QA Flow automatically generates an HTML report after every completed test run. The Reports API lets you list all available reports, retrieve their metadata and summary statistics as JSON, render the full HTML report directly in a browser, download it as a file attachment, or delete reports you no longer need. This page also documents the Users API, which is restricted to admin accounts and covers listing, creating, updating, and deleting user records.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/davidG97/qa-flow/llms.txt
Use this file to discover all available pages before exploring further.
GET /api/reports
List all HTML test reports that have been generated on the server, ordered by most recent first. Authentication required: NoResponse
An array of report metadata objects.UUID of the report.
UUID of the test run this report belongs to.
JSON string containing a result summary (totals, pass/fail counts, duration). May be
null for older reports.ISO 8601 timestamp when the report was created.
GET /api/reports/:id
Retrieve the JSON metadata and summary for a specific report. Use this to display report stats without loading the full HTML content. Authentication required: NoPath Parameters
The UUID of the report to retrieve.
Response
UUID of the report.
UUID of the associated test run.
JSON-serialized summary object with result statistics.
ISO 8601 timestamp when the report was created.
GET /api/reports/:id/html
Serve the full HTML report for rendering in a browser. The response body is a complete, self-contained HTML document styled in the Playwright report format. Authentication required: NoPath Parameters
The UUID of the report to render.
Response
ReturnsContent-Type: text/html — a full HTML document that can be displayed directly in an iframe or opened in a browser tab.
GET /api/reports/:id/download
Download the HTML report as a file attachment. The server setsContent-Disposition: attachment so that browsers prompt the user to save the file rather than rendering it.
Authentication required: No
Path Parameters
The UUID of the report to download.
Response
Returns the report as an HTML file download (Content-Disposition: attachment; filename="report-<id>.html").
DELETE /api/reports/:id
Permanently delete a report and its stored HTML content. The associatedTestRun and TestResult records are not deleted — only the Report record itself is removed.
Authentication required: No
Path Parameters
The UUID of the report to delete.
Response
Returns204 No Content on success.
Users API (Admin Only)
User management is restricted to accounts with theADMIN role. Requests from non-admin users return 403 Forbidden with { "error": "Prohibido: se requiere rol de administrador" }.
GET /api/users
List all user accounts registered in the system, ordered by creation date descending. Authentication required: Yes (Admin only)Response
An array of user objects.UUID of the user.
The user’s email address.
The user’s display name.
Either
USER or ADMIN.ISO 8601 timestamp of account creation.
POST /api/users
Create a new user account. UnlikePOST /api/auth/register, this endpoint is admin-only and allows specifying the user’s role at creation time.
Authentication required: Yes (Admin only)
Request Body
Email address for the new account. Must be unique.
Initial password for the account. Stored as a bcrypt hash.
Optional display name.
Role to assign. Accepts
ADMIN or USER. Defaults to USER if omitted or unrecognized.PUT /api/users/:id
Update a user account. Admins can update any field on any user includingrole and email. Regular users can only update their own name and password — attempting to change role or email as a non-admin returns 403 Forbidden.
Authentication required: Yes (Admin, or the user themselves for name/password only)
Path Parameters
UUID of the user to update.
Request Body
Updated display name. Can be set by the user themselves or by an admin.
New password. Hashed with bcrypt before storage. Can be changed by the user themselves or by an admin.
Updated email address. Admin only.
Updated role (
ADMIN or USER). Admin only.- 403 — Not self or admin
- 403 — Non-admin changing role/email
- 404 — User not found
DELETE /api/users/:id
Permanently delete a user account and all associated data. An admin cannot delete their own account via this endpoint. Authentication required: Yes (Admin only)Path Parameters
UUID of the user to delete.
Response
Returns204 No Content on success.