Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/fredy-rizo/ecommerce-delivery/llms.txt

Use this file to discover all available pages before exploring further.

This endpoint validates a user’s credentials and, on success, returns a signed JSON Web Token (JWT) along with the user’s profile data. The token must be included in the Authorization header as a Bearer token for all protected endpoints. Tokens are valid for 365 days from the time of issue.
Only accounts that have been verified via POST /api/user/verify-account can log in. Attempting to authenticate with an unconfirmed account returns a 403 error.

Endpoint

POST /api/user/login
Authentication: None required

Request Body

email
string
required
The registered email address of the user.
password
string
required
The account password.

Response

200 — Login successful

msj
string
"Bienvenido!"
status
boolean
true on success.
token
string
A signed JWT Bearer token. Valid for 365 days. Pass this in the Authorization header as Bearer <token> on subsequent requests.
user
object
The authenticated user’s profile snapshot.

203 — Missing fields or wrong password

Returned when email or password are not provided, or when the password does not match. 
{
  "msj": "Completa todos los campos para poder iniciar sesion",
  "status": false
}

{
  "msj": "Contraseña incorrecta",
  "status": false
}

403 — Invalid email or inactive account

Returned when the email is not found in the database, or when the account has not been verified. 
{
  "msj": "Email no valido",
  "status": false
}

{
  "msj": "Tu cuenta no esta activa. Confirma tu cuenta para poder iniciar sesion",
  "status": false
}

Token Payload

The JWT contains the following claims, encoded at sign-in time:
ClaimDescription
_idUser’s database ID
nameFull name
emailEmail address
statusAccount status array
rolesRoles array
membershipMembership object
codesellerUser’s own referral code
mesellerReferrer’s seller code
addressAddress
phone_numberPhone number
typeIdentificationID type
identificationID number
avatarAvatar array
The token payload reflects the user’s data at the time of login. Profile updates made via POST /api/user/update will not be reflected in the token until the user logs in again.

Using the Token

Include the token in the Authorization header for all endpoints that require authentication: 
Authorization: Bearer <token>

Example

curl -X POST https://your-api.com/api/user/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "maria@example.com",
    "password": "securePass123"
  }'
Response: 
{
  "msj": "Bienvenido!",
  "status": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": "664a1f2e9b1c4a001f2e3d44",
    "name": "Maria Lopez",
    "email": "maria@example.com",
    "roles": [{ "name": "usuario", "value": "1" }],
    "status": [{ "name": "usuario activo", "value": "1" }],
    "address": "Calle 10 #45-67",
    "phone_number": "3001234567",
    "typeIdentification": "CC",
    "identification": "1020304050",
    "avatar": [],
    "membership": { "status": { "code": 3, "status": "No registrado" } },
    "codeseller": "XK9P2Q",
    "meseller": "ABC123"
  }
}

Build docs developers (and LLMs) love

Get started for freeTalk to us