Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/fredy-rizo/ecommerce-delivery/llms.txt

Use this file to discover all available pages before exploring further.

The API provides three distinct password-related endpoints: one to request a recovery code by email, one to set a new password using that code (no authentication required), and one to change the password while already logged in. Choose the flow that matches your situation.

Password Recovery Flow

Use these steps when a user has forgotten their password and needs to reset it without logging in.
1

Request a recovery code

Call POST /api/user/recover-password-code with the account email. A 6-digit code is generated and sent to that address.
2

Check your email

The user retrieves the 6-digit code from the recovery email sent by the server.
3

Reset the password

Call POST /api/user/update-password-widthout-token with the email, the received code, and the desired new password.
4

Log in with the new password

Use POST /api/user/login with the updated credentials to obtain a new JWT token.

1 — Request Password Recovery Code

POST /api/user/recover-password-code
Authentication: None required

Request Body

email
string
required
The email address associated with the account that needs a password reset.

Response

200 — Code sent

msj
string
"Hemos enviado un codigo de 6 digitos a tu correo para confimar tu cambio de contraseña"
status
boolean
true on success.

203 — Email not found

{
  "msj": "Correo no encontrado. Ingresa un correo valido",
  "status": false,
  "alreadyVerified": true
}

Example

curl -X POST https://your-api.com/api/user/recover-password-code \
  -H "Content-Type: application/json" \
  -d '{
    "email": "maria@example.com"
  }'
Response: 
{
  "msj": "Hemos enviado un codigo de 6 digitos a tu correo para confimar tu cambio de contraseña",
  "status": true
}

2 — Reset Password With Recovery Code (No Auth)

Use this endpoint after receiving the 6-digit code from the recovery email. No JWT token is needed. 
POST /api/user/update-password-widthout-token
Authentication: None required

Request Body

email
string
required
The email address of the account being recovered.
codePassConfirm
string
required
The 6-digit recovery code received by email.
newPassword
string
required
The new password to set for the account. It will be hashed with bcrypt before being stored.

Response

200 — Password updated

msj
string
"Tu contraseña ha sido cambiada correctamente"
status
boolean
true on success.

400 — Wrong recovery code

{
  "msj": "Codigo de verificacion incorrecto. Por favor ingresa nuevamente el codigo",
  "status": false
}

404 — Email not found

{
  "msj": "Correo no encontrado. Por favor ingresa tu correo",
  "status": false
}

Example

curl -X POST https://your-api.com/api/user/update-password-widthout-token \
  -H "Content-Type: application/json" \
  -d '{
    "email": "maria@example.com",
    "codePassConfirm": "319047",
    "newPassword": "newSecurePass456"
  }'
Response: 
{
  "msj": "Tu contraseña ha sido cambiada correctamente",
  "status": true
}

3 — Change Password While Logged In

Use this endpoint when a user is already authenticated and wants to update their password. Both newPassword and newPasswordConfirmed must be identical. 
POST /api/user/update-password-width-token
Authentication: Required — Authorization: Bearer <token>

Request Body

email
string
required
The email address of the authenticated user. Must match the email stored in the database for the account.
newPassword
string
required
The desired new password.
newPasswordConfirmed
string
required
Confirmation of the new password. Must be identical to newPassword.

Response

200 — Password changed

msj
string
"Contraseña actualizada correctamente"
status
boolean
true on success.

404 — User not found

Returned when no account exists for the provided email. 
{
  "msj": "Usuario no encontrado",
  "status": false
}

403 — Emails do not match

Returned when the email in the request body does not match the email stored in the database for the user found. 
{
  "msj": "Emails no coinciden",
  "status": false
}

403 — Passwords do not match

Returned when newPassword and newPasswordConfirmed are not identical. 
{
  "msj": "Una de las contraseñas no coinciden. Por favor intentalo nuevamente",
  "status": false
}

401 — No token provided

{
  "msj": "Sin autorizacion",
  "status": false
}

Example

curl -X POST https://your-api.com/api/user/update-password-width-token \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "maria@example.com",
    "newPassword": "anotherSecurePass789",
    "newPasswordConfirmed": "anotherSecurePass789"
  }'
Response: 
{
  "msj": "Contraseña actualizada correctamente",
  "status": true
}
After changing your password, any existing JWT tokens are still technically valid until their 365-day expiry. Log out and log in again to obtain a fresh token reflecting the updated account state.

Build docs developers (and LLMs) love

Get started for freeTalk to us