Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Jcofles/Proyecto-web/llms.txt

Use this file to discover all available pages before exploring further.

All endpoints on this page require an Authorization: Bearer {token} header. The token is obtained from a successful login via POST /api/auth/login or POST /api/auth/two-factor/verify. Requests made without a valid token receive a 401 Unauthenticated response.
Obtain a bearer token first via login before calling any endpoint on this page.

GET /api/auth/user

Returns the full profile of the currently authenticated user. Headers
HeaderValue
AuthorizationBearer {token}

Responses

user
object
The authenticated user’s profile data.
user.id
integer
Unique user identifier.
user.name
string
Full display name, computed from nombres and apellidos.
user.nombres
string
First name(s).
user.apellidos
string
Last name(s).
user.email
string
Primary email address.
user.secure_email
string
Backup email address used for secure key delivery.
user.secure_key_downloaded_at
string | null
ISO 8601 timestamp of the last time the .jw file was downloaded, or null if never downloaded.
user.secure_key_generated_at
string | null
ISO 8601 timestamp when the secure key was generated.
user.two_factor_enabled
boolean
Whether two-factor authentication is currently active.
curl -X GET https://your-api.up.railway.app/api/auth/user \
  -H "Authorization: Bearer 1|abc123..."
200 — Profile returned 
{
  "user": {
    "id": 42,
    "name": "María López",
    "nombres": "María",
    "apellidos": "López",
    "email": "maria@itfip.edu.co",
    "secure_email": "maria.backup@gmail.com",
    "secure_key_downloaded_at": "2026-04-10T14:23:00Z",
    "secure_key_generated_at": "2026-04-01T09:00:00Z",
    "two_factor_enabled": false
  }
}
401 — Unauthenticated 
{ "message": "Unauthenticated." }

PUT /api/auth/update-profile

Updates one or more profile fields for the authenticated user. All fields are optional — only the fields included in the request body are updated. Changing email initiates a verification flow: a 6-digit OTP is sent to the new address and the email is not updated until /api/auth/verify-email-change is called with the correct code. Headers
HeaderValue
AuthorizationBearer {token}
nombres
string
Updated first name(s). Letters and spaces only. Maximum 191 characters.
apellidos
string
Updated last name(s). Letters and spaces only. Maximum 191 characters.
name
string
Full name as a single string. The server splits it at the first space into nombres and apellidos.
email
string
New primary email address. Must be unique. Triggers OTP verification; does not update immediately.
Password changes are not supported via this endpoint. To reset your password, use the forgot-password flow.

Responses

message
string
Result description.
user
object
Updated user data (id, name, nombres, apellidos, email, status). Present when no email change was requested.
requires_verification
boolean
true when an email change was requested and an OTP has been sent to the new address.
new_email
string
The pending new email address awaiting OTP confirmation.
curl -X PUT https://your-api.up.railway.app/api/auth/update-profile \
  -H "Authorization: Bearer 1|abc123..." \
  -H "Content-Type: application/json" \
  -d '{"nombres": "Ana", "apellidos": "García"}'
200 — Profile updated 
{
  "message": "Perfil actualizado exitosamente",
  "user": {
    "id": 42,
    "name": "Ana García",
    "nombres": "Ana",
    "apellidos": "García",
    "email": "maria@itfip.edu.co",
    "status": "activo"
  }
}
200 — Email change initiated 
{
  "message": "Código de verificación enviado al nuevo email",
  "requires_verification": true,
  "new_email": "new.address@itfip.edu.co"
}
422 — Validation failed 
{
  "message": "Datos inválidos",
  "errors": { "email": ["El correo ya está registrado"] }
}
Sending email in the request body does not change the email immediately. The current email remains active until the OTP is verified via /api/auth/verify-email-change. The OTP expires after 15 minutes.

POST /api/auth/verify-email-change

Confirms an email address change initiated by PUT /api/auth/update-profile. Submit the 6-digit OTP that was sent to the new address. On success, the account’s primary email is updated. Headers
HeaderValue
AuthorizationBearer {token}
code
string
required
The 6-digit numeric OTP sent to the new email address. Exactly 6 characters. Expires after 15 minutes.

Responses

message
string
"Email actualizado exitosamente" on success.
user
object
Updated user data reflecting the new email address.
curl -X POST https://your-api.up.railway.app/api/auth/verify-email-change \
  -H "Authorization: Bearer 1|abc123..." \
  -H "Content-Type: application/json" \
  -d '{"code": "293847"}'
200 — Email updated 
{
  "message": "Email actualizado exitosamente",
  "user": {
    "id": 42,
    "name": "María López",
    "nombres": "María",
    "apellidos": "López",
    "email": "new.address@itfip.edu.co",
    "status": "activo"
  }
}
422 — Wrong or expired code 
{ "message": "Código incorrecto" }

{ "message": "Código expirado" }
422 — Validation error 
{
  "message": "Código inválido",
  "errors": { "code": ["The code must be 6 characters."] }
}

DELETE /api/auth/delete-account

Soft-deletes the authenticated user’s account. The account email is obfuscated to free the address for future registrations, the account status is set to eliminado, all active tokens are revoked, and a confirmation email is sent to the original address. Headers
HeaderValue
AuthorizationBearer {token}

Responses

message
string
"Cuenta eliminada exitosamente" on success.
curl -X DELETE https://your-api.up.railway.app/api/auth/delete-account \
  -H "Authorization: Bearer 1|abc123..."
200 — Account deleted 
{ "message": "Cuenta eliminada exitosamente" }
401 — Unauthenticated 
{ "message": "Unauthenticated." }
Account deletion is irreversible. The original email address is released and may be registered by another user afterward. All active sessions are terminated immediately. Any campus navigation data associated with the account is retained in the database under the soft-deleted record but is no longer accessible through the API.

Build docs developers (and LLMs) love

Get started for freeTalk to us