The Roles API controls the permission tiers within Credith. Every user is assigned at least one role from a fixed set of three names, and that role is embedded in their JWT — governing which protected routes they may access. Roles are stored in theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/RoyGeova07/Credith/llms.txt
Use this file to discover all available pages before exploring further.
cd.roles table and linked to users through the cd.users_roles junction table. All role management endpoints require an authenticated session with the Owner role.
Only three role names are valid in Credith:
Employee, Admin, and Owner. The API performs a case-insensitive match on the submitted name, normalizing it to the canonical casing before saving. Any other value will be rejected with a 400 error.GET /api/roles
Returns a paginated list of all roles, ordered alphabetically by name (ascending). Uselimit and offset to page through results.
Authentication: ✅ Required — Owner role
Query Parameters
Maximum number of role records to return per page. Defaults to
10.Number of records to skip before collecting results. Defaults to
0.Response
200 OK
Total count of roles in the database (before pagination).
Array of role objects for the current page, sorted by
name ASC.Example Response
GET /api/roles/:id
Returns a single role record by its UUID. Authentication: ✅ Required —Owner role
Path Parameters
The
roleId of the role to retrieve.Response
200 OK — Returns the role object.
Unique identifier for the role.
Role name (
Employee, Admin, or Owner).Optional description of the role.
404 Not Found
Example Response
POST /api/roles
Creates a new role. Because only three role names are permitted system-wide and each must be unique, you can create at most three roles (one per name). Attempting to create a role with a name that already exists returns a400 error.
Authentication: ✅ Required — Owner role
Request Body
The role name. Must be one of
Employee, Admin, or Owner (case-insensitive). The value is normalized to the canonical casing before being stored. Returns 400 if the name is invalid or already taken.Optional free-text description of the role’s purpose or permissions. Stored as-is with no length enforcement.
Response
201 Created
Confirmation:
"Rol creado correctamente".The newly created role object, including
roleId, name, and description.| Status | Condition |
|---|---|
400 | name is missing, blank, or not one of the three accepted values |
400 | A role with the same normalized name already exists |
401 | Missing or invalid token cookie |
403 | Authenticated user does not have the Owner role |
500 | Internal server error |
POST /api/roles/associate-user
Assigns an existing role to an existing user by inserting a row into thecd.users_roles junction table. If the user already holds the specified role, the request is rejected. A user can hold multiple roles simultaneously.
Authentication: ✅ Required — Owner role
Request Body
UUID of the user (
users.user_id) to assign the role to. Returns 404 if no matching user exists.UUID of the role (
roles.role_id) to assign. Returns 404 if no matching role exists.Response
201 Created
Confirmation:
"Rol asociado al usuario correctamente".The UUID of the user the role was assigned to.
The full role object that was associated (
roleId, name, description).| Status | Condition |
|---|---|
400 | userId or roleId is missing or blank |
400 | The user already has the specified role assigned |
401 | Missing or invalid token cookie |
403 | Authenticated user does not have the Owner role |
404 | No user found for the given userId |
404 | No role found for the given roleId |
500 | Internal server error |
PUT /api/roles/:id
Updates thename and/or description of an existing role. Both fields are optional — only the fields present in the request body are updated. If name is provided, it must pass the same validation as POST /api/roles (must be a valid role name, and must not already be taken by a different role).
Authentication: ✅ Required — Owner role
Path Parameters
The
roleId of the role to update.Request Body
New role name. Must be one of
Employee, Admin, or Owner (case-insensitive). Returns 400 if the name is invalid or already used by another role.New description for the role. Can be set to an empty string to clear it.
Response
200 OK
Confirmation:
"Rol actualizado correctamente".The updated role object reflecting the new values.
| Status | Condition |
|---|---|
400 | name is provided but is not a valid role name |
400 | name is provided but is already used by a different role |
401 | Missing or invalid token cookie |
403 | Authenticated user does not have the Owner role |
404 | No role found for the given UUID |
500 | Internal server error |
cURL Example
DELETE /api/roles/:id
Permanently removes a role from the database. This is a hard delete — the row is destroyed via Sequelize’sdestroy() with no soft-delete fallback (paranoid is not enabled on the roles model). Any users_roles rows referencing this role will also be removed due to the ON DELETE CASCADE constraint defined on the junction table.
Authentication: ✅ Required — Owner role
Path Parameters
The
roleId of the role to permanently delete.Response
200 OK
| Status | Condition |
|---|---|
401 | Missing or invalid token cookie |
403 | Authenticated user does not have the Owner role |
404 | No role found for the given UUID |
500 | Internal server error |
cURL Example