Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/JorLOrT/rappi2/llms.txt

Use this file to discover all available pages before exploring further.

Every HTTP request processed by the API is recorded in the auditoria MongoDB collection by a middleware layer before the response is returned. Each document captures the request method, route, caller identity, response status code, client IP, and a SHA hash of the request payload. Records are automatically purged after 90 days via a MongoDB TTL index.
All endpoints require Authorization: Bearer <token> and the auditoria:read permission.

Audit log document fields

Each audit document stored in MongoDB contains the following fields:
FieldTypeDescription
_idObjectIdMongoDB document ID (returned as string id).
usuario_idintegerAuthenticated user ID, or null for unauthenticated requests.
rutastringRequest path (e.g. /rutas/7).
metodostringHTTP method: GET, POST, PATCH, DELETE, etc.
ipstringClient IP address, or null if not resolvable.
status_codeintegerHTTP response status code.
payload_hashstringSHA hash of the request body, or null for requests without a body.
timestampdatetimeUTC time the request was processed. Auto-expires after 90 days.

List audit entries

GET /auditoria Returns audit log entries in descending timestamp order with optional filters. Permission: auditoria:read
usuario_id
integer
Filter to entries generated by a specific user.
metodo
string
Filter by HTTP method (e.g. "POST", "DELETE").
skip
integer
default:"0"
Pagination offset.
limit
integer
default:"100"
Maximum entries to return (max 500).
curl -X GET "https://api.rappi2.com/auditoria?metodo=DELETE&limit=20" \
  -H "Authorization: Bearer <token>"

[
  {
    "id": "664f4d5e6f7a8b9c0d1e2f30",
    "usuario_id": 3,
    "ruta": "/rutas/7",
    "metodo": "DELETE",
    "ip": "190.41.55.12",
    "status_code": 204,
    "payload_hash": null,
    "timestamp": "2026-05-22T14:20:00Z"
  },
  {
    "id": "664f4d5e6f7a8b9c0d1e2f31",
    "usuario_id": 3,
    "ruta": "/incidencias",
    "metodo": "POST",
    "ip": "190.41.55.12",
    "status_code": 201,
    "payload_hash": "a3f2c1d4e5b6a7c8d9e0f1a2b3c4d5e6",
    "timestamp": "2026-05-22T13:45:10Z"
  }
]

Audit summary

GET /auditoria/resumen Aggregated statistics over a time window: request count by status code, by method, top 10 most-requested routes, top 10 most-active users, and error breakdown (4xx/5xx). Permission: auditoria:read
horas
integer
default:"24"
Analysis window in hours (1720, i.e. up to 30 days).
curl -X GET "https://api.rappi2.com/auditoria/resumen?horas=48" \
  -H "Authorization: Bearer <token>"

{
  "ventana_horas": 48,
  "desde": "2026-05-20T14:00:00Z",
  "total_requests": 8420,
  "by_status": {
    "200": 6200,
    "201": 810,
    "204": 390,
    "400": 55,
    "401": 30,
    "404": 80,
    "422": 40,
    "500": 15
  },
  "by_metodo": {
    "GET": 5900,
    "POST": 1100,
    "PATCH": 760,
    "DELETE": 660
  },
  "top_rutas": [
    {"ruta": "/tracking/ping", "requests": 2800},
    {"ruta": "/rutas", "requests": 840},
    {"ruta": "/incidencias", "requests": 620}
  ],
  "top_usuarios": [
    {"usuario_id": 5, "requests": 1240},
    {"usuario_id": 3, "requests": 980}
  ],
  "errores_4xx_5xx": {
    "400": 55,
    "401": 30,
    "404": 80,
    "422": 40,
    "500": 15
  }
}
ventana_horas
integer
required
The analysis window that was applied.
desde
string
required
ISO 8601 start of the window.
total_requests
integer
required
Total number of requests in the window.
by_status
object
required
Request count keyed by HTTP status code (as strings).
by_metodo
object
required
Request count keyed by HTTP method.
top_rutas
object[]
required
Top 10 most-requested routes.
top_usuarios
object[]
required
Top 10 most-active authenticated users.
errores_4xx_5xx
object
required
Error request count keyed by status code (only codes >= 400).

Audit entry response schema

id
string
required
MongoDB ObjectId as a hex string.
usuario_id
integer
Authenticated user ID. null for unauthenticated requests.
ruta
string
required
Request path.
metodo
string
required
HTTP method.
ip
string
Client IP address.
status_code
integer
required
HTTP response status code.
payload_hash
string
SHA hash of the request body. null for GET/DELETE requests or empty bodies.
timestamp
string
required
ISO 8601 UTC timestamp of the request. Documents are automatically removed after 90 days.

Build docs developers (and LLMs) love

Get started for freeTalk to us