The Appointments API managesDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Nieto2020/portalhub/llms.txt
Use this file to discover all available pages before exploring further.
citas — scheduled consulting sessions between clients and advisors. All endpoints require an active session.
Appointment times are stored and expected as MySQL DATETIME strings (YYYY-MM-DD HH:MM:SS). The server enforces advisor availability at the exact fecha_hora value — two appointments for the same advisor at the same timestamp will be rejected with HTTP 409.
Appointment states
estado | Description |
|---|---|
Programada | Initial state; the appointment is confirmed and upcoming. Set automatically on creation. |
Reprogramada | The appointment’s fecha_hora has been changed via modificar.php. |
Cancelada | The appointment was cancelled via cancelar.php. Cancelled appointments cannot be modified or re-cancelled. |
The
estado column is an ENUM defined in the citas table. The only valid values are the three listed above. The modificar.php endpoint updates only the fecha_hora column — it never modifies estado. An appointment rescheduled via modificar.php retains its existing estado value (e.g., Programada).GET /backend/modules/citas/listar.php
Return appointments ordered byfecha_hora DESC.
Authentication: Any authenticated user (checkAuth)
| Caller role | Intended records | Actual runtime behaviour |
|---|---|---|
ROL_ADMIN (1) | All appointments | All appointments |
ROL_ASESOR (2) | Only where id_asesor = session user | All appointments |
ROL_CLIENTE (3) | Only where id_cliente = session user | All appointments |
Request
No request body or query parameters.Auto-incremented primary key for the appointment.
id_usuario of the client for this appointment.id_usuario of the assigned advisor.Scheduled date and time in
YYYY-MM-DD HH:MM:SS format.Current state:
Programada, Reprogramada, or Cancelada.Free-text cancellation reason. Only populated when
estado = Cancelada.Error responses
| HTTP | Message |
|---|---|
401 | No autorizado. Inicie sesión Primero. |
500 | Error en la consulta |
POST /backend/modules/citas/crear.php
Schedule a new appointment between a client and an advisor. Theestado is set to "Programada" automatically. The server validates that the advisor has no other active appointment at the requested fecha_hora before inserting. On success, a notification is sent to the advisor via NotificationService.
Authentication: Any authenticated user (checkAuth)
Request body
The
id_usuario of the client for this appointment.The
id_usuario of the advisor who will attend the appointment.Desired appointment time as a MySQL DATETIME string:
"YYYY-MM-DD HH:MM:SS". The advisor must have no other non-cancelled appointment at this exact timestamp.The auto-incremented ID of the newly created appointment.
Error responses
| HTTP | Message |
|---|---|
400 | Faltan campos requeridos |
401 | No autorizado. Inicie sesión Primero. |
405 | Método no permitido |
409 | El asesor ya tiene una cita en ese horario |
500 | Error al crear cita |
POST /backend/modules/citas/modificar.php
Reschedule an existing appointment by updating itsfecha_hora. Cancelled appointments cannot be rescheduled.
Authentication: Any authenticated user (checkAuth)
Request body
The ID of the appointment to reschedule.
The new appointment datetime as
"YYYY-MM-DD HH:MM:SS". The advisor’s schedule is checked for conflicts, excluding the appointment being modified.Ownership rules (design intent)
Due to the$_SESSION['rol'] bug described above, these checks do not fire at runtime. They represent the intended access control logic.
| Session role | Intended access |
|---|---|
ROL_ADMIN (1) | Any appointment |
ROL_ASESOR (2) | Only appointments where id_asesor matches the session user |
ROL_CLIENTE (3) | Only appointments where id_cliente matches the session user |
Error responses
| HTTP | Message |
|---|---|
400 | Faltan campos requeridos |
400 | No se puede modificar una cita cancelada |
401 | No autorizado. Inicie sesión Primero. |
403 | No tiene permisos para modificar esta cita |
404 | Cita no encontrada |
405 | Método no permitido |
409 | El asesor ya tiene una cita en ese horario |
500 | Error al modificar cita |
POST /backend/modules/citas/cancelar.php
Cancel an appointment by setting itsestado to "Cancelada" and recording a mandatory cancellation reason in motivo_cancelacion. A cancelled appointment cannot be cancelled again or rescheduled.
Authentication: Any authenticated user (checkAuth)
Both
id_cita and motivo_cancelacion are required. The cancellation reason is stored as free text in the citas table and is visible to all parties who can read the appointment.Request body
The ID of the appointment to cancel.
Free-text explanation for the cancellation. Stored verbatim in the
motivo_cancelacion column.Ownership rules (design intent)
Due to the$_SESSION['rol'] bug described above, these checks do not fire at runtime. They represent the intended access control logic.
| Session role | Intended access |
|---|---|
ROL_ADMIN (1) | Any appointment |
ROL_ASESOR (2) | Only appointments where id_asesor matches the session user |
ROL_CLIENTE (3) | Only appointments where id_cliente matches the session user |
Error responses
| HTTP | Message |
|---|---|
400 | Faltan campos requeridos |
400 | La cita ya se encuentra cancelada |
401 | No autorizado. Inicie sesión Primero. |
403 | No tiene permisos para cancelar esta cita |
404 | Cita no encontrada |
405 | Método no permitido |
500 | Error al cancelar cita |