Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/fredy-rizo/MultiSas/llms.txt

Use this file to discover all available pages before exploring further.

This guide walks you through cloning the repository, wiring up environment variables, registering your first company, and making an authenticated API request — all in about five minutes. You will need Node.js 18+, a running MongoDB instance (local or Atlas), and curl (or any HTTP client).
1

Clone & install dependencies

Clone the repository and install all dependencies.
git clone https://github.com/fredy-rizo/MultiSas.git
cd MultiSas
npm install
2

Configure environment variables

Create a .env file in the project root with the following three variables. These are read by src/config.js via dotenv at startup.
.env
PORT=3000
MONGODB_URL=mongodb://localhost:27017/multisas
SECRET=your_jwt_secret_here
VariableDescription
PORTThe TCP port Express will listen on.
MONGODB_URLFull MongoDB connection string, including database name.
SECRETSigning secret used by jsonwebtoken to sign and verify all JWTs.
In production, SECRET should be a long (32+ character), cryptographically random string — for example, generated with openssl rand -base64 32. Never commit it to version control. Store it in a secrets manager or your hosting platform’s environment variable settings.
3

Start the development server

Run the dev server with nodemon. The process will restart automatically on file changes.
npm run dev
Expected startup output:
Server-startup → 4.21.ms
Server on port 3000
Connected to DB
If you see a Error connecting to DB → message, verify that MONGODB_URL in your .env points to a reachable MongoDB instance.
4

Register a company

Use POST /api/user/register-company to create your first tenant. Supply a unique nit_company (the company tax ID), the founder’s name, and a type_company that matches one of the supported verticals (sublimacion, restaurante, farmacia, etc.).
curl -s -X POST http://localhost:3000/api/user/register-company \
  -H "Content-Type: application/json" \
  -d '{
    "name_company": "Acme Corp",
    "name_founder": "John Doe",
    "nit_company": "900123456",
    "password": "securepassword",
    "type_company": "sublimacion"
  }'
A successful response returns HTTP 200 with the new company document:
{
  "msj": "Empresa registrada exitosamente",
  "status": true,
  "save_company": {
    "_id": "664f1a2b3c4d5e6f7a8b9c0d",
    "name_company": "Acme Corp",
    "name_founder": "John Doe",
    "nit_company": "900123456",
    "type_company": "sublimacion",
    "role_user": "Sin rol",
    "available_plans": "Sin Plan",
    "active_account": [{ "name": "Pendiente", "value": "1" }]
  }
}
Save the _id value — you will use it as company_id in subsequent requests.
5

Log in and retrieve a JWT

Call POST /api/user/login-company with the company’s nit_company and password. The API returns a signed JWT valid for 365 days.
curl -s -X POST http://localhost:3000/api/user/login-company \
  -H "Content-Type: application/json" \
  -d '{
    "nit_company": "900123456",
    "password": "securepassword"
  }'
Example response:
{
  "msj": "Bienvenido!",
  "status": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "_id": "664f1a2b3c4d5e6f7a8b9c0d",
    "name_company": "Acme Corp",
    "nit_company": "900123456",
    "role_user": "Sin rol",
    "available_plans": "Sin Plan"
  }
}
Copy the value of "token" — you will pass it in every subsequent request.
6

Make an authenticated request

Pass the token in the token-access header as Bearer <token>. The example below lists all active sub-users for a company.
curl -s -X GET \
  "http://localhost:3000/api/user/list-user-by-company-active/664f1a2b3c4d5e6f7a8b9c0d" \
  -H "token-access: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
A successful response:
{
  "msj": "Cargando usuarios activados...",
  "status": true,
  "data": [],
  "pagination": {
    "pag": "1",
    "perpage": 10,
    "pags": 0
  }
}
Every protected endpoint in MultiSas requires the token-access: Bearer <token> header. Requests that omit the header receive HTTP 401 {"msj": "Sin autorizacion", "status": false}. Requests with an expired token receive HTTP 403 {"msj": "Sesion finalizada", "status": false}.

Next Steps

Build docs developers (and LLMs) love

Get started for freeTalk to us