The NuestraVoz — Campus Virtual REST API is an Express.js service written in TypeScript, backed by Supabase for both authentication and data persistence. Every route lives under theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Renzo717/Aula-Virtual-Universidad-Radiolocucion/llms.txt
Use this file to discover all available pages before exploring further.
/api prefix and always responds with JSON. A successful response wraps its payload in a data key; any error is surfaced through an error key with an optional details field containing structured validation information.
Base URL
| Environment | Base URL |
|---|---|
| Development | http://localhost:3001 |
| Production | https://<your-domain> |
/api prefix.
Response Envelope
Every response from the API conforms to one of two shapes, defined by the sharedApiSuccess and ApiError TypeScript types:
Success
details field is optional and appears primarily on 400 Bad Request responses from Zod validation failures. It contains the flattened error tree produced by zod’s .flatten() method.
Health Check
A lightweight liveness endpoint is available without authentication. It is useful for load-balancer health probes and uptime monitors.Authentication
The API uses session cookies for authentication. After a successfulPOST /api/auth/login the server sets an httpOnly cookie named nv_session containing a Supabase JWT access token. This cookie must be present on every subsequent request to protected routes.
Because the cookie is
httpOnly it cannot be read by JavaScript running in the browser — it is sent automatically by the browser on every same-origin (or credentialed cross-origin) request.credentials: 'include' (Fetch API) or withCredentials: true (Axios) so that the browser includes the cookie. See the Authentication page for the full login flow, cookie properties, and middleware details.
Content Types
| Scenario | Content-Type |
|---|---|
| All standard requests | application/json |
| File uploads (resources, avatars) | multipart/form-data |
HTTP Status Codes
| Code | Meaning |
|---|---|
200 OK | Request succeeded |
201 Created | Resource was created |
400 Bad Request | Validation error — check details |
401 Unauthorized | Missing or expired session cookie |
403 Forbidden | Authenticated but insufficient permissions (role or inactive account) |
404 Not Found | Route or resource does not exist |
CORS
The API is configured withcors and only accepts requests from the origin defined by the CORS_ORIGIN environment variable (default: http://localhost:4321). The credentials: true CORS option is always enabled, which is required for cookie-based authentication to work across origins.
Route Groups
Authentication
Register, log in, log out, and inspect the current session. All other routes depend on a valid session established here.
Users
Full user CRUD. Restricted to administrators. Create, update, activate, deactivate, and delete platform users.
Carreras
Manage academic careers (
carreras) and their associated subjects (materias). Includes subject assignment to teachers and schedule management.Aula Virtual
Per-subject virtual classroom: announcements, activities, file submissions, quick-access links, and class resources.
Foro
Discussion forums scoped to each subject. Threads, nested replies, reactions, and moderation actions.
Finales
Final grade management per subject and academic year. Bulk upsert of grades, recovery exam scores, and free/regular attendance flags.
Cursos
Standalone course management independent of academic careers. Create, update, assign teachers, and manage enrollment in open-format courses.
Inscripciones
Enrollment management. Enroll students in careers or individual subjects, change enrollment status, and query enrolled students per subject.
Dashboard
Role-aware statistics. Returns different data shapes for administrators, teachers, and students.
Boletines
Grade bulletin PDF generation. Produces a per-student PDF report with all subject grades for a given academic year.
Perfil
Current-user profile management. Update personal information, change password, and upload a profile picture.
Environment Variables
The following variables are read byapps/api/src/lib/config.ts at startup:
| Variable | Default | Description |
|---|---|---|
PORT | 3001 | TCP port the Express server listens on |
CORS_ORIGIN | http://localhost:4321 | Allowed origin for CORS |
SESSION_COOKIE_NAME | nv_session | Name of the session cookie |
NODE_ENV | — | Set to production to enable secure cookies and other prod-only behaviour |
SUPABASE_URL | — | Your Supabase project URL |
SUPABASE_SERVICE_ROLE_KEY | — | Service-role key for the Supabase admin client |