User management endpoints allow administrators to control who can access ContabilidadISV. All routes underDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Medinaallan/ContabilidadISV/llms.txt
Use this file to discover all available pages before exploring further.
/api/users require a valid JWT token. Most operations (list, create, update, delete) are restricted to users with role='admin'. Any authenticated user — regardless of role — may call GET /api/users/profile to read their own account data. ContabilidadISV recognises exactly two roles: admin and user.
GET /api/users/profile
Returns the currently authenticated user’s own profile. Available to any authenticated user. Request — no body or query parameters required; the identity is derived from the JWT. ResponseAlways
true on a successful response.The authenticated user’s profile object.
GET /api/users
Returns a list of every user account in the system. Admin only. ResponseAlways
true on a successful response.Array of user objects. Each entry contains the same fields as the profile
response:
id, username, email, role, created_at.POST /api/users
Creates a new user account. Admin only. Request bodyDisplay name for the new user. Must be at least 3 characters long and
unique across all accounts.
Valid email address. Must be unique across all accounts.
Plain-text password for the account. Must be at least 6 characters.
Stored as a bcrypt hash (10 salt rounds).
Role to assign. Accepted values:
"admin" or "user". Defaults to
"user" when omitted.201 Created
true on successful creation.Human-readable confirmation message.
The newly created user object (
id, username, email, role,
created_at). The password hash is never returned.| Status | Reason |
|---|---|
400 | Validation failure (short username/password, invalid email, duplicate email or username) |
403 | Caller does not have admin role |
PUT /api/users/:id
Updates an existing user account. Admin only. All fields are optional; only the fields provided are changed. If no fields differ from the current values, the request still succeeds and returns the unmodified user object. Path parameterNumeric ID of the user to update.
New username. Minimum 3 characters. Must not conflict with another account.
New email address. Must be a valid email and unique across all accounts.
New plain-text password. Minimum 6 characters. Will be re-hashed with bcrypt.
New role:
"admin" or "user".true on success."Usuario actualizado exitosamente" or "No se realizaron cambios".The updated (or unchanged) user object.
| Status | Reason |
|---|---|
400 | Validation failure or duplicate username/email |
403 | Caller does not have admin role |
404 | No user found with the given ID |
DELETE /api/users/:id
Permanently removes a user account. Admin only. An admin cannot delete their own account. Path parameterNumeric ID of the user to delete.
true on successful deletion."Usuario eliminado exitosamente".| Status | Reason |
|---|---|
400 | Attempting to delete the currently authenticated admin’s own account |
403 | Caller does not have admin role |
404 | No user found with the given ID |
Related pages
- Auth API — login, logout, and token validation
- Admin API — system-level security and database management
- System Logs API — audit trail for user management actions
- Configuration → Security — JWT secret and token lifetime settings