Eme2App uses stateless JWT Bearer authentication. Every request to a protected resource must include anDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/eme2dev/Eme2App/llms.txt
Use this file to discover all available pages before exploring further.
Authorization: Bearer <token> header. The token is issued at login and encodes the user’s id, email, rol, and — after company selection — the empresa_id that scopes all subsequent data operations to a single company. Only /api/version and the /api/auth/* endpoints themselves are public.
Two-step login flow for multi-company users
POST /api/auth/login— authenticates credentials and returns a token.- If the user belongs to one company,
empresa_idis already embedded and the token is ready to use. - If the user belongs to multiple companies, the response includes
requiere_seleccion_empresa: trueplus the list of available companies. The initial token does not containempresa_id.
- If the user belongs to one company,
POST /api/auth/seleccionar-empresa— exchange the initial token for a new token that contains the chosenempresa_id. Use this new token for all subsequent requests.
Token payload
superadmin, admin, and user. Most business endpoints require admin or user with a valid empresa_id in the token.
POST /api/auth/login
Validates email and password, returns a signed JWT and basic user information. No authorization header required. Request bodyThe user’s registered email address. Case-insensitive.
The user’s plain-text password.
"exito" on success, "error" on failure.Signed JWT. Valid for 7 days by default (
JWT_EXPIRE env var).Present and
true when the user belongs to more than one company. Call POST /api/auth/seleccionar-empresa with the initial token to receive a company-scoped token.Present only when
requiere_seleccion_empresa is true. Each item contains empresa_id, nombre, and nombre_comercial.| Status | mensaje |
|---|---|
| 400 | "Credenciales inválidas" |
| 400 | "Usuario desactivado" |
| 400 | "Usuario no tiene empresas asignadas" |
GET /api/auth/me
Returns the authenticated user’s profile and their list of accessible companies. Authorization:Bearer <token> required.
Response
The
empresa_id currently embedded in the token. null if the user authenticated without selecting a company yet.List of active companies the user belongs to. Not included for
superadmin users.POST /api/auth/seleccionar-empresa
Exchanges the current token for a new JWT that includes the chosenempresa_id. All subsequent API calls must use this new token.
Authorization: Bearer <token> required.
The UUID of the company to activate. Must be one of the companies returned in the login response or from
GET /api/auth/me.New signed JWT with
empresa_id embedded. Replace the previous token immediately.| Status | mensaje |
|---|---|
| 400 | "empresa_id debe ser un UUID válido" |
| 400 | "La empresa solicitada no está asignada a este usuario" |
| 401 | "Token no proporcionado" / "No autorizado" |
POST /api/auth/cambiar-password
Changes the authenticated user’s password. Requires the current password for verification. Authorization:Bearer <token> required.
The user’s current password.
The desired new password. Minimum 6 characters.
| Status | mensaje |
|---|---|
| 400 | "Contraseña actual incorrecta" |
| 400 | "La contraseña debe tener al menos 6 caracteres" |
POST /api/auth/solicitar-reset
Sends a password-reset link to the provided email address. The response is intentionally vague to avoid leaking which email addresses are registered. No authorization header required.The email address associated with the account.
POST /api/auth/reset-password
Consumes a password-reset token and sets a new password. No authorization header required.The reset token received by email (the
reset_token query parameter from the link).The new password. Minimum 6 characters.
| Status | mensaje |
|---|---|
| 400 | "Token inválido" |
| 400 | "El link de recuperación venció. Solicitá uno nuevo." |
| 400 | "Token inválido o ya utilizado" |
POST /api/auth/reset-admin
Resets the admin user credentials toadmin@empresa.com / admin123. Requires a valid Bearer token belonging to a superadmin user.
Authorization: Bearer <token> required. Role: superadmin.
Request body: none required.
Response
| Status | mensaje |
|---|---|
| 403 | "No permitido en producción" |
| 401 | "Token no proporcionado" / "No autorizado" |
| 403 | "No tienes permiso para acceder a este recurso" |
PUT /api/auth/tema
Persists the user’s UI theme preference (light or dark) in their profile. This value is returned in every subsequent GET /api/auth/me and login response.
Authorization: Bearer <token> required.
Must be exactly
"light" or "dark".