Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Danielsl4/TFG_DAM_2526_Consulta/llms.txt

Use this file to discover all available pages before exploring further.

The API uses JWT (JSON Web Token) bearer authentication. Obtain a token by registering or logging in, then include it in the Authorization header on every request to a protected endpoint.

Authentication flow

1

Create an account or log in

Call POST /register to create a new account, or POST /login if you already have one. Both endpoints return a JWT on success.
2

Verify your email

After registering, check your inbox and click the verification link. Your account must be verified before you can log in.
3

Pass the token on every request

Include the token in the Authorization header of every request to a protected endpoint.
Authorization: Bearer <your-token>

Token expiry

Token lifetime depends on the account role:
RoleExpiry
admin6 hours
referee6 hours
user7 days
When a token expires, call /login again to obtain a fresh one.

Authorization middleware

MiddlewareBehaviour
verifyTokenRequired on protected routes. Returns 401 if no token is provided or the token is invalid/expired.
optionalVerifyTokenUsed on public routes that behave differently when a user is authenticated. Proceeds even if no token is supplied.
verifyAdminRequires role: admin. Returns 403 otherwise.
verifyRefereeRequires role: referee or role: admin. Returns 403 otherwise.
verifyMatchLockRequires that the caller holds the lock on a match, or that the lock is expired. Returns 409 if another user holds an active lock.

Endpoints

Auth endpoints are rate-limited to 10 requests per IP per 15 minutes. Exceeding the limit returns a 429 response with a retry message.

POST /register

Create a new user account. A verification email is sent automatically. The account must be verified before the user can log in.

Request body

username
string
required
Unique username. Checked case- and accent-insensitively.
email
string
required
Unique email address. Checked case-insensitively.
password
string
required
Plain-text password. Stored as a bcrypt hash (cost 10).

Responses

message
string
Confirmation that the account was created and that a verification email has been sent.
user
object
StatusCause
201Account created
400Missing username, email, or password
409Username or email already taken
500Server error

POST /login

Authenticate with a username (or email) and password. Returns a signed JWT on success.
The username field accepts either a username or an email address.

Request body

username
string
required
The account’s username or email address. Matched case- and accent-insensitively.
password
string
required
The account password.

Responses

token
string
A signed JWT. Include this value as Authorization: Bearer <token> on subsequent requests.
StatusCause
200Login successful
400Missing username or password
401Wrong credentials
403Account is inactive or email is not yet verified
500Server error

Example

login
curl -X POST http://localhost:3000/login \
  -H "Content-Type: application/json" \
  -d '{"username": "myuser", "password": "mypassword"}'
use the token
curl http://localhost:3000/matches \
  -H "Authorization: Bearer <your-token>"

POST /forgot-password

Request a password-reset link by email. For security, the response is always a success message regardless of whether the email is registered.
The reset link sent to the user’s inbox expires after 15 minutes.

Request body

email
string
required
The email address associated with the account.

Responses

message
string
A generic confirmation message. Returned even if the email is not found.
StatusCause
200Request processed (email may or may not have been sent)
400Missing email
500Server error or mail delivery failure

POST /reset-password

Set a new password using the token from the password-reset email.

Request body

token
string
required
The reset token from the emailed link. Valid for 15 minutes.
newPassword
string
required
The new plain-text password to set.

Responses

message
string
Confirmation that the password was updated.
StatusCause
200Password updated — { "message": "Contraseña actualizada correctamente." }
400Missing fields, or the token is invalid or has expired
500Server error

POST /resend-verification

Resend the account verification email. Provide either email or username.

Request body

email
string
Email address of the unverified account.
username
string
Username of the unverified account.
At least one of email or username is required.

Responses

message
string
Confirmation that the verification email was resent.
StatusCause
200Verification email sent
400Neither email nor username provided, or account is already verified
404No account found for the given email or username
500Server error or mail delivery failure

GET /verify-email/:token

Verify an account using the token from the verification email. On success, the account is activated and a JWT is returned for automatic login.

Path parameters

token
string
required
The verification token from the emailed link.

Responses

message
string
Confirmation that the account was verified.
token
string
A signed JWT — the same format returned by /login. Use it to authenticate subsequent requests without requiring a separate login step.
StatusCause
200Account verified and JWT returned
400Token is invalid or account is already verified
500Account verified but JWT generation failed

Build docs developers (and LLMs) love

Get started for freeTalk to us