Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Medinaallan/ContabilidadISV/llms.txt

Use this file to discover all available pages before exploring further.

User management endpoints allow administrators to control who can access ContabilidadISV. All routes under /api/users require a valid JWT token. Most operations (list, create, update, delete) are restricted to users with role='admin'. Any authenticated user — regardless of role — may call GET /api/users/profile to read their own account data. ContabilidadISV recognises exactly two roles: admin and user.
Only admins can list, create, update, or delete users other than their own profile. Attempting any of those operations with a user role returns 403 Forbidden.

GET /api/users/profile

Returns the currently authenticated user’s own profile. Available to any authenticated user. Request — no body or query parameters required; the identity is derived from the JWT. Response
success
boolean
Always true on a successful response.
user
object
The authenticated user’s profile object.
curl -X GET https://your-host/api/users/profile \
  -H "Authorization: Bearer $TOKEN"
{
  "success": true,
  "user": {
    "id": 3,
    "username": "contadora",
    "email": "contadora@empresa.hn",
    "role": "user",
    "created_at": "2024-01-15T10:30:00.000Z",
    "updated_at": "2024-06-01T08:00:00.000Z"
  }
}

GET /api/users

Returns a list of every user account in the system. Admin only. Response
success
boolean
Always true on a successful response.
users
array
Array of user objects. Each entry contains the same fields as the profile response: id, username, email, role, created_at.
curl -X GET https://your-host/api/users \
  -H "Authorization: Bearer $TOKEN"
{
  "success": true,
  "users": [
    {
      "id": 1,
      "username": "admin",
      "email": "admin@empresa.hn",
      "role": "admin",
      "created_at": "2024-01-01T00:00:00.000Z"
    },
    {
      "id": 2,
      "username": "contadora",
      "email": "contadora@empresa.hn",
      "role": "user",
      "created_at": "2024-01-15T10:30:00.000Z"
    }
  ]
}

POST /api/users

Creates a new user account. Admin only. Request body
username
string
required
Display name for the new user. Must be at least 3 characters long and unique across all accounts.
email
string
required
Valid email address. Must be unique across all accounts.
password
string
required
Plain-text password for the account. Must be at least 6 characters. Stored as a bcrypt hash (10 salt rounds).
role
string
Role to assign. Accepted values: "admin" or "user". Defaults to "user" when omitted.
Response201 Created
success
boolean
true on successful creation.
message
string
Human-readable confirmation message.
user
object
The newly created user object (id, username, email, role, created_at). The password hash is never returned.
curl -X POST https://your-host/api/users \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "username": "nueva_contadora",
    "email": "nueva@empresa.hn",
    "password": "segura123",
    "role": "user"
  }'
{
  "success": true,
  "message": "Usuario creado exitosamente",
  "user": {
    "id": 5,
    "username": "nueva_contadora",
    "email": "nueva@empresa.hn",
    "role": "user",
    "created_at": "2024-07-10T14:22:00.000Z"
  }
}
Error codes
StatusReason
400Validation failure (short username/password, invalid email, duplicate email or username)
403Caller does not have admin role

PUT /api/users/:id

Updates an existing user account. Admin only. All fields are optional; only the fields provided are changed. If no fields differ from the current values, the request still succeeds and returns the unmodified user object. Path parameter
id
number
required
Numeric ID of the user to update.
Request body (all fields optional)
username
string
New username. Minimum 3 characters. Must not conflict with another account.
email
string
New email address. Must be a valid email and unique across all accounts.
password
string
New plain-text password. Minimum 6 characters. Will be re-hashed with bcrypt.
role
string
New role: "admin" or "user".
Response
success
boolean
true on success.
message
string
"Usuario actualizado exitosamente" or "No se realizaron cambios".
user
object
The updated (or unchanged) user object.
curl -X PUT https://your-host/api/users/5 \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "role": "admin" }'
Error codes
StatusReason
400Validation failure or duplicate username/email
403Caller does not have admin role
404No user found with the given ID

DELETE /api/users/:id

Permanently removes a user account. Admin only. An admin cannot delete their own account. Path parameter
id
number
required
Numeric ID of the user to delete.
Response
success
boolean
true on successful deletion.
message
string
"Usuario eliminado exitosamente".
curl -X DELETE https://your-host/api/users/5 \
  -H "Authorization: Bearer $TOKEN"
Error codes
StatusReason
400Attempting to delete the currently authenticated admin’s own account
403Caller does not have admin role
404No user found with the given ID

Build docs developers (and LLMs) love