The user-management endpoints allow administrative roles to inspect and control portal user accounts. Every query and mutation is automatically scoped to the caller’sDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/CodexaCP/SERVICIOS-BACK/llms.txt
Use this file to discover all available pages before exploring further.
companyId and role as read from the JWT claims, so cross-company access is prevented at the repository layer. The GET /api/auth/me endpoint lets any authenticated user inspect their own identity claims without exposing user-management capabilities.
GET /api/auth/users — List portal users
| Method | URL |
|---|---|
GET | /api/auth/users |
GET | /api/v1/auth/users |
SUPER_ADMIN, ADMIN_GENERAL, GESTOR_SUPREMO, GESTOR.
Returns a paginated-style list of portal users visible to the caller. The database layer filters results by the caller’s CompanyID and enforces the role hierarchy, so a GESTOR only sees users they are permitted to manage.
Query parameters
Free-text search term matched against username, email, first name, and last name.
Filter by exact role name. Valid values:
SUPER_ADMIN, ADMIN_GENERAL, GESTOR_SUPREMO, GESTOR, CUSTOMER.When
true, returns only users with IsActive = true. When false, returns only inactive users. Omit to return all users regardless of status.Response fields
Array of user objects. See fields below.
Total count of users returned (equals
data.length).data contains:
Numeric user ID.
Company the user belongs to.
Name of the company.
Login username.
First name.
Last name.
Email address.
E.164 normalised phone number.
Role name assigned to the user.
Whether the user can currently log in.
Whether the user is required to change their password on next login.
UTC creation timestamp.
UTC last-update timestamp, or
null if never updated.Example request
Example response
GET /api/auth/users/ — Fetch a single user
| Method | URL |
|---|---|
GET | /api/auth/users/{id} |
GET | /api/v1/auth/users/{id} |
SUPER_ADMIN, ADMIN_GENERAL, GESTOR_SUPREMO, GESTOR.
Returns the full PortalUserDto for a single user. Returns 404 if the user does not exist or is outside the caller’s company/role scope — the response is intentionally ambiguous to prevent user enumeration across companies.
Path parameters
Numeric ID of the user to fetch.
Example request
Example response
Error responses
| HTTP status | Body | Cause |
|---|---|---|
404 Not Found | — | User not found or outside the caller’s visible scope |
PATCH /api/auth/users//toggle — Toggle active status
| Method | URL |
|---|---|
PATCH | /api/auth/users/{id}/toggle |
PATCH | /api/v1/auth/users/{id}/toggle |
SUPER_ADMIN, ADMIN_GENERAL, GESTOR_SUPREMO, GESTOR.
Flips the IsActive flag of the specified user. If the user is currently active, they become inactive (and cannot log in); if inactive, they become active again. No request body is required.
Path parameters
Numeric ID of the user to toggle.
Response
Returns204 No Content on success with an empty body.
Example request
This endpoint writes an audit event with
Action = "TOGGLE_USER_STATUS" scoped to the caller’s identity and IP address.DELETE /api/auth/users/ — Delete a portal user
| Method | URL |
|---|---|
DELETE | /api/auth/users/{id} |
DELETE | /api/v1/auth/users/{id} |
SUPER_ADMIN only.
Performs a logical deletion: the user’s account is deactivated and their access is revoked. No data is physically removed from the database.
If the user has pending service requests (requests that have not yet reached a terminal state), the deletion is deferred: the user is immediately deactivated but flagged as pendingDeletion = true. The account will be fully cleaned up once all associated service requests are closed.
An audit event with Action = "DELETE_PORTAL_USER" is written on every call.
Path parameters
Numeric ID of the user to delete.
Response fields
false — the user was deactivated immediately with no outstanding requests.true — the user was deactivated but has pending service requests; full deletion is deferred.Human-readable description of the outcome, in Spanish.
Example request
Example response — immediate deletion
Example response — deferred deletion
Error responses
| HTTP status | Body | Cause |
|---|---|---|
401 Unauthorized | — | Missing or invalid token |
403 Forbidden | — | Caller is not SUPER_ADMIN |
GET /api/auth/companies — List active companies
| Method | URL |
|---|---|
GET | /api/auth/companies |
GET | /api/v1/auth/companies |
SUPER_ADMIN only.
Returns all active companies registered in the platform. Useful when creating internal users via POST /api/auth/register/internal and a SUPER_ADMIN needs to pick a target company.
Response fields
Each item in the returned array contains:Numeric company identifier.
Display name of the company.
Example request
Example response
GET /api/auth/me — Current user identity
| Method | URL |
|---|---|
GET | /api/auth/me |
GET | /api/v1/auth/me |
Response fields
Numeric ID of the authenticated user.
Numeric ID of the user’s company.
Role name from the JWT claim (e.g.
"CUSTOMER", "GESTOR", "SUPER_ADMIN").