Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/akibanks/api-tienda-vinilos/llms.txt

Use this file to discover all available pages before exploring further.

VinylVibes API is a production-ready REST backend for an online vinyl record store, built on Node.js and Express with Prisma as the ORM, PostgreSQL (hosted on Neon) as the primary database, and Redis for response caching. It integrates with three external services — Discogs for catalog data and popularity stats, Last.fm for album history and similar-artist recommendations, and YouTube Data API v3 for album video lookup — and exposes endpoints for browsing records, user authentication, order processing, and admin management.

Tech stack

TechnologyRole
Node.js + ExpressHTTP server and all route handlers
PrismaORM — type-safe queries against PostgreSQL
PostgreSQL (Neon)Persistent storage for users, orders, and browsing history
Redis (ioredis)Response cache to avoid exhausting external API rate limits
JWT + bcryptAuthentication — token signing and password hashing
express-rate-limitGlobal and per-route abuse protection
Discogs APIVinyl catalog search, release details, and community popularity stats
Last.fm APIAlbum history (wiki) and similar-artist recommendations
YouTube Data API v3Album video lookup

Architecture at a glance

Every incoming HTTP request passes through a layered pipeline before a response is returned:
  1. Rate limiter — globally capped at 100 requests per minute; auth routes are further capped at 10 attempts per 15 minutes.
  2. CORS — only origins listed in CORS_ORIGIN are allowed (comma-separated list).
  3. Auth middleware (verificarToken / soloAdmin) — validates the Authorization: Bearer header and attaches the decoded {id, nombre, rol} payload to the request where required.
  4. Endpoint handler — validates the request body/params, then checks the Redis cache for a stored result.
  5. Redis cache check — on a cache hit the cached JSON is returned immediately; on a miss the handler calls Discogs, Last.fm, or YouTube and writes the result to Redis with a TTL.
  6. Database — orders, users, and history are always read from and written to PostgreSQL via Prisma; Discogs data is never persisted to the database.
  7. Response — shaped JSON is returned to the client.

Available resources

Register & Login

Create an account at POST /registro and exchange credentials for a JWT at POST /login.

Search the Catalog

Full-text search across the Discogs catalog at GET /buscar?q=. Browse by genre or fetch the latest releases.

Checkout

Authenticated POST /checkout — submit a cart and shipping address; prices are calculated server-side from live Discogs stats.

Admin Tools

GET /admin/usuarios and GET /admin/ventas expose user and order management for admin and demo roles.

Environment variables

All seven variables below must be present at startup. The server is configured to read them from a .env file locally or from the Render environment panel in production.
VariableDescription
DATABASE_URLPostgreSQL connection string (e.g. a Neon connection string)
JWT_SECRETLong random secret used to sign and verify JWT tokens
CORS_ORIGINComma-separated list of allowed origins (e.g. https://myapp.github.io,https://staging.example.com)
REDIS_URLRedis connection URL (e.g. redis://red-... on Render, or redis://localhost:6379 locally)
DISCOGS_TOKENPersonal access token from your Discogs developer account
YOUTUBE_API_KEYAPI key from the Google Cloud Console with YouTube Data API v3 enabled
LASTFM_API_KEYAPI key from your Last.fm account
The server refuses to start if JWT_SECRET is not defined. You will see the error JWT_SECRET no está definido en las variables de entorno. and the process will exit immediately. Always set this variable before running the server.

Build docs developers (and LLMs) love

Get started for freeTalk to us