The Users API manages the staff accounts that can authenticate with the Spartans Gym backend. It supports two roles —Documentation Index
Fetch the complete documentation index at: https://mintlify.com/azahel79/Spartans-gym/llms.txt
Use this file to discover all available pages before exploring further.
admin and recepcionista — and provides full CRUD operations so gym owners can onboard new front-desk staff, promote a recepcionista to admin, or revoke access by deleting an account. All passwords are hashed with bcrypt (10 rounds) before storage and are never returned in any response.
User Object
Auto-incremented primary key.
Unique staff email address. Used as the login identifier.
Access level. Defaults to
"recepcionista" when not specified at creation.UTC timestamp of account creation.
UTC timestamp of the last update. Returned by
PATCH responses; omitted from GET / list items due to the Prisma select projection used.The
password field is never included in any API response. The database stores a bcrypt hash, but it is always excluded via Prisma’s select clause.GET /api/users
Returns all staff accounts ordered bycreatedAt descending.
Auth: Authorization: Bearer <token> — admin only
Success Response — 200
Error Responses
| Status | Meaning |
|---|---|
401 | Missing or invalid Bearer token |
403 | Authenticated user is not an admin |
500 | Internal server error |
POST /api/users
Create a new staff account. Thepassword is hashed with bcrypt before being written to the database.
Auth: Authorization: Bearer <token> — admin only
Request Body
Email address for the new account. Must be unique across all users — the server returns
400 if a user with this email already exists.Plain-text password. Hashed server-side before storage; never echoed back.
Role to assign. Defaults to
"recepcionista" if omitted.Success Response — 201
Error Responses
| Status | Body error | Meaning |
|---|---|---|
400 | "Email y contraseña son requeridos" | email or password missing from request body |
400 | "Ya existe un usuario con ese email" | Duplicate email |
401 | — | Missing or invalid Bearer token |
403 | — | Authenticated user is not an admin |
500 | — | Internal server error |
Example
PATCH /api/users/:id/role
Update the role of an existing staff account. Only"admin" and "recepcionista" are accepted values; any other string returns 400.
Auth: Authorization: Bearer <token> — admin only
Path Parameters
The integer
id of the user whose role you want to change.Request Body
The new role to assign.
Success Response — 200
Error Responses
| Status | Body error | Meaning |
|---|---|---|
400 | "Rol inválido" | role is missing or not one of the accepted enum values |
401 | — | Missing or invalid Bearer token |
403 | — | Authenticated user is not an admin |
500 | — | User not found or database error |
Example
DELETE /api/users/:id
Permanently delete a staff account. This action is irreversible. Auth:Authorization: Bearer <token> — admin only
Path Parameters
The integer
id of the user to delete.Success Response — 200
Error Responses
| Status | Body error | Meaning |
|---|---|---|
401 | — | Missing or invalid Bearer token |
403 | — | Authenticated user is not an admin |
404 | "Usuario no encontrado" | No user exists for the given id |
500 | — | Internal server error |