing or invalid token |
403 Forbidden | — | Caller role not permitted to use this endpoint |
500 / DB error | SQL-thrown message | Role hierarchy violation or duplicate username/email |
Phone number normalisation
ThePhoneNumberPolicy utility strips all non-numeric characters, resolves the national number, and prefixes the E.164 dial code. Supported countries and their rules:
| ISO | Dial code | National digits |
|---|---|---|
PY | +595 | 9 |
AR | +54 | 10 |
BR | +55 | 10–11 |
US | +1 | 10 |
phoneCountryIso is omitted, the API infers the country from the leading digits of the submitted number. Submission fails with 400 if the country cannot be determined or the digit count does not match the country’s rule.