User management in Gestor Financiero follows a strict two-role model:Documentation Index
Fetch the complete documentation index at: https://mintlify.com/JDzuu/AplicativoWEB_GestorFinanciero/llms.txt
Use this file to discover all available pages before exploring further.
admin and empleado. Administrators can create new accounts, edit existing ones, reset passwords, and delete users. Every authenticated user — regardless of role — can change their own password via POST /cambiar-password and save their UI theme preference via POST /preferencias/tema. One special user, the principal admin, is bootstrapped automatically on first run and carries protections that prevent it from being edited, demoted, or deleted by other admins.
GET /usuarios
Returns all user accounts registered in the system.Response
Returns an array of user objects.Unique user identifier.
Login username.
Display name.
Either
"admin" or "empleado".true for the bootstrapped principal administrator account. Only one user will ever have this flag set.POST /usuarios
Creates a new user account. The username must be unique across the system.Request Body
Login username. Maximum 50 characters. Must be unique — returns
400 if the username already exists.Full display name. Maximum 120 characters.
Initial password. Maximum 128 characters. Must be at least 8 characters long.
Role to assign. Must be
"admin" or "empleado". Defaults to "empleado" if omitted.Response
ID of the newly created user.
Stored username (whitespace-trimmed).
Stored display name (whitespace-trimmed).
Assigned role.
PUT /usuarios/{usuario_id}
Edits an existing user’s username, display name, role, and optionally their password in a single request.Request Body
New username. Maximum 50 characters. Must not conflict with another existing user.
New display name. Maximum 120 characters. Cannot be blank.
New role. Must be
"admin" or "empleado".If provided, replaces the user’s current password. Maximum 128 characters. Must be at least 8 characters long.
Business rules
- Returns
403ifusuario_idbelongs to the principal admin. - Returns
400if demoting the only remaining admin to"empleado"— at least one admin must always exist. - If
nueva_passwordis set and the target user is not the requesting admin, all active sessions for that user are closed immediately, forcing a re-login.
Response
Returns{ id, usuario, nombre, rol } for the updated account.
POST /usuarios/{usuario_id}/password
Resets another user’s password. The target user’s sessions are invalidated so they must log in again with the new credentials.Request Body
New password for the target user. Must be at least 8 characters long.
This endpoint cannot be used on the principal admin (
403). To change the principal admin’s own password, that user must use POST /cambiar-password.Response
DELETE /usuarios/{usuario_id}
Permanently deletes a user account.400 or 403 error:
| Condition | Status |
|---|---|
| Attempting to delete your own account | 400 |
| Target user is the principal admin | 403 |
| Target user is the last remaining admin | 400 |
Response
POST /cambiar-password
Allows any authenticated user (admin or empleado) to change their own password. The current password must be provided for verification. All other active sessions for the current user are closed after a successful change.Request Body
The user’s current password. Maximum 128 characters. Returns
400 if it does not match the stored credential.The desired new password. Maximum 128 characters. Must be at least 8 characters long.
This endpoint is available to all authenticated users. It does not require the admin role. The session that made the request remains active; only other concurrent sessions are terminated.
Response
POST /preferencias/tema
Saves the current user’s UI theme preference. The preference is stored per-user and returned on subsequentGET /yo and POST /login calls.
Request Body
Theme selection. Must be exactly one of:
Returns
| Value | Meaning |
|---|---|
claro | Light theme |
oscuro | Dark theme |
sistema | Follow the OS/browser preference |
400 for any other value.This endpoint is available to all authenticated users — no admin role required.