The Messages API powers all in-platform communication between users. Every message is stored in theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Nieto2020/portalhub/llms.txt
Use this file to discover all available pages before exploring further.
mensajes table and is scoped by role-based access rules: a Cliente can only message their currently assigned Asesor; an Asesor can message the admin, other asesores, and only their actively assigned clients; an Admin can communicate with anyone.
All endpoints require an active session cookie. Responses follow the envelope format { status, message, data }.
Role IDs used throughout this API: Admin = 1, Asesor = 2, Cliente = 3.
GET /backend/modules/mensajes/listar.php
Returns the full inbox for the authenticated user — every message where the session user is either sender (id_remitente) or recipient (id_destinatario), ordered newest first.
Required role: Any authenticated user
Query parameters: None
Unique message identifier.
User ID of the sender.
User ID of the recipient.
Message type. One of
Chat interno or Ticket.Full text body of the message.
Server path to the attached file, if any.
UTC timestamp of when the message was sent.
Email of the other party in the message thread. When the session user is the sender this is the recipient’s email; when they are the recipient it is the sender’s email.
Response 200
| Code | Message |
|---|---|
401 | No autenticado |
500 | Error en el servidor |
GET /backend/modules/mensajes/conversacion.php
Returns the full chronological thread between the session user and one other user, ordered oldest message first. Role-based access rules are enforced: a Cliente may only open a thread with their assigned Asesor; an Asesor may only open a thread with an assigned client (or admin/other asesores). Required role: Any authenticated user Query parametersThe ID of the other participant in the conversation.
Unique message identifier.
User ID of the sender.
User ID of the recipient.
Message type:
Chat interno or Ticket.Full text body of the message.
Server path to the attached file, if any.
UTC timestamp the message was sent.
Response 200
| Code | Message |
|---|---|
400 | ID del otro usuario no válido |
400 | No se puede abrir conversación consigo mismo |
403 | No tienes permiso para ver la conversación con este cliente |
403 | Solo puedes conversar con tu asesor asignado |
403 | No tienes un asesor asignado activo |
404 | Usuario no encontrado |
500 | Error en el servidor |
POST /backend/modules/mensajes/enviar.php
Sends a message from the authenticated user to one recipient. The server validates that the sender has the role-based permission to message the destination user before inserting the row. Required role: Any authenticated user- Body Parameters
- Access Rules
User ID of the intended recipient. The server validates that this user exists and that the sender is permitted to message them.
Non-empty text body of the message.
Message category. Allowed values:
Chat interno (default) or Ticket.Optional server path to an uploaded attachment. Defaults to
null.Auto-incremented ID of the newly created message row.
Response 201
| Code | Message |
|---|---|
400 | Faltan campos requeridos |
400 | Tipo de mensaje no válido |
400 | El mensaje no puede estar vacío |
403 | No tienes permiso para enviar mensajes a este cliente (no está asignado a ti) |
403 | Solo puedes enviar mensajes a tu asesor asignado |
403 | No tienes un asesor asignado activo |
404 | Destinatario no encontrado |
405 | Método no permitido |
500 | Error en el servidor |
POST /backend/modules/mensajes/enviar_masivo.php
Broadcasts a message to multiple users in a single atomic transaction. Only Admin users may call this endpoint. Optionally scope recipients by role; if noroles array is supplied the message is sent to every user in the platform (roles 1, 2, and 3), excluding the sender.
The server composes the stored contenido_texto as "📢 " + titulo + "\n\n" + contenido (an emoji prefix, the subject, two newlines, then the body).
Required role: Admin (id_rol = 1)
Subject line of the broadcast message. Cannot be empty.
Body text of the broadcast message. Cannot be empty.
Array of role IDs to target. Valid values:
1 (Admin), 2 (Asesor), 3 (Cliente). Defaults to [1, 2, 3] when omitted or empty.Human-readable confirmation including the count of recipients, e.g.
"Mensaje enviado a 34 usuarios".Response 200
| Code | Message |
|---|---|
400 | Asunto y contenido son requeridos |
403 | Acceso denegado |
405 | Método no permitido |
500 | Error (with rollback) |
POST /backend/modules/mensajes/marcar_leido.php
Marks all unread messages sent from a specific user to the session user as read (leida = 1). Typically called client-side when the user opens a conversation thread.
Required role: Any authenticated user
The ID of the sender whose messages should be marked as read. Only messages where
id_destinatario equals the session user and id_remitente equals this value are updated.Number of message rows that were updated from unread to read.
Response 200
| Code | Message |
|---|---|
400 | ID de usuario inválido |
405 | Método no permitido |
500 | Error |
GET /backend/modules/mensajes/no_leidos.php
Returns the total count of unread messages for the session user — useful for populating notification badges in the UI. Required role: Any authenticated user Query parameters: NoneTotal number of unread messages where
id_destinatario is the session user and leida = 0.Response 200
| Code | Message |
|---|---|
401 | No autenticado |
500 | Error |
GET /backend/modules/mensajes/contactos.php
Returns the list of users the session user is permitted to message, according to role-based rules. Results include the user’s ID, email, client number, and role name. Required role: Any authenticated user Query parameters: None- Response Fields
- Visibility Rules
Response 200
| Code | Message |
|---|---|
403 | Rol no reconocido |
405 | Método no permitido |
500 | Error en el servidor |