Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/JaiderT/CoffeePrice/llms.txt

Use this file to discover all available pages before exploring further.

Create a new CoffePrice account by submitting a name, email address, password, and role. The account is created in a pendiente (pending) state and a 6-digit verification code is immediately sent to the provided email address. The user must verify their email before they can log in (or, for comprador accounts, before completing their business profile).

Endpoint

POST /api/auth/register
Rate limit: 100 requests per 15 minutes per IP (registerLimiter).

Request Body

nombre
string
required
The user’s first name. Whitespace is trimmed automatically.
apellido
string
required
The user’s last name. Whitespace is trimmed automatically.
email
string
required
A valid, unique email address. The value is normalized to lowercase before being stored. Returns 400 if the address is already registered and verified.
password
string
required
Account password. Must be at least 10 characters and contain at least one uppercase letter, one lowercase letter, and one digit. See the Password Requirements note below.
celular
string
The user’s phone number (optional).
rol
string
required
The account role. Must be one of:
  • productor — coffee producer account.
  • comprador — buyer/business account (requires additional profile step after verification).

Success Response — 201 Created

{
  "message": "Codigo de verificacion enviado al correo."
}
The user record is created with estado: "pendiente". No JWT cookie is issued at this stage — authentication happens after the email is verified via POST /api/auth/verify-email.
If a registration attempt is made with an email that already has a pending (unverified) account, CoffePrice will resend a fresh verification code to that address and return 200 OK instead of 201. This prevents duplicate accounts while still helping users who never verified.

Email Verification Flow

After a successful registration, users must verify their email before they can access the platform.

Submit the verification code

email
string
required
The email address used during registration.
code
string
required
The 6-digit verification code sent to the user’s inbox. Valid for 10 minutes.
POST /api/auth/verify-email

{
  "email": "maria@example.com",
  "code": "482910"
}
Rate limit: 6 requests per 15 minutes per IP (verifyLimiter). On success the server returns 200 OK, sets the auth_token cookie, and returns the user session object. For comprador accounts the response includes "pendiente": true, indicating the business profile still needs to be completed.

Re-send the verification code

If the code expires or is lost, request a new one: 
POST /api/auth/resend-verification

{
  "email": "maria@example.com"
}
Rate limit: 4 requests per 15 minutes per IP (resendVerificationLimiter). A new code cannot be sent if the existing code still has more than 9 minutes of validity remaining — the server returns 429 in that case.

Error Responses

StatusCondition
400Missing required fields, invalid email format, password fails validation, or email is already registered and verified (El correo ya esta registrado).
429Rate limit exceeded.
500Unexpected server error.

Examples

Register a new productor account

curl -X POST https://your-backend.up.railway.app/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "nombre": "Maria",
    "apellido": "Lopez",
    "email": "maria@example.com",
    "password": "SecurePass1",
    "celular": "3001234567",
    "rol": "productor"
  }'

{
  "message": "Codigo de verificacion enviado al correo."
}

Verify the email address

curl -X POST https://your-backend.up.railway.app/api/auth/verify-email \
  -H "Content-Type: application/json" \
  -d '{
    "email": "maria@example.com",
    "code": "482910"
  }'

{
  "message": "Correo verificado exitosamente",
  "pendiente": false,
  "user": {
    "id": "664f1a2b3c4d5e6f7a8b9c0d",
    "nombre": "Maria",
    "apellido": "Lopez",
    "email": "maria@example.com",
    "rol": "productor",
    "celular": "3001234567",
    "estado": "activo"
  },
  "role": "productor",
  "name": "Maria",
  "apellido": "Lopez",
  "id": "664f1a2b3c4d5e6f7a8b9c0d",
  "celular": "3001234567",
  "email": "maria@example.com"
}

Password Requirements

Passwords must satisfy all of the following rules:
  • Minimum 10 characters in length.
  • At least one uppercase letter (A–Z).
  • At least one lowercase letter (a–z).
  • At least one digit (0–9).
Example of a valid password: CoffeeBean2024Passwords are hashed with bcrypt (salt rounds: 10) before storage. Plain-text passwords are never persisted.

Build docs developers (and LLMs) love

Get started for freeTalk to us