ServiciosYa API follows the standard ASP.NET Core configuration hierarchy: values inDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/CodexaCP/SERVICIOS-BACK/llms.txt
Use this file to discover all available pages before exploring further.
appsettings.json provide the baseline, appsettings.{Environment}.json overrides per environment (e.g. appsettings.Production.json), and environment variables override everything. This means you never need to modify the committed config file in production — you simply inject secrets as environment variables on the host or in your container orchestrator.
ConnectionStrings
The ADO.NET connection string passed to
Microsoft.Data.SqlClient by DbConnectionFactory. All Dapper queries and stored-procedure calls use this single connection factory.Default (local development):Trusted_Connection=Trueuses Windows Integrated Security — no username/password in the string.TrustServerCertificate=Truebypasses SSL certificate validation, which is fine for a local Express instance but should be reviewed for production.
Trusted_Connection=True with an explicit SQL Server login or, on Azure, a managed identity connection string. Never commit production credentials to source control.
Jwt
JWT tokens are validated on every authenticated request. BothValidIssuer and ValidAudience are set to the same Jwt:Issuer value, so the issuer string appears in all generated tokens and must match exactly on validation.
The symmetric HMAC-SHA256 signing key, Base64-encoded. The key must be long enough to satisfy the algorithm’s minimum key size.Default:
r9il4rb2SzYJuyKn7u+OJw/3wQ+et8jFUqCbEVXXNzk=The issuer string embedded in generated tokens and validated on every request. Also used as
ValidAudience.Default: EncomiendasAPIThe production appsettings.Production.json ships with "Issuer": "TramiYaAPI" — update this to reflect your actual production domain or service name.Enabled is false (the default), the IPasswordResetNotificationService is registered but does nothing — password-reset flows that require an OTP delivery will silently no-op.
Master switch for email delivery. Set to
true to activate OTP password-reset emails. All other Email settings are ignored when this is false.Default: falseSMTP server hostname (e.g.
smtp.sendgrid.net, smtp.office365.com).Default: "" (empty)SMTP port. 587 is the standard submission port with STARTTLS.Default:
587SMTP authentication username.Default:
"" (empty)SMTP authentication password. Store this in an environment variable or secrets manager — never commit a real password to
appsettings.json.Default: "" (empty)The
From email address for outgoing messages (e.g. noreply@tramiya.com.py).Default: "" (empty)The display name shown as the sender in email clients.Default:
"ServiciosYa"Whether to use SSL/TLS for the SMTP connection. Should remain
true for any real SMTP provider.Default: truePasswordReset
These settings govern the OTP-based password-reset flow: how long a code is valid, how many digits it has, and how many attempts or requests are allowed before the flow is locked out.How long (in minutes) a generated OTP code remains valid. Clamped between 10 and 15 minutes.Default:
10Number of digits in the generated OTP code. Clamped between 6 and 8.Default:
6Maximum number of failed OTP verification attempts before the code is invalidated.Default:
5Maximum number of new OTP requests a user can make within the
RequestWindowMinutes window, preventing abuse.Default: 3Duration (in minutes) of the sliding window used to count OTP requests against
MaxRequestsPerWindow.Default: 15Diagnostics
The Diagnostics section gates the entire/api/v1/system/* endpoint group. When EnableDiagnostics is false, all system endpoints return 404 regardless of the caller’s role.
Master switch for the
/api/v1/system/* diagnostic endpoints (health, metrics, audit log queries).Default: trueWhen
true, error responses may include stack traces or internal details. Keep false in production to avoid leaking implementation details.Default: falseHow many days of audit log records are retained or surfaced by the diagnostics endpoints.Default:
90The rolling time window (in minutes) used by the in-memory
ISystemMetricsService when computing request-rate and error-rate metrics.Default: 5Versioning
The Versioning section allows the API to communicate its own version and the minimum/recommended version of the Android APK to clients that call the version-check endpoint. This lets the mobile app prompt users to update without a forced update gate.Semantic version string of the running API, returned in version-check responses.Default:
"1.0.0"The oldest APK version that is still compatible with this API. Clients below this version should be forced to update.Default:
"1.0.0"The APK version recommended to users (typically the latest stable release). Clients below this version may receive a soft update prompt.Default:
"1.0.0"Production appsettings skeleton
Use this skeleton as yourappsettings.Production.json. Sensitive values are intentionally left as placeholder strings; supply them via environment variables so that no real secret is ever committed to the repository.