Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/davidG97/qa-flow/llms.txt

Use this file to discover all available pages before exploring further.

QA Flow automatically generates an HTML report after every completed test run. The Reports API lets you list all available reports, retrieve their metadata and summary statistics as JSON, render the full HTML report directly in a browser, download it as a file attachment, or delete reports you no longer need. This page also documents the Users API, which is restricted to admin accounts and covers listing, creating, updating, and deleting user records.

GET /api/reports

List all HTML test reports that have been generated on the server, ordered by most recent first. Authentication required: No

Response

An array of report metadata objects.
id
string
UUID of the report.
testRunId
string
UUID of the test run this report belongs to.
summary
string | null
JSON string containing a result summary (totals, pass/fail counts, duration). May be null for older reports.
createdAt
string
ISO 8601 timestamp when the report was created.
curl http://localhost:3001/api/reports

GET /api/reports/:id

Retrieve the JSON metadata and summary for a specific report. Use this to display report stats without loading the full HTML content. Authentication required: No

Path Parameters

id
string
required
The UUID of the report to retrieve.

Response

id
string
UUID of the report.
testRunId
string
UUID of the associated test run.
summary
string | null
JSON-serialized summary object with result statistics.
createdAt
string
ISO 8601 timestamp when the report was created.
curl http://localhost:3001/api/reports/rpt-aaa-111

GET /api/reports/:id/html

Serve the full HTML report for rendering in a browser. The response body is a complete, self-contained HTML document styled in the Playwright report format. Authentication required: No

Path Parameters

id
string
required
The UUID of the report to render.

Response

Returns Content-Type: text/html — a full HTML document that can be displayed directly in an iframe or opened in a browser tab.
curl http://localhost:3001/api/reports/rpt-aaa-111/html \
  -o report.html && open report.html
To embed a live report inside a web application, set the src of an <iframe> to this URL (with appropriate credentials). The server will stream the HTML directly.

GET /api/reports/:id/download

Download the HTML report as a file attachment. The server sets Content-Disposition: attachment so that browsers prompt the user to save the file rather than rendering it. Authentication required: No

Path Parameters

id
string
required
The UUID of the report to download.

Response

Returns the report as an HTML file download (Content-Disposition: attachment; filename="report-<id>.html").
curl http://localhost:3001/api/reports/rpt-aaa-111/download \
  -O -J
# Saves to: report-rpt-aaa-111.html

DELETE /api/reports/:id

Permanently delete a report and its stored HTML content. The associated TestRun and TestResult records are not deleted — only the Report record itself is removed. Authentication required: No

Path Parameters

id
string
required
The UUID of the report to delete.

Response

Returns 204 No Content on success.
curl -X DELETE http://localhost:3001/api/reports/rpt-aaa-111
Deleting a report is irreversible. The HTML content is removed from the database and cannot be regenerated unless you re-run the associated test.

Users API (Admin Only)

User management is restricted to accounts with the ADMIN role. Requests from non-admin users return 403 Forbidden with { "error": "Prohibido: se requiere rol de administrador" }.

GET /api/users

List all user accounts registered in the system, ordered by creation date descending. Authentication required: Yes (Admin only)

Response

An array of user objects.
id
string
UUID of the user.
email
string
The user’s email address.
name
string | null
The user’s display name.
role
string
Either USER or ADMIN.
createdAt
string
ISO 8601 timestamp of account creation.
curl http://localhost:3001/api/users \
  -H 'Authorization: Bearer <admin-token>'

POST /api/users

Create a new user account. Unlike POST /api/auth/register, this endpoint is admin-only and allows specifying the user’s role at creation time. Authentication required: Yes (Admin only)

Request Body

email
string
required
Email address for the new account. Must be unique.
password
string
required
Initial password for the account. Stored as a bcrypt hash.
name
string
Optional display name.
role
string
Role to assign. Accepts ADMIN or USER. Defaults to USER if omitted or unrecognized.
curl -X POST http://localhost:3001/api/users \
  -H 'Authorization: Bearer <admin-token>' \
  -H 'Content-Type: application/json' \
  -d '{
    "email": "newuser@example.com",
    "password": "securePass!1",
    "name": "New User",
    "role": "USER"
  }'

PUT /api/users/:id

Update a user account. Admins can update any field on any user including role and email. Regular users can only update their own name and password — attempting to change role or email as a non-admin returns 403 Forbidden. Authentication required: Yes (Admin, or the user themselves for name/password only)

Path Parameters

id
string
required
UUID of the user to update.

Request Body

name
string
Updated display name. Can be set by the user themselves or by an admin.
password
string
New password. Hashed with bcrypt before storage. Can be changed by the user themselves or by an admin.
email
string
Updated email address. Admin only.
role
string
Updated role (ADMIN or USER). Admin only.
curl -X PUT http://localhost:3001/api/users/user-bbb-222 \
  -H 'Authorization: Bearer <admin-token>' \
  -H 'Content-Type: application/json' \
  -d '{"role": "ADMIN", "email": "jane-new@example.com"}'
{ "error": "No tienes permiso para editar este usuario" }

DELETE /api/users/:id

Permanently delete a user account and all associated data. An admin cannot delete their own account via this endpoint. Authentication required: Yes (Admin only)

Path Parameters

id
string
required
UUID of the user to delete.

Response

Returns 204 No Content on success.
curl -X DELETE http://localhost:3001/api/users/user-bbb-222 \
  -H 'Authorization: Bearer <admin-token>'
Attempting to delete your own account returns 400 Bad Request with { "error": "No puedes eliminar tu propia cuenta" }. Have another admin account perform the deletion, or use the /api/auth/me endpoint to confirm your identity before calling this endpoint.

Build docs developers (and LLMs) love