Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/ItsJhonAlex/Ecommerce/llms.txt

Use this file to discover all available pages before exploring further.

The Avanzar In Time Shop backend is a Hono v4 REST API running on Bun. Every response body is JSON — successes and errors alike follow a consistent shape. All business endpoints live under the /api/v1 prefix so the version can evolve independently. An interactive Swagger UI is available at /api/v1/docs and the raw OpenAPI spec is served at /api/v1/openapi.json, making it easy to explore and test every route without leaving the browser.

Base URL

The development server listens on port 3000:
http://localhost:3000
All API endpoints are prefixed with /api/v1. For example, the products list is available at http://localhost:3000/api/v1/products.

Endpoint Groups

The API is split into two families: public routes that the storefront and authenticated customers can reach, and admin routes gated behind requireAdmin middleware.

Public: Products

Browse and search the active product catalog available to all storefront visitors.

Public: Categories

Retrieve the category tree used to organise and filter products.

Public: Checkout

Submit orders, select shipping rates, and initiate the payment flow.

Public: Orders

Let authenticated customers view and track their own order history.

Public: Addresses

Create, update, and manage saved delivery addresses for a customer account.

Public: Shipping Rates

Fetch available shipping options and their rates for a given destination.

Admin: Products

Create, update, archive, and manage product inventory — staff and admin only.

Admin: Orders

View all orders, advance order status, and confirm or reject payments.

Authentication

The API uses session cookies issued by Better Auth — there are no API keys or Bearer tokens. Auth endpoints live at /api/auth/* and are handled separately from the versioned API. Two middleware guards protect business routes:
  • requireSession — requires any valid session. Used on customer-facing routes such as order history and saved addresses.
  • requireAdmin — requires a session whose role is staff or admin. Used on every route under /api/v1/admin/.
See the Authentication guide for sign-up, sign-in, and cookie usage details.

Response Format

All responses use a consistent JSON envelope so client code can handle them uniformly. Success responses wrap the returned data in a named key that matches the resource:
{ "products": [ { "id": "...", "name": "..." } ] }
{ "order": { "id": "...", "status": "pending_payment" } }
Error responses always carry an "error" string. Some errors include additional fields to give the client machine-readable context:
{ "error": "El slug del producto ya está en uso", "code": "PRODUCT_SLUG_TAKEN" }
{ "error": "Stock insuficiente", "productId": "abc123", "available": 2 }

HTTP Status Codes

StatusMeaningWhen it is returned
200 OKSuccessSuccessful GET or PATCH
201 CreatedResource createdSuccessful POST that produces a new resource
204 No ContentDeletedSuccessful DELETE — no body
400 Bad RequestBad inputInvalid request body schema or query parameters
401 UnauthorizedNo sessionRequest reaches a protected route without a valid session cookie
403 ForbiddenInsufficient roleAuthenticated user lacks the staff or admin role
404 Not FoundMissing resourceThe requested product, order, address, etc. does not exist
409 ConflictDuplicateSlug already taken, duplicate price currency for a product, or double payment confirmation
422 Unprocessable EntityBusiness rule violationInvalid order status transition, insufficient stock at checkout
503 Service UnavailableTemporary failureOrder number collision after maximum retry attempts
500 Internal Server ErrorUnexpected errorAn unhandled exception was caught by the global error handler

Healthcheck

A lightweight healthcheck endpoint is available outside the versioned prefix and requires no authentication:
GET /health
Response:
{ "status": "ok" }
Example with curl:
curl http://localhost:3000/health

Build docs developers (and LLMs) love