Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Nyverie/reservafacil/llms.txt

Use this file to discover all available pages before exploring further.

The /api/usuarios/[id] endpoints allow superadmins to modify or permanently remove user accounts. Both operations require SUPERADMIN role and include a self-protection guard: a superadmin cannot modify or delete their own account, preventing accidental privilege revocation or account loss.

PATCH /api/usuarios/[id]

Partially updates a user record. Accepts any subset of the mutable Usuario fields and merges them into the existing record. The most common use cases are promoting or demoting a user’s rol and toggling their activo status. Requires SUPERADMIN role.
A superadmin cannot modify their own account. If the id path parameter matches the caller’s session ID, the request is rejected with 400 — regardless of the fields being changed. This is a hard server-side constraint and cannot be bypassed. To change your own role or status, have another superadmin perform the update.

Path parameter

id
string
required
The CUID of the user to update (e.g. clx9usr1abc2def). Must not equal the caller’s own ID.

Request body

rol
enum
New role to assign to the user. One of: USUARIO, ADMIN, SUPERADMIN. Changing a user to SUPERADMIN grants them full administrative access.
activo
boolean
Set to false to deactivate the account (preventing login), or true to reactivate it.
nombre
string
Updated display name for the user.
email
string
Updated email address. Must remain unique across all users.

Response 200

The response returns a trimmed user object containing only the identity and access fields — no reservation data or password.
{
  "ok": true,
  "usuario": {
    "id": "clx9usr1abc2def",
    "nombre": "Ana López",
    "email": "ana@example.com",
    "rol": "ADMIN",
    "activo": true
  }
}
ok
boolean
Always true on success.
usuario.id
string
CUID of the updated user.
usuario.nombre
string
Display name after the update.
usuario.email
string
Email address after the update.
usuario.rol
enum
Role after the update. One of: USUARIO, ADMIN, SUPERADMIN.
usuario.activo
boolean
Account active status after the update.

Error responses

StatusBodyDescription
400{ "error": "No puedes modificar tu propia cuenta" }The id in the path matches the caller’s own session ID.
403{ "error": "Sin permisos" }Caller is not authenticated or does not have SUPERADMIN role.

DELETE /api/usuarios/[id]

Permanently deletes a user account and all associated data. This action is irreversible — there is no soft-delete or recycle mechanism. Requires SUPERADMIN role.

Path parameter

id
string
required
The CUID of the user to delete. Must not equal the caller’s own ID.

Response 200

{ "ok": true }
ok
boolean
Always true on success.

Error responses

StatusBodyDescription
400{ "error": "No puedes eliminarte a ti mismo" }The id in the path matches the caller’s own session ID.
403{ "error": "Sin permisos" }Caller is not authenticated or does not have SUPERADMIN role.

Examples

curl -X PATCH https://your-domain.com/api/usuarios/clx9usr1abc2def \
  --cookie "token=<your_jwt_token>" \
  -H "Content-Type: application/json" \
  -d '{ "rol": "ADMIN" }'

Build docs developers (and LLMs) love