Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/fredy-rizo/ecommerce-delivery/llms.txt

Use this file to discover all available pages before exploring further.

This guide walks you through running the Ecommerce Delivery API locally and completing the full user onboarding flow — from registration to a token-authenticated request — in under ten minutes.
1

Clone the repo and install dependencies

Clone the repository and install all Node.js dependencies with npm.
git clone https://github.com/fredy-rizo/ecommerce-delivery.git
cd ecommerce-delivery
npm install
The project uses ES Modules ("type": "module" in package.json), so Node.js 18 or later is recommended.
2

Configure your environment variables

Copy the provided example file and fill in your values.
cp example.env .env
Open .env and set each variable:
# Server
PORT=3000

# JWT signing secret — choose a long, random string
SECRET=your_super_secret_key

# MongoDB connection string
MONGODB_URL=mongodb://localhost:27017/ecommerce-delivery

# Google Cloud Storage bucket name
NAMEGOOGLECLOUD=your-gcs-bucket-name

# OAuth credentials (used by Nodemailer / Google APIs)
CLIENT_ID=your_google_client_id
CLIENT_SECRET=your_google_client_secret
CLIENT_URL=http://localhost:3000

# SMTP credentials for Nodemailer
USER_EMAIL=your_email@example.com
PASS_EMAIL=your_email_password
SECRET is used to sign and verify every JWT. Keep it out of version control and choose a value that is hard to guess.
The server will start without MONGODB_URL, but all database operations will fail. Make sure MongoDB is running and reachable before proceeding.
3

Start the development server

Run the dev script, which uses nodemon to watch for file changes and restart automatically.
npm run dev
A successful start looks like this:
Server-startup → 42.17.ms
🔷   Server on port 3000
The API is now listening at http://localhost:3000.
4

Register a new user

Create an account by sending name, email, and password in the request body. After a successful registration, the server also sends a verification email containing a 6-digit code.
curl -X POST http://localhost:3000/api/user/create \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Jane Doe",
    "email": "jane@example.com",
    "password": "s3cur3P@ssword"
  }'
Success response 200:
{
  "msj": "Cuenta creada correctamente",
  "status": true,
  "newUser": {
    "_id": "64f1a2b3c4d5e6f7a8b9c0d1",
    "name": "Jane Doe",
    "email": "jane@example.com",
    "status": { "name": "Pendiente de confirmacion", "value": "2" },
    "roles": [{ "name": "usuario", "value": "1" }]
  }
}
Check the inbox of the email address you provided — the verification code expires after 24 hours. If it expires, use POST /api/user/resend-code to request a new one.
5

Verify the account

Submit the email and the 6-digit code from the verification email to activate the account.
curl -X POST http://localhost:3000/api/user/verify-account \
  -H "Content-Type: application/json" \
  -d '{
    "email": "jane@example.com",
    "code": "482951"
  }'
Success response 200:
{
  "msj": "Cuenta confirmada correctamente. Iniciar sesion para poder disfrutar mas de nuestro contenido",
  "status": true
}
The account status is updated to "usuario activo" and the user can now log in.
6

Log in and obtain a token

Exchange credentials for a JWT that you will include on every subsequent authenticated request.
curl -X POST http://localhost:3000/api/user/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "jane@example.com",
    "password": "s3cur3P@ssword"
  }'
Success response 200:
{
  "msj": "Bienvenido!",
  "status": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": "64f1a2b3c4d5e6f7a8b9c0d1",
    "name": "Jane Doe",
    "email": "jane@example.com",
    "status": [{ "name": "usuario activo", "value": "1" }],
    "roles": [{ "name": "usuario", "value": "1" }],
    "membership": { "status": { "code": 3, "status": "No registrado" } },
    "codeseller": "839201",
    "meseller": "",
    "address": "",
    "phone_number": "",
    "typeIdentification": "",
    "identification": "",
    "avatar": ""
  }
}
Save the token value — it is valid for 365 days and must be sent with every protected request.
7

Make an authenticated request

Pass the token in the Authorization header as a Bearer token. The example below calls the member-listing endpoint, which requires authentication.
curl -X POST http://localhost:3000/api/user/list-members/1/10 \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -d '{}'
Success response 200:
{
  "msj": "Cargando miembros",
  "status": true,
  "data": [...],
  "pagination": {
    "pag": "1",
    "perpage": 10,
    "pags": 4
  }
}
If the Authorization header is missing the server returns 401. If the token is expired or invalid it returns 403. See the Authentication page for the full details.

What’s next?

  • Read the Authentication guide to understand the three middleware levels and all error responses.
  • Explore the full Users API reference for every available field and status code.
  • Learn about the Sale Lifecycle to understand how orders are created and fulfilled.

Build docs developers (and LLMs) love

Get started for freeTalk to us