The Doctors API covers the full physician lifecycle in MELIKA: administrators register doctors and trigger invitation emails, doctors activate their accounts through a secure token flow, and once active, doctors can access their own profile and record appointment outcomes. All routes share theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Imjuanisss/proyecto-melika/llms.txt
Use this file to discover all available pages before exploring further.
/medicos prefix for admin operations and /medico for doctor self-service actions. The server runs on PORT (default 3000).
Account Activation Flow
Before a doctor can log in, an administrator must first create their profile viaPOST /medicos. MELIKA then generates a short-lived invitation token (72-hour expiry) and emails it to the doctor. The doctor visits the activation link and submits their token alongside a chosen password to POST /medicos/activar, which sets their password, marks the usuario as active and verified, and marks the invitation token as used.
The invitation token is stored in the
tokens_invitacion table and is single-use. Submitting an expired or already-used token returns an error.Doctor Activation
Activate Doctor Account
This is the only public endpoint in the Doctors API — no authentication token is required.
tokens_invitacion table, confirms it has not been used and has not expired, then updates the linked usuario record with a bcrypt-hashed password and sets activo = TRUE, verificado = TRUE. The token is marked as used immediately after a successful activation.
Request Body
The invitation token delivered to the doctor’s email address.
The password the doctor wants to set for their account. Must be at least 6 characters. Stored as a bcrypt hash.
Response
Confirmation message:
"Cuenta activada correctamente. Ya puedes iniciar sesión."Errors
| Status | Description |
|---|---|
400 | token or nueva_password missing, password shorter than 6 characters, token not found, already used, or expired. |
500 | Internal server error. |
Example
Admin — Doctor Management
All endpoints in this section require a valid Bearer token from an administrator account. Include the headerAuthorization: Bearer <token> on every request.
List All Doctors
usuario and especialidad rows. Useful for building directory listings or admin dashboards.
Auth: verifyToken + isAdmin
Response
An array of doctor objects.Errors
| Status | Description |
|---|---|
401 | Missing or invalid Bearer token. |
403 | Authenticated user is not an administrator. |
500 | Internal server error. |
Example
Create Doctor Profile
medico record and its linked usuario shell with a temporary random password, generates a 72-hour invitation token, and dispatches an activation email to the provided address. The doctor completes registration by calling POST /medicos/activar with the token they receive.
Auth: verifyToken + isAdmin
Request Body
Doctor’s first name.
Doctor’s first surname.
Email address where the activation invitation will be sent. Must be unique in
usuarios.Document type. Accepted values:
CC, CE, or PASAPORTE.Document number. Must be unique in
usuarios.Official medical license or registration number. Must be unique in
medicos.ID of the doctor’s medical specialty from the
especialidades table.City of practice.
Set to
true if the doctor offers remote/video consultations. Defaults to true.Set to
true if the doctor accepts in-person appointments. Defaults to true.Short professional biography displayed on the doctor’s public profile.
Number of years of professional experience. Defaults to
0.URL of the doctor’s profile photo.
Response 201
Confirmation that the profile was created and the invitation email was dispatched (e.g.
"Médico creado. Se envió un correo de activación a doctor@clinica.com.").The
201 response contains only the mensaje string. The newly created record is not returned in the body — query GET /medicos or GET /medico/perfil after activation to retrieve the full profile.Errors
| Status | Description |
|---|---|
400 | Missing required fields or tipo_documento value is invalid. |
401 | Missing or invalid Bearer token. |
403 | Authenticated user is not an administrator. |
409 | numero_registro, email, or numero_documento already exists. |
500 | Internal server error (email dispatch failures are logged but do not block the 201 response). |
Example
Update Doctor Profile
medico record and its linked usuario row. The doctor’s email and document details cannot be changed through this endpoint.
Auth: verifyToken + isAdmin
Path Parameters
The numeric ID of the
medico record to update.Request Body
Updated first name.
Updated first surname.
Updated city.
Updated specialty ID.
Updated consultation fee. Defaults to
0 if not provided.Updated teleconsultation preference.
Updated in-person preference.
Updated biography text.
Updated years of experience.
Updated profile photo URL.
Response
Confirmation:
"Médico actualizado correctamente."Errors
| Status | Description |
|---|---|
401 | Missing or invalid Bearer token. |
403 | Authenticated user is not an administrator. |
404 | No doctor found with the given ID. |
500 | Internal server error. |
Example
Toggle Doctor Active Status
activo boolean on both the medico and linked usuario records. Deactivating a doctor prevents them from logging in and excludes them from patient-facing search results. Re-activating reverses this.
Auth: verifyToken + isAdmin
Path Parameters
The numeric ID of the
medico record whose status should be toggled.Response
"Médico activado." if the account was just enabled, or "Médico desactivado." if it was just disabled.Errors
| Status | Description |
|---|---|
401 | Missing or invalid Bearer token. |
403 | Authenticated user is not an administrator. |
404 | No doctor found with the given ID. |
500 | Internal server error. |
Example
Doctor Self-Service
The following endpoints are available to authenticated doctors only. Use the Bearer token issued at login withrol='medico'.
Get Own Profile
medico, usuario, and especialidad rows. Doctors use this to display their own information within the platform dashboard.
Auth: verifyToken + isMedico
Response
A single flat profile object returned directly (not wrapped in a key).Unique identifier of the
medico record.Official medical registration number.
Consultation fee.
Average rating score.
Whether the doctor accepts video/remote consultations.
Whether the doctor accepts in-person consultations.
Short professional biography.
Years of professional experience.
Profile photo URL, if set.
Doctor’s first name (from
usuarios).Doctor’s first surname (from
usuarios).Email address (from
usuarios).Phone number (from
usuarios).City (from
usuarios).Specialty name (from
especialidades).Errors
| Status | Description |
|---|---|
401 | Missing or invalid Bearer token. |
403 | Authenticated user is not a doctor. |
404 | Doctor profile not found for the authenticated user. |
500 | Internal server error. |
Example
Manage Appointment Outcome
completada (the patient attended) and no_asistio (the patient did not show up). Cancelled appointments cannot be gestioned.
Auth: verifyToken + isMedico
Path Parameters
The numeric ID of the
cita (appointment) to update.Request Body
The outcome to record. Accepted values:
"completada" or "no_asistio". Any other value returns a 400 error.Optional brief clinical notes for the appointment. If omitted, any existing notes are preserved.
Response
Confirmation message:
"✅ Cita completada."whenestado = 'completada'"📋 Paciente ausente."whenestado = 'no_asistio'
Errors
| Status | Description |
|---|---|
400 | estado value is not completada or no_asistio. |
400 | Appointment is already cancelada. |
401 | Missing or invalid Bearer token. |
403 | Authenticated user has no doctor profile, or the appointment belongs to another doctor. |
404 | No appointment found with the given ID. |
500 | Internal server error. |