The Users API gives administrators full control over platform accounts — listing all users, creating new ones, updating roles and creator store details, and permanently deleting accounts. All endpoints exceptDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/PloutusLab/krafta-web/llms.txt
Use this file to discover all available pages before exploring further.
PUT (which also accepts CREADOR callers updating their own store profile) are restricted to the ADMIN role.
GET /api/users ADMIN
Returns all registered users ordered bycreatedAt descending. Each user entry includes their linked CreatorStore if they hold the CREADOR role.
Response
Always
true on success.Array of all registered user objects.
passwordHash is never included in this response.POST /api/users ADMIN
Create a new user account from the admin dashboard. The password is hashed server-side before being stored. The email is normalized to lowercase and trimmed before uniqueness is checked.Request body
Email address for the new account. Must be unique across all users. Stored in lowercase.
Plain-text password. Hashed server-side using
hashPassword before storage. Never logged or returned.Initial role for the account. Accepted values:
CLIENTE, CREADOR, TALLER, ADMIN.Response
Error responses
| Status | Condition |
|---|---|
400 | email, password, or role missing. |
400 | Email is already registered. |
401 / 403 | Caller does not hold the ADMIN role. |
500 | Unexpected server error. |
PUT /api/users
Update a user’s role, email, password, or creator store settings. Admins may update any user.CREADOR users may update only their own record — they cannot change their own role, email, or password via this endpoint; only storeInfo is permitted for self-updates.
Request body
UUID of the user to update.
New email address. Normalized to lowercase. Admins only.
New role assignment. Accepted values:
CLIENTE, CREADOR, TALLER, ADMIN. Admins only.New plain-text password. Hashed before storage. Admins only.
Creator store configuration. Only applied when
role is "CREADOR". If the user does not yet have a Creator or CreatorStore record, both are created automatically.Response
Error responses
| Status | Condition |
|---|---|
400 | id missing. |
401 / 403 | Caller lacks the required role, or a CREADOR is attempting to modify fields they do not own. |
500 | Unexpected server error. |
DELETE /api/users?id= ADMIN
Permanently delete a user account. This is a hard delete — the record is removed from the database along with all dependent data subject toonDelete: Cascade rules. If the user has orders or other non-cascading relations the database operation may fail; in that case the deletion falls back to the local file store only.
Query parameters
UUID of the user to delete.
Response
Error responses
| Status | Condition |
|---|---|
400 | id query parameter missing. |
401 / 403 | Caller does not hold the ADMIN role. |
500 | Unexpected server error. |
User model reference
The following fields are available on theUser Prisma model. Fields marked Admin-visible are returned by GET /api/users; passwordHash is never exposed through the API.
| Field | Type | Description |
|---|---|---|
id | String (UUID) | Primary key. Auto-generated on creation. |
email | String | Unique email address. Used for login and communications. |
role | Role | Platform role. Determines access across all API endpoints. |
createdAt | DateTime | Timestamp when the account was first created. |
updatedAt | DateTime | Timestamp of the most recent change to the record. |
creatorProfile | Creator? | Linked Creator record present when role is CREADOR. Includes an approved boolean and a nested store (CreatorStore). |
workshopUser | WorkshopUser? | Links a TALLER-role user to their assigned Workshop. |
Role values
| Value | Description |
|---|---|
CLIENTE | Standard customer. Can place orders and submit payment receipts. |
CREADOR | Creator partner. Can upload designs and manage a public storefront. Requires Creator.approved = true before the store goes live. |
TALLER | Workshop operator. Linked to a Workshop via WorkshopUser. Receives production assignments. |
ADMIN | Platform administrator. Unrestricted access to all API endpoints. |
Role changes take effect on the user’s next login session — the JWT issued at their previous login still carries the old role claim until it expires (24 hours). To change a user’s role immediately, update it via
PUT /api/users with the role field and ask the user to log out and back in.