The Maintenance API manages the monthly preventive maintenance cycle for water dispenser fleets. Each month a batch ofDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/GianlucaBessone/HDB-Service/llms.txt
Use this file to discover all available pages before exploring further.
MaintenanceSchedule records is generated — one per active dispenser — and technicians then visit, complete a structured checklist, and obtain a digital signature from the customer representative. The resulting MaintenanceApproval carries a SHA-512 + AES-256-GCM cryptographic signature that can be independently verified without authentication.
GET /api/maintenance
Returns all maintenance schedules matching the supplied filters, ordered byscheduledMonth (descending) then dispenserId (ascending). Each schedule includes the linked dispenser and its checklist.
Required permission: maintenance:read
Query parameters
Filter by scheduled month in
YYYY-MM format (e.g. 2024-06).Filter by the plant ID of the dispenser’s current location.
Filter by schedule status. Accepted values:
PENDING, COMPLETED, OVERDUE, EXPIRED, SIGNED.Response fields
Array of schedule objects. Each object contains:
Schedule ID (CUID).
Associated dispenser ID.
Month in
YYYY-MM format.Current schedule status.
Nested dispenser with
id, marca, modelo, and its location (including plant.nombre).Linked checklist if completed;
null if the visit has not occurred yet.ID of the linked
MaintenanceApproval if signed.ISO 8601 creation timestamp.
Example
Error cases
| Status | Description |
|---|---|
401 | Missing or invalid authentication session. |
403 | Caller lacks maintenance:read. |
POST /api/maintenance/generate
GeneratesPENDING maintenance schedules for a given month. The endpoint iterates over all active dispensers with status IN_SERVICE, BACKUP, UNDER_REPAIR, or IN_TECHNICAL_SERVICE, and creates one schedule per dispenser that does not already have one for the requested month. Existing schedules are silently skipped.
Required permission: maintenance:write
Request body
Target month in
YYYY-MM format (e.g. "2024-07"). Must match the pattern exactly — any other format returns 400.Response fields
true when the operation completed without error.Human-readable summary of results.
Number of new schedule records created.
Number of dispensers that already had a schedule for the month and were therefore skipped.
Example
Error cases
| Status | Description |
|---|---|
400 | month is missing or does not match YYYY-MM. |
401 | Missing or invalid authentication session. |
403 | Caller lacks maintenance:write. |
POST /api/maintenance/{id}/checklist
Submits a maintenance checklist for a schedule and transitions it toCOMPLETED. The operation is fully transactional: consumables/spare parts consumed during the visit are deducted from plant inventory in the same atomic unit.
This endpoint can only be called once per schedule. A
400 error is returned if a checklist already exists for the schedule.maintenance:write
Request body
Overall equipment condition. Accepted values:
GOOD, FAIR, POOR, CRITICAL.List of detected failures or malfunctions. Stored as a JSON array.
List of structural or physical problems observed. Stored as a JSON array.
Free-text observations and technician notes.
Consumables and spare parts installed during the visit. Stock is deducted from the dispenser’s plant inventory.
Response fields
true when checklist and schedule were updated successfully.The newly created checklist record.
The updated schedule with
status: "COMPLETED".Example
Error cases
| Status | Description |
|---|---|
400 | condicionGeneral is missing, or the checklist was already submitted for this schedule, or insufficient stock for a listed consumable. |
401 | Missing or invalid authentication session. |
403 | Caller lacks maintenance:write. |
404 | Schedule not found. |
POST /api/maintenance/{id}/complete
An alternative completion endpoint that creates both the checklist and marks the scheduleCOMPLETED in one step. Unlike the dedicated /checklist endpoint, this variant also accepts fotosUrls for photo evidence and is intended for mobile flows where photos are uploaded as part of completion.
Required permission: maintenance:write
Request body
Overall equipment condition. Accepted values:
GOOD, FAIR, POOR, CRITICAL.List of detected failures.
List of structural problems.
Free-text observations.
Array of photo URLs or base64-encoded image strings captured during the visit.
Response fields
Schedule ID.
Always
COMPLETED on success.The associated dispenser ID.
Month in
YYYY-MM format.Example
Error cases
| Status | Description |
|---|---|
400 | condicionGeneral is missing, or the schedule is already COMPLETED. |
401 | Missing or invalid authentication session. |
403 | Caller lacks maintenance:write. |
404 | Schedule not found. |
GET /api/maintenance/approvals
Returns all maintenance approvals that carry a digital signature (signatureData or signatureHash is present), ordered newest-first. Each approval includes the linked technician and all associated maintenance schedules with their dispenser and location data.
Required permission: maintenance:read
Query parameters
Filter approvals where at least one linked schedule belongs to a dispenser at the given plant.
ISO 8601 date — returns approvals created on or after this date.
ISO 8601 date — returns approvals created on or before this date (time is set to 23:59:59.999).
Case-insensitive search across
customerName, customerIdentity, and linked dispenserId values.Response fields
Array of approval objects. Each object contains:
Approval ID (CUID).
Name of the customer representative who signed.
DNI or identification number of the signer.
SHA-512 hex digest (128 characters) of the signature payload.
ISO 8601 timestamp of the signing event.
Technician who created the approval:
nombre, email.Associated schedules, each with the full dispenser and location tree.
ISO 8601 creation timestamp.
Example
Error cases
| Status | Description |
|---|---|
401 | Missing or invalid authentication session. |
403 | Caller lacks maintenance:read. |
POST /api/maintenance/approvals
Creates a new maintenance approval record grouping one or more completed maintenance schedules under a single digital signature session. The approval is created with an empty signature and must be subsequently signed by the customer representative on the technician’s device. Required permission:maintenance:write
All schedule IDs listed in
scheduleIds must already have COMPLETED status. Passing any schedule that is not COMPLETED returns 400.Request body
Non-empty array of
MaintenanceSchedule IDs to group under this approval. All referenced schedules must be in COMPLETED status.Response fields
The newly created
MaintenanceApproval ID. Pass this to the signing UI and then to the verify endpoint.Example
Error cases
| Status | Description |
|---|---|
400 | scheduleIds is missing, empty, or one or more schedules are not in COMPLETED status. |
401 | Missing or invalid authentication session. |
403 | Caller lacks maintenance:write. |
POST /api/maintenance/approvals/{id}/verify
Verifies the cryptographic integrity of a maintenance approval signature. The endpoint retrieves the storedencryptedHash and hashPayload, decrypts the hash with AES-256-GCM, recomputes the SHA-512 digest from the raw payload, and compares both using a timing-safe equality check.
This endpoint requires maintenance:read permission to prevent unauthenticated enumeration.
Required permission: maintenance:read
Request body
This endpoint does not accept a request body. The approval is identified by{id} in the URL path.
Response fields
true if the decrypted stored hash matches the recomputed SHA-512 digest of the raw payload; false if the signature has been tampered with or decryption fails.The SHA-512 hex digest recovered by decrypting the stored
encryptedHash. Empty string on verification failure.The SHA-512 hex digest freshly computed from the stored
hashPayload. Compare with hash to manually audit the match. Empty string on decryption error.Example
Error cases
| Status | Description |
|---|---|
400 | The approval exists but does not have a valid digital certificate (missing signatureHash, encryptedHash, or hashPayload). |
401 | Missing or invalid authentication session. |
403 | Caller lacks maintenance:read. |
404 | No approval found with the given ID. |