Admin endpoints require a Firebase ID token belonging to a user whoseDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/ProcesosAgilesUMSS/sansistore/llms.txt
Use this file to discover all available pages before exploring further.
roles array in Firestore contains "admin". Pass the token in every request as Authorization: Bearer <ID_TOKEN>.
GET /api/admin/order_history
Returns the complete history, timeline, items, payment, and delivery for a single order. Supports lookup by fullorderId or by the short friendly ID (the part after _).
Query Parameters
The full order ID (e.g.
ord_abc123) or the short friendly suffix (e.g. abc123). Firestore is searched by exact match first; if not found, all orders are paginated server-side to match the suffix.Response Fields
Full order identifier.
Display name of the buyer, resolved from the
users collection.Display name of the seller, resolved from the
users collection. Returns "—" if no seller is set.Customer name as stored on the order document.
Customer phone number.
Delivery address.
Order total in bolivianos.
Current order status (e.g.
CREADO, CONFIRMADO, CANCELADO).Payment status string.
Delivery status string.
ISO 8601 timestamp of order creation.
ISO 8601 timestamp of seller confirmation.
ISO 8601 timestamp of cancellation, if applicable.
Cancellation or incident reason text.
Array of
orderItems sub-collection documents. Each item includes itemId, productId, productName, unitPrice, quantity, and subtotal.Payment record with
paymentId, orderId, amount, method, status, registeredBy, verifiedBy, registeredAt, and verifiedAt.Delivery record with
deliveryId, courierId, courierName, status, deliveryCode, attemptNumber, incidentReason, evidenceUrl, failureReason, amountCollected, customerConfirmed, and all relevant ISO timestamps.Chronologically sorted array of events. Each event has
label (string), detail (string, optional), timestamp (ISO 8601 string), and type ("info" | "success" | "warning" | "error").Example
GET /api/admin/orders_list
Returns a paginated list of all orders, optionally filtered by status.Query Parameters
Filter by order status. Omit to return orders of all statuses.
Number of orders per page. Defaults to
20, maximum 50.The
orderId of the last item from the previous page for cursor-based pagination.Response Fields
Array of order summary objects. Each object contains
orderId, customerName, total, status, paymentStatus, deliveryStatus, createdAt, cancelledAt, and incidentReason.true if there are additional pages beyond the current result.The
orderId to use as cursor in the next request. null when this is the last page.Example
GET /api/admin/courier_sessions
Lists courier shift closures from themessenger_shift_closures Firestore collection, paginated and filtered by closure status.
Query Parameters
Closure status to filter by. Defaults to
"closed". Other values: "validated", "rejected".Number of closures per page. Defaults to
20, maximum 50.Document ID of the last closure from the previous page.
Response Fields
Array of shift closure objects. Each closure includes:
id— Firestore document IDcourierId— UID of the couriercourierName— resolved display namedateKey— string date key (e.g."2024-11-01")status—"closed"|"validated"|"rejected"startedAt,closedAt,createdAt— ISO 8601 timestampssummary— object withcompletedCount,pendingCount,notDeliveredCount,cancelledCount,totalCollectedcompletedOrders,pendingOrders,incidentOrders— arrays of order snapshotsvalidatedBy,validatedByName,validatedAt— validation metadatarejectionReason— populated when status is"rejected"
Whether additional pages exist.
Document ID to use as
cursor in the next request.Example
PATCH /api/admin/courier_sessions
Approves or rejects a courier shift closure. Once a closure is"validated" or "rejected" it cannot be changed again.
Request Body
Firestore document ID of the closure to update.
Must be
"approve" or "reject".Required when
action is "reject". Describes why the closure was rejected.Response
Returns the updated closure object wrapped in{ message, closure }.
GET /api/admin/top_products
Returns the top-selling active products ordered bysoldCount descending.
Query Parameters
Maximum number of products to return. Defaults to
10, maximum 50.Filter results to a specific product category.
Response Fields
Array of top product objects, each containing:
productId— Firestore document IDname— product namecategoryId— category IDcategoryName— resolved category name (falls back to"Sin categoría")price— regular price in bolivianosofferPrice— discounted price (omitted if no offer)hasOffer— booleanimageUrl— product image URL (omitted if not set)soldCount— total units sold
Number of products returned.
Example
GET /api/users
Returns all platform users, optionally filtered by role or searched by name/email.Query Parameters
Filter to users who have this role in their
roles array. Valid values: admin, vendedor, mensajero, operador_inv, comprador.Case-insensitive substring match against
displayName and email.Response Fields
Array of user objects sorted alphabetically by
displayName. Each user contains:uid— Firebase Auth UIDemail— institutional UMSS email addressdisplayName— full namephoneNumber— 8-digit Bolivian mobile numberci— national identity numberinternalPhone— internal extension (empty string if not set)roles— array of role stringsisActive— booleancreatedBy— UID of the admin who created the accountcreatedAt— ISO 8601 timestamp
Example
POST /api/users
Creates a new UMSS platform user. Only@umss.edu domain emails are accepted.
Request Body
PATCH /api/users
Updates an existing user’s profile, roles, or active status.Request Body
uid are optional. Changing roles also updates Firebase Auth custom claims.