Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Nieto2020/portalhub/llms.txt

Use this file to discover all available pages before exploring further.

The Messages API powers all in-platform communication between users. Every message is stored in the mensajes table and is scoped by role-based access rules: a Cliente can only message their currently assigned Asesor; an Asesor can message the admin, other asesores, and only their actively assigned clients; an Admin can communicate with anyone. All endpoints require an active session cookie. Responses follow the envelope format { status, message, data }.
Role IDs used throughout this API: Admin = 1, Asesor = 2, Cliente = 3.

GET /backend/modules/mensajes/listar.php

Returns the full inbox for the authenticated user — every message where the session user is either sender (id_remitente) or recipient (id_destinatario), ordered newest first. Required role: Any authenticated user Query parameters: None
id_mensaje
integer
Unique message identifier.
id_remitente
integer
User ID of the sender.
id_destinatario
integer
User ID of the recipient.
tipo
string
Message type. One of Chat interno or Ticket.
contenido_texto
string
Full text body of the message.
ruta_archivo_adjunto
string | null
Server path to the attached file, if any.
fecha_envio
timestamp
UTC timestamp of when the message was sent.
otro_usuario_correo
string
Email of the other party in the message thread. When the session user is the sender this is the recipient’s email; when they are the recipient it is the sender’s email.
curl -s \
  --cookie "PHPSESSID=<your_session_id>" \
  "https://your-domain.com/backend/modules/mensajes/listar.php"
Response 200
{
  "status": 200,
  "message": "Mensajes obtenidos correctamente",
  "data": [
    {
      "id_mensaje": 42,
      "id_remitente": 7,
      "id_destinatario": 3,
      "tipo": "Chat interno",
      "contenido_texto": "Hola, ¿cuándo revisamos la declaración?",
      "ruta_archivo_adjunto": null,
      "fecha_envio": "2024-08-15 14:23:00",
      "otro_usuario_correo": "cliente@example.com"
    }
  ]
}
Error responses
CodeMessage
401No autenticado
500Error en el servidor

GET /backend/modules/mensajes/conversacion.php

Returns the full chronological thread between the session user and one other user, ordered oldest message first. Role-based access rules are enforced: a Cliente may only open a thread with their assigned Asesor; an Asesor may only open a thread with an assigned client (or admin/other asesores). Required role: Any authenticated user Query parameters
id_usuario
integer
required
The ID of the other participant in the conversation.
id_mensaje
integer
Unique message identifier.
id_remitente
integer
User ID of the sender.
id_destinatario
integer
User ID of the recipient.
tipo
string
Message type: Chat interno or Ticket.
contenido_texto
string
Full text body of the message.
ruta_archivo_adjunto
string | null
Server path to the attached file, if any.
fecha_envio
timestamp
UTC timestamp the message was sent.
curl -s \
  --cookie "PHPSESSID=<your_session_id>" \
  "https://your-domain.com/backend/modules/mensajes/conversacion.php?id_usuario=5"
Response 200
{
  "status": 200,
  "message": "Conversación obtenida",
  "data": [
    {
      "id_mensaje": 10,
      "id_remitente": 5,
      "id_destinatario": 3,
      "tipo": "Chat interno",
      "contenido_texto": "Buenos días, adjunto los estados de cuenta.",
      "ruta_archivo_adjunto": null,
      "fecha_envio": "2024-08-14 09:00:00"
    }
  ]
}
Error responses
CodeMessage
400ID del otro usuario no válido
400No se puede abrir conversación consigo mismo
403No tienes permiso para ver la conversación con este cliente
403Solo puedes conversar con tu asesor asignado
403No tienes un asesor asignado activo
404Usuario no encontrado
500Error en el servidor

POST /backend/modules/mensajes/enviar.php

Sends a message from the authenticated user to one recipient. The server validates that the sender has the role-based permission to message the destination user before inserting the row. Required role: Any authenticated user
id_destinatario
integer
required
User ID of the intended recipient. The server validates that this user exists and that the sender is permitted to message them.
contenido_texto
string
required
Non-empty text body of the message.
tipo
string
Message category. Allowed values: Chat interno (default) or Ticket.
ruta_archivo_adjunto
string
Optional server path to an uploaded attachment. Defaults to null.
id_mensaje
integer
Auto-incremented ID of the newly created message row.
curl -s -X POST \
  --cookie "PHPSESSID=<your_session_id>" \
  -H "Content-Type: application/json" \
  -d '{
    "id_destinatario": 5,
    "contenido_texto": "Por favor revisa el archivo adjunto.",
    "tipo": "Chat interno"
  }' \
  "https://your-domain.com/backend/modules/mensajes/enviar.php"
Response 201
{
  "status": 201,
  "message": "Mensaje enviado exitosamente",
  "data": {
    "id_mensaje": 88
  }
}
Error responses
CodeMessage
400Faltan campos requeridos
400Tipo de mensaje no válido
400El mensaje no puede estar vacío
403No tienes permiso para enviar mensajes a este cliente (no está asignado a ti)
403Solo puedes enviar mensajes a tu asesor asignado
403No tienes un asesor asignado activo
404Destinatario no encontrado
405Método no permitido
500Error en el servidor

POST /backend/modules/mensajes/enviar_masivo.php

Broadcasts a message to multiple users in a single atomic transaction. Only Admin users may call this endpoint. Optionally scope recipients by role; if no roles array is supplied the message is sent to every user in the platform (roles 1, 2, and 3), excluding the sender. The server composes the stored contenido_texto as "📢 " + titulo + "\n\n" + contenido (an emoji prefix, the subject, two newlines, then the body). Required role: Admin (id_rol = 1)
titulo
string
required
Subject line of the broadcast message. Cannot be empty.
contenido
string
required
Body text of the broadcast message. Cannot be empty.
roles
integer[]
Array of role IDs to target. Valid values: 1 (Admin), 2 (Asesor), 3 (Cliente). Defaults to [1, 2, 3] when omitted or empty.
message
string
Human-readable confirmation including the count of recipients, e.g. "Mensaje enviado a 34 usuarios".
This endpoint uses a database transaction. If any individual insert fails, all inserts are rolled back and 500 is returned.
curl -s -X POST \
  --cookie "PHPSESSID=<admin_session_id>" \
  -H "Content-Type: application/json" \
  -d '{
    "titulo": "Mantenimiento programado",
    "contenido": "El portal estará en mantenimiento el sábado de 00:00 a 06:00."
  }' \
  "https://your-domain.com/backend/modules/mensajes/enviar_masivo.php"
Response 200
{
  "status": 200,
  "message": "Mensaje enviado a 34 usuarios",
  "data": null
}
Error responses
CodeMessage
400Asunto y contenido son requeridos
403Acceso denegado
405Método no permitido
500Error (with rollback)

POST /backend/modules/mensajes/marcar_leido.php

Marks all unread messages sent from a specific user to the session user as read (leida = 1). Typically called client-side when the user opens a conversation thread. Required role: Any authenticated user
id_otro_usuario
integer
required
The ID of the sender whose messages should be marked as read. Only messages where id_destinatario equals the session user and id_remitente equals this value are updated.
afectados
integer
Number of message rows that were updated from unread to read.
curl -s -X POST \
  --cookie "PHPSESSID=<your_session_id>" \
  -H "Content-Type: application/json" \
  -d '{ "id_otro_usuario": 5 }' \
  "https://your-domain.com/backend/modules/mensajes/marcar_leido.php"
Response 200
{
  "status": 200,
  "message": "Mensajes marcados como leídos",
  "data": {
    "afectados": 3
  }
}
Error responses
CodeMessage
400ID de usuario inválido
405Método no permitido
500Error

GET /backend/modules/mensajes/no_leidos.php

Returns the total count of unread messages for the session user — useful for populating notification badges in the UI. Required role: Any authenticated user Query parameters: None
no_leidos
integer
Total number of unread messages where id_destinatario is the session user and leida = 0.
curl -s \
  --cookie "PHPSESSID=<your_session_id>" \
  "https://your-domain.com/backend/modules/mensajes/no_leidos.php"
Response 200
{
  "status": 200,
  "message": "OK",
  "data": {
    "no_leidos": 5
  }
}
Error responses
CodeMessage
401No autenticado
500Error

GET /backend/modules/mensajes/contactos.php

Returns the list of users the session user is permitted to message, according to role-based rules. Results include the user’s ID, email, client number, and role name. Required role: Any authenticated user Query parameters: None
id_usuario
integer
User ID of the contactable user.
correo
string
Email address of the contact.
numero_cliente
string | null
Client number assigned at registration, if applicable.
nombre_rol
string
Human-readable role name from cat_roles (e.g. Admin, Asesor, Cliente).
curl -s \
  --cookie "PHPSESSID=<your_session_id>" \
  "https://your-domain.com/backend/modules/mensajes/contactos.php"
Response 200
{
  "status": 200,
  "message": "Contactos obtenidos",
  "data": [
    {
      "id_usuario": 5,
      "correo": "asesor@example.com",
      "numero_cliente": null,
      "nombre_rol": "Asesor"
    },
    {
      "id_usuario": 9,
      "correo": "cliente1@example.com",
      "numero_cliente": "CLI-0042",
      "nombre_rol": "Cliente"
    }
  ]
}
Error responses
CodeMessage
403Rol no reconocido
405Método no permitido
500Error en el servidor

Build docs developers (and LLMs) love