Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/InnoDev69/StockManager/llms.txt

Use this file to discover all available pages before exploring further.

StockManager stores every user account in a single users table. Administrators and root users can list, create, update, and deactivate accounts through the REST API while vendors interact with the system using the credentials assigned to them. All write operations are recorded automatically in the audit log via the @audit_action decorator.

User Fields

Each user record exposes the following fields in API responses:
FieldTypeDescription
idintegerAuto-incremented primary key
usernamestringUnique display name (max 30 chars)
emailstringUnique email address (max 100 chars)
rolestringOne of root, admin, or vendedor
statusinteger1 = active, 0 = disabled
created_atstringISO 8601 creation timestamp

CRUD Operations

List Users

GET /api/users
Returns a paginated list of all users. Requires admin or root role. Query parameters:
ParameterTypeDefaultDescription
searchstring""Filters by username or email (partial match)
pageinteger1Page number
limitinteger10Results per page (max 100)
Response: 
{
  "data": [
    {
      "id": 3,
      "username": "jdoe",
      "email": "jdoe@example.com",
      "role": "vendedor",
      "status": 1,
      "created_at": "2024-11-01T10:22:00"
    }
  ],
  "total": 42,
  "page": 1,
  "pages": 5,
  "limit": 10
}

Get a Single User

GET /api/users/<id>
Returns one user record by ID. Requires admin or root role. Response: 200 OK with the user object, or 404 if not found.

Create a User

POST /api/users
Creates a new active account with status=1 and application="accepted". Requires admin or root role. Required body fields:
FieldConstraint
usernameUnique, max 30 chars
emailValid format, unique, max 100 chars
passwordMax 128 chars, stored as a Werkzeug hash
roleOne of root, admin, vendedor
curl -s -X POST http://localhost:5000/api/users \
  -H "Content-Type: application/json" \
  -d '{
    "username": "jane",
    "email": "jane@example.com",
    "password": "s3cur3pass",
    "role": "vendedor"
  }'
Response: 
{ "message": "Usuario creado exitosamente" }
Status codes: 201 on success, 400 for missing/invalid fields, 409 if the email or username already exists.

Update a User

PUT /api/users/<id>
Updates only the fields that are present in the request body and differ from the current value — no unnecessary writes occur. Requires admin or root role. Accepted fields: username, email, role, status, password. Response: 200 OK. The target user receives an in-app notification when their account is updated. Returns 200 with "No hay cambios que aplicar" if all submitted values match the current record.

Disable a User

DELETE /api/users/<id>
This is a soft delete. The user record is never removed from the database — status is set to 0 (disabled). Disabled users cannot log in, but all their associated sales and audit records remain intact.
Requires admin or root role. You cannot disable your own account; doing so returns 400. Response: 
{ "message": "Usuario dado de baja" }

Password Reset Flow

The reset flow is a three-step process that does not require the user to be authenticated. A 6-digit numeric code is generated, stored temporarily, and delivered by email. The code expires after 15 minutes.
1

Request a Reset Code

Send the user’s email address to receive a 6-digit code.
curl -s -X POST http://localhost:5000/api/users/reset-password \
  -H "Content-Type: application/json" \
  -d '{ "email": "jane@example.com" }'
Response:
{ "message": "Codigo enviado al correo" }
Status codes: 200 on success, 400 for missing/invalid email, 404 if no account exists.
2

Validate the Code

Submit the email and the 6-digit code that was delivered to the inbox.
curl -s -X POST http://localhost:5000/api/users/validate-code \
  -H "Content-Type: application/json" \
  -d '{ "email": "jane@example.com", "code": "482916" }'
Response:
{ "message": "Código verificado, puedes restablecer tu contraseña" }
Status codes: 200 on success, 401 if the code is invalid or expired.
3

Set the New Password

Submit the email, the verified code, and the desired new password. The code is deleted upon success.
curl -s -X POST http://localhost:5000/api/users/reset-password/change-password \
  -H "Content-Type: application/json" \
  -d '{
    "email": "jane@example.com",
    "code": "482916",
    "new_password": "newS3cur3pass"
  }'
Response:
{ "message": "Contraseña restablecida exitosamente" }
Status codes: 200 on success, 401 if the code was not verified or has expired, 404 if no account is found.

Vendor Autocomplete

GET /api/suggest/vendors?q=<query>
Returns up to 10 active users with the vendedor or admin role whose username or email contains the search string. Requires any authenticated session. Query parameters:
ParameterDescription
qPartial username or email to match
Response: 
{
  "data": [
    { "id": 5, "username": "jane", "email": "jane@example.com" }
  ]
}
Returns an empty data array when q is blank.

Validation Limits

FieldMax length
username30 characters
email100 characters
password128 characters
Passwords are never stored in plain text. The API hashes every password with Werkzeug’s generate_password_hash before writing to the database.

Build docs developers (and LLMs) love

Get started for freeTalk to us