Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/CodexaCP/SERVICIOS-BACK/llms.txt

Use this file to discover all available pages before exploring further.

This guide walks you from a fresh clone to a running API with a valid JWT token and a successful call to the service catalog. The whole process takes about ten minutes assuming SQL Server is already installed.
Swagger UI is only available when ASPNETCORE_ENVIRONMENT is set to Development. It is intentionally disabled in Production to avoid exposing the API schema publicly.
1

Prerequisites

Before you begin, make sure the following are in place:
  • .NET 8 SDK installed — verify with dotnet --version (must be 8.x).
  • SQL Server (Express or Developer edition) accessible at .\SQLEXPRESS with the EncomiendasDB database created. You can create the empty database in SSMS with:
    CREATE DATABASE EncomiendasDB;
    
  • Git to clone the repository.
Clone the backend repository and enter the project directory:
git clone <repository-url> SERVICIOS-BACK
cd SERVICIOS-BACK
2

Configure appsettings.json

Open appsettings.json (or create appsettings.Development.json to override locally) and verify the connection string and JWT settings match your environment.The defaults assume a local SQL Server Express instance:
{
  "ConnectionStrings": {
    "DefaultConnection": "Server=.\\SQLEXPRESS;Database=EncomiendasDB;Trusted_Connection=True;TrustServerCertificate=True"
  },
  "Jwt": {
    "Key": "r9il4rb2SzYJuyKn7u+OJw/3wQ+et8jFUqCbEVXXNzk=",
    "Issuer": "EncomiendasAPI"
  }
}
Adjust Server= if your SQL Server instance name differs (e.g., Server=localhost for a default instance or Server=.\SQLSERVER2022 for a named one).
The Jwt:Key value shown above is the repository default and must be replaced with a strong, randomly generated secret before deploying to any shared or production environment. Anyone who knows this key can mint valid tokens for your API. See the Configuration page for guidance on moving secrets out of the config file.
3

Run database migrations

All schema objects and stored procedures live in the Database/Migrations/ folder. Apply the SQL files in date order using SSMS or sqlcmd.With sqlcmd (run from the repo root):
sqlcmd -S .\SQLEXPRESS -d EncomiendasDB -i "Database/Migrations/2026-04-20_auth_customer.sql"
sqlcmd -S .\SQLEXPRESS -d EncomiendasDB -i "Database/Migrations/2026-04-20_services_hardening.sql"
sqlcmd -S .\SQLEXPRESS -d EncomiendasDB -i "Database/Migrations/2026-04-21_company1_default_services.sql"
sqlcmd -S .\SQLEXPRESS -d EncomiendasDB -i "Database/Migrations/2026-04-21_internal_user_registration.sql"
sqlcmd -S .\SQLEXPRESS -d EncomiendasDB -i "Database/Migrations/2026-04-22_role_hierarchy.sql"
Order matters — later scripts depend on tables and procedures created by earlier ones. After all files have been applied without errors, the database is ready.
4

Start the API

From the project root, run:
dotnet run --launch-profile https
The API starts on two endpoints simultaneously:
ProtocolURL
HTTPShttps://localhost:7177
HTTPhttp://localhost:5258
Once the console shows Application started, open Swagger UI in your browser:
https://localhost:7177/swagger
You will see all available controllers and endpoints. The Swagger definition includes the Bearer security scheme so you can authorize directly in the UI after obtaining a token in the next step.If you need the API reachable from another device on your LAN (for example, when testing the Android app against a local server), use the lan launch profile instead:
dotnet run --launch-profile lan
This binds to 0.0.0.0:7177 and 0.0.0.0:5258.
5

Authenticate and make your first request

Obtain a JWT token

Send a POST request to /api/auth/login with valid credentials:
curl -X POST https://localhost:7177/api/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"companyId":1,"username":"admin@example.com","password":"YourPassword1!"}'
A successful response returns the token and a flag that tells the client whether the user must change their password before proceeding:
{
  "token": "eyJ...",
  "mustChangePassword": false
}
Copy the token value. Any internally created user has mustChangePassword: true on first login and must call POST /api/auth/change-password before other actions are permitted.

Fetch available services

Use the token as a Bearer credential to call the service catalog:
curl https://localhost:7177/api/services/available \
  -H 'Authorization: Bearer eyJ...'
The response is a JSON array of active, non-deleted services visible to your company. Each service includes its name, description, price, estimated time, category, and whether it accepts an optional file attachment (PermiteAdjunto).From here you can explore the full API surface:
  • Browse services by categoryGET /api/services/by-category
  • Create a service request — first upload a payment voucher to POST /api/uploads/payment, then POST /api/servicerequests with the returned imageUrl
  • Track your requestsGET /api/servicerequests/my
  • System health (admin only, when Diagnostics:EnableDiagnostics is true) — GET /api/v1/system/*

Build docs developers (and LLMs) love