Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Jcofles/Proyecto-web/llms.txt

Use this file to discover all available pages before exploring further.

The admin user-management endpoints let administrators suspend and reinstate user accounts without deleting them. Blocking a user immediately invalidates all of their active Sanctum tokens, preventing further API access. Unblocking resets the user’s status to inactivo so they can log in again. Both endpoints are protected by auth:sanctum middleware and should be further restricted to admin-role users in production.
These endpoints require a valid Bearer token from an authenticated admin account. Calling them with a regular user token will return 401 Unauthorized. Ensure your production middleware enforces admin-role authorization in addition to Sanctum authentication.

Block a user

Sets the target user’s status_id to the bloqueado status and deletes all of their active Sanctum tokens, immediately ending every session. 
POST /api/admin/users/{userId}/block
userId
integer
required
The numeric ID of the user to block. Sourced from the users table. Returns 404 if the user is not found.
curl -s -X POST https://your-api.example.com/api/admin/users/42/block \
  -H "Authorization: Bearer {admin_token}"
Example response — 200 OK 
{
  "message": "Usuario bloqueado exitosamente",
  "user": {
    "id": 42,
    "name": "María Pérez",
    "email": "maria.perez@universidad.edu.co",
    "status": "bloqueado"
  }
}

What happens when a user is blocked

  • status_id is updated to the ID of the bloqueado record in user_status.
  • All Sanctum personal access tokens owned by the user are deleted from personal_access_tokens.
  • The user’s next login attempt will be rejected (login logic checks status_id).
  • No data is deleted — the account is fully recoverable by calling the unblock endpoint.

Unblock a user

Resets the target user’s status_id to inactivo, which permits them to log in again. 
POST /api/admin/users/{userId}/unblock
userId
integer
required
The numeric ID of the user to unblock. Returns 404 if the user is not found.
curl -s -X POST https://your-api.example.com/api/admin/users/42/unblock \
  -H "Authorization: Bearer {admin_token}"
Example response — 200 OK 
{
  "message": "Usuario desbloqueado exitosamente",
  "user": {
    "id": 42,
    "name": "María Pérez",
    "email": "maria.perez@universidad.edu.co",
    "status": "inactivo"
  }
}
Unblocking sets the status to inactivo, not activo. The user must complete the normal login flow (including any 2FA steps) to obtain a new token and become fully active.

Response fields

message
string
Human-readable confirmation of the action performed.
user.id
integer
The user’s primary key.
user.name
string
The user’s display name.
user.email
string
The user’s email address.
user.status
string
The user’s resolved status name after the operation. "bloqueado" after blocking; "inactivo" after unblocking.

User status reference

StatusDescription
activoAccount in good standing. Can access all authenticated endpoints.
inactivoAccount exists but the user is not currently logged in (default after unblock).
bloqueadoAccount suspended. All tokens revoked; login is denied.

Error responses

401 Unauthorized — missing or invalid Bearer token 
{
  "message": "Unauthenticated."
}
404 Not FounduserId does not match any user 
{
  "message": "No query results for model [App\\Models\\User] 42."
}

Build docs developers (and LLMs) love

Get started for freeTalk to us