GOAT Portfolio uses email and password authentication backed by JWT Bearer tokens. After a successful login the server returns a signed token that is stored inDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/giangartun/Tis-GOAT-Frontend/llms.txt
Use this file to discover all available pages before exploring further.
localStorage under the key token. Every subsequent request to a protected endpoint must include the header Authorization: Bearer <token>. The logged-in user object and the portfolio ID are also persisted in localStorage under the keys usuario and id_portafolio respectively.
Registration
To create a new account, submit aPOST request to /api/usuario/pre-registro with all six required fields.
| Field | Type | Description |
|---|---|---|
nombre | string | First name. Letters only (including accented characters). |
apellido_paterno | string | Paternal surname. Letters only. |
apellido_materno | string | Maternal surname. Letters only. |
email | string | Valid email address (name@domain.tld format). |
contrasena | string | Password — minimum 6 characters. |
contrasena_confirmation | string | Must match contrasena exactly. |
- Name fields (
nombre,apellido_paterno,apellido_materno) are stripped of digits and validated against/^[a-zA-ZáéíóúüñÁÉÍÓÚÜÑ\s]*$/. - Password must be at least 6 characters.
contrasenaandcontrasena_confirmationmust be identical.- Email must match
/^[^\s@]+@[^\s@]+\.[^\s@]+$/.
Fill in the registration form
Navigate to
/register and complete all required fields. Name fields automatically strip any digits as you type.Submit the form
Click the Register button. The form calls
POST /api/usuario/pre-registro. On success, a confirmation message asks you to check your email.Email Verification
After registration, a verification email is sent to the address you provided. The email contains a unique link that calls::token parameter is extracted from the URL path by the VerificarEmail page. Once the API responds with HTTP 200 the user sees a success screen and is redirected to /login. If the token is invalid or already used, an error is shown and the user is prompted to register again.
Login
Send aPOST request to /api/usuario/login with the user’s credentials:
200 OK and a JSON body like the following:
token, usuario, and id_portafolio in localStorage. All subsequent API calls pass Authorization: Bearer <token> in the request header.
The
tipo_usuario field may appear both at the top level of the response and nested inside the usuario object. The client reads data.tipo_usuario ?? data.usuario?.tipo_usuario to handle either shape. Admin users (tipo_usuario === 'admin') are redirected to /admin/usuarios after login. Regular users are redirected to / (the home discovery feed).Password Recovery
If a user forgets their password, they can trigger a reset email from the login screen by clicking Forgot your password?. Step 1 — Request a reset link:/reset-password?token=<reset_token>.
Step 2 — Submit a new password:
The reset page (/reset-password?token=<reset_token>) handles:
/login after 1.5 seconds with a confirmation message.