Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/danielsl4/TFG_DAM_2526/llms.txt

Use this file to discover all available pages before exploring further.

FutsalManager uses JSON Web Tokens (JWT) for authentication. When you register or log in, the API returns a token you include in subsequent requests so the platform knows who you are. All new accounts receive the standard user role — elevated roles like admin and referee must be assigned by an administrator.

Register a new account

To create an account, send a POST request to /auth/register with your chosen username, email address, and password. All three fields are required.
1

Send your details to the register endpoint

curl -X POST https://your-api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "username": "maria_gol",
    "email": "[email protected]",
    "password": "supersecret123"
  }'
2

Receive your token and user object

On success the API responds with HTTP 201 and a payload containing your user object and a JWT token. Save the token — you will need it for every authenticated request.
{
  "message": "User registered successfully",
  "user": {
    "id": 42,
    "username": "maria_gol",
    "email": "[email protected]",
    "role": "user"
  },
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Registration automatically logs you in. You do not need a separate login call immediately after creating your account.

Log in to an existing account

If you already have an account, send a POST request to /auth/login with your username and password. Email is not accepted at login — only username. 
curl -X POST https://your-api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "username": "maria_gol",
    "password": "supersecret123"
  }'
A successful login returns HTTP 200 with a fresh token: 
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Using your token

Include the token in the Authorization header of every request that requires authentication. Use the Bearer scheme: 
curl https://your-api/user/profile \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
The Angular app stores your token in localStorage and attaches it automatically. If you are building your own client, follow the same pattern.

Token expiry

Your token is valid for different durations depending on your role:
RoleToken lifetime
user7 days
admin6 hours
referee6 hours
Once a token expires you will receive a 401 response. Log in again to get a fresh token.

Rate limiting

To protect against brute-force attacks, the register and login endpoints accept a maximum of 10 requests per IP address per 15-minute window. This limit is tracked in Redis. If you exceed it, the API returns: 
{
  "message": "Demasiados intentos. Por favor, inténtalo de nuevo en 15 minutos."
}
Wait 15 minutes before trying again.

Common errors

You omitted one or more required fields. Make sure username, email, and password are all present in your register request, or username and password in your login request.
The username was not found, or the password did not match. The API returns the same message in both cases to avoid revealing whether an account exists.
Someone already registered with that username. Choose a different one.
An account with that email address already exists. Use a different email or log in to your existing account.

User profile

View your account details, porra score, and followed teams.

Match voting

Predict match results and earn points on the leaderboard.

Build docs developers (and LLMs) love

Get started for freeTalk to us