Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/fredy-rizo/ecommerce-delivery/llms.txt

Use this file to discover all available pages before exploring further.

This endpoint allows an authenticated user to update their own profile information. Because it supports avatar image uploads, the request must be sent as multipart/form-data rather than JSON. The user is identified from the JWT token, so no user ID is needed in the request body.
After a successful update, the changes are saved to the database but will not appear in the current JWT token until the user logs out and logs in again. The token is a signed snapshot taken at login time.

Update Profile

POST /api/user/update
Authentication: Required — Authorization: Bearer <token>
Content-Type: multipart/form-data

Form Fields

name
string
The user’s updated full name.
address
string
The user’s physical address.
phone_number
string
The user’s phone number.
typeIdentification
string
The type of government-issued identification document (e.g., "CC", "Pasaporte", "CE").
identification
string
The identification document number.
avatar
file
Optional. One or more image files uploaded under the avatar field name. Stored in storage/user/ on the server. If omitted, the existing avatar is kept.

Response

200 — Profile updated

msj
string
"Usuario actualizado exitosamente, para visualizar los cambios cierra sesion"
status
boolean
true on success.
newUser
object
The user document as it existed before the update (the value returned by findOneAndUpdate without the new option). The database now contains the updated values.

401 — No token provided

{
  "msj": "Sin autorizacion",
  "status": false
}

403 — Token expired or invalid

{
  "msj": "Sesion finalizada",
  "status": false
}

404 — User not found

{
  "msj": "Usuario no encontrado",
  "status": false
}

Example

curl -X POST https://your-api.com/api/user/update \
  -H "Authorization: Bearer <token>" \
  -F "name=Maria Lopez" \
  -F "address=Calle 10 #45-67, Bogotá" \
  -F "phone_number=3001234567" \
  -F "typeIdentification=CC" \
  -F "identification=1020304050" \
  -F "avatar=@/path/to/photo.jpg"
Response: 
{
  "msj": "Usuario actualizado exitosamente, para visualizar los cambios cierra sesion",
  "status": true,
  "newUser": {
    "_id": "664a1f2e9b1c4a001f2e3d44",
    "name": "Maria Lopez",
    "email": "maria@example.com",
    "address": "Av. Siempre Viva 742",
    "phone_number": "3009876543",
    "typeIdentification": "CC",
    "identification": "1020304050",
    "avatar": []
  }
}

Update User Role (Admin Only)

Administrators can assign or replace a user’s role set using this endpoint. The roles array completely replaces the user’s existing roles. 
POST /api/user/update-role/:userId
Authentication: Required — Authorization: Bearer <token> (must have admin role, value "2")

Path Parameter

userId
string
required
The MongoDB _id of the user whose roles are being updated.

Request Body

roles
array
required
Array of role objects to assign to the user. Each object must include:
  • name (string) — human-readable role name (e.g., "admin", "usuario", "promotor")
  • value (string) — numeric role code: "1" (usuario), "2" (admin), "3" (promotor), "4" (invitado), "5" (company)

Response

200 — Role updated

msj
string
"Rol actualizado exitosamente"
status
boolean
true on success.

403 — Insufficient permissions

Returned when the authenticated user does not have the admin role (value: "2"). 
{
  "msj": "No tienes permisos para realizar esta accion",
  "status": false
}

404 — User not found

{
  "msj": "Usuario no encontrado",
  "status": false
}

Example

curl -X POST https://your-api.com/api/user/update-role/664a1f2e9b1c4a001f2e3d44 \
  -H "Authorization: Bearer <admin-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "roles": [
      { "name": "admin", "value": "2" }
    ]
  }'
Response: 
{
  "msj": "Rol actualizado exitosamente",
  "status": true
}

Build docs developers (and LLMs) love

Get started for freeTalk to us