User management

All endpoints on this page require a valid Bearer token belonging to a user with the ADMIN role. Requests from non-admin users are rejected with 403 Forbidden.

Create a user

POST /api/auth/users Creates a new user account.

Body parameters

string

required

The new user’s email address. Must be a valid email and unique in the system.

nombre

string

required

The user’s full name. Minimum 2 characters.

password

string

required

The initial password. Minimum 6 characters.

rol

string

required

The user’s role. One of ADMIN, MESA, AREA, or USUARIO.

area

string

The area to assign the user to. Typically required when rol is AREA.

telefono

string

The user’s phone number. Maximum 30 characters.

Error responses

Status	Description
`401 Unauthorized`	Missing or invalid Bearer token.
`403 Forbidden`	Authenticated user does not have the `ADMIN` role.
`409 Conflict`	A user with the given email already exists. Response: `{"detail": "Email ya existe"}`.
`422 Unprocessable Entity`	The request body failed validation.

curl --request POST \
  --url https://your-domain.com/api/auth/users \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "email": "[email protected]",
    "nombre": "Carlos López",
    "password": "pass1234",
    "rol": "MESA"
  }'

{
  "message": "Usuario creado",
  "id": "b3d4e5f6-1a2b-3c4d-5e6f-7a8b9c0d1e2f"
}

List all users

GET /api/auth/users Returns the full list of user accounts.

Response

Returns an array of user objects. Each object contains:

string

required

Unique identifier for the user.

string

required

The user’s email address.

nombre

string

required

The user’s full name.

rol

string

required

The user’s role: ADMIN, MESA, AREA, or USUARIO.

area

string

The area the user belongs to, if set.

telefono

string

The user’s phone number, if set.

is_active

boolean

required

Whether the user account is active.

Error responses

Status	Description
`401 Unauthorized`	Missing or invalid Bearer token.
`403 Forbidden`	Authenticated user does not have the `ADMIN` role.

curl --request GET \
  --url https://your-domain.com/api/auth/users \
  --header 'Authorization: Bearer <token>'

[
  {
    "id": "usr_01",
    "email": "[email protected]",
    "nombre": "Ana García",
    "rol": "ADMIN",
    "area": null,
    "telefono": null,
    "is_active": true
  },
  {
    "id": "usr_02",
    "email": "[email protected]",
    "nombre": "Carlos López",
    "rol": "MESA",
    "area": null,
    "telefono": null,
    "is_active": true
  }
]

Update a user

PATCH /api/auth/users/{user_id} Partially updates an existing user. Only include the fields you want to change — all fields are optional.

Path parameters

user_id

string

required

The unique identifier of the user to update.

Body parameters

string

New email address for the user.

nombre

string

New full name for the user.

password

string

New password. Minimum 6 characters.

rol

string

New role. One of ADMIN, MESA, AREA, or USUARIO.

area

string

New area assignment for the user.

telefono

string

New phone number. Maximum 30 characters.

is_active

boolean

Set to false to deactivate the user account, or true to reactivate it. Deactivated users cannot log in.

Error responses

Status	Description
`401 Unauthorized`	Missing or invalid Bearer token.
`403 Forbidden`	Authenticated user does not have the `ADMIN` role.
`404 Not Found`	No user exists with the given `user_id`.
`422 Unprocessable Entity`	The request body failed validation.

curl --request PATCH \
  --url https://your-domain.com/api/auth/users/usr_02 \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "rol": "AREA",
    "area": "infraestructura",
    "is_active": true
  }'

{
  "message": "Usuario actualizado"
}

Delete a user

DELETE /api/auth/users/{user_id} Permanently removes a user account.

This action cannot be undone. If you want to prevent a user from logging in without deleting their history, set is_active to false using the Update a user endpoint instead.

Path parameters

user_id

string

required

The unique identifier of the user to delete.

Error responses

Status	Description
`401 Unauthorized`	Missing or invalid Bearer token.
`403 Forbidden`	Authenticated user does not have the `ADMIN` role.
`404 Not Found`	No user exists with the given `user_id`.

curl --request DELETE \
  --url https://your-domain.com/api/auth/users/usr_02 \
  --header 'Authorization: Bearer <token>'

{
  "message": "Usuario eliminado"
}

Authentication

Tickets

Create a user

Body parameters

Error responses

List all users

Response

Error responses

Update a user

Path parameters

Body parameters

Error responses

Delete a user

Path parameters

Error responses

Build docs developers (and LLMs) love

Authentication

Tickets

​Create a user

​Body parameters

​Error responses

​List all users

​Response

​Error responses

​Update a user

​Path parameters

​Body parameters

​Error responses

​Delete a user

​Path parameters

​Error responses

Build docs developers (and LLMs) love

Create a user

Body parameters

Error responses

List all users

Response

Error responses

Update a user

Path parameters

Body parameters

Error responses

Delete a user

Path parameters

Error responses