Every endpoint in the Billar Pro API — exceptDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/ierinconc/billar-pro-backend/llms.txt
Use this file to discover all available pages before exploring further.
POST /api/auth/login — is protected by Spring Security and requires a valid JWT bearer token. You obtain the token by calling the login endpoint, then include it in the Authorization header of every subsequent request. The server is fully stateless: no sessions are stored, and each request is independently authenticated by validating the token’s signature and expiry.
POST /api/auth/login
Authenticates a user by username and password, and returns a signed JWT token as a plain string. This endpoint is publicly accessible — noAuthorization header is required.
Request body
The username of the account to authenticate. The default seeded account uses
admin.The plain-text password for the account. Spring Security compares this against the BCrypt-hashed value stored in the database. The default seeded password is
billar123.Example request
Example response (HTTP 200)
The response body is a plain string — the raw JWT token, not wrapped in JSON.Error responses
Both failure cases are handled byGlobalExceptionHandler and return HTTP 404 with the following JSON shape:
| Condition | mensaje value |
|---|---|
| Username not found in the database | "Usuario no encontrado" |
| Username found but password does not match | "Contraseña incorrecta" |
Using the token on subsequent requests
Pass the token in theAuthorization header using the Bearer scheme. The JwtFilter intercepts every request (except /api/auth/login), extracts the token from this header, validates the signature and expiry, and loads the user into the security context.
Token properties
| Property | Value |
|---|---|
| Signing algorithm | HS256 (SignatureAlgorithm.HS256) |
| Expiration | 10 hours from the moment of issue (1000 × 60 × 60 × 10 ms) |
| Signing key | In-memory ephemeral — generated by Keys.secretKeyFor(HS256) at application startup |
| Claims | sub (username), iat (issued-at), exp (expiration) |
Default seeded credentials
The application seeds a default administrator account on first run:| Field | Value |
|---|---|
username | admin |
password | billar123 |
BCryptPasswordEncoder). You can change it by updating the record in the usuarios table.
Error response schema
All unhandledRuntimeExceptions (including login failures) are caught by GlobalExceptionHandler and serialized as follows:
ISO-8601 local datetime of when the error occurred (e.g.
"2025-01-15T10:30:00.123456").The HTTP status code. For login errors this is
404.A human-readable error category. For
RuntimeException this is always "Recurso no encontrado".The specific error message from the exception (e.g.
"Usuario no encontrado" or "Contraseña incorrecta").