Skip to main content
All user management endpoints require the ADMIN role. Include a valid Bearer token for an admin account in the Authorization header for every request on this page.
These endpoints are restricted to ADMIN users only. Requests from any other role will be rejected with a 403 Forbidden response.

Roles

Every user in the system has exactly one role that determines what they can access.

ADMIN

Full system access. Can manage users, view all tickets, and perform every ticket operation.

MESA

Help desk agents. Can view all tickets and perform most ticket operations including assignment and transfer.

AREA

Area specialists. Can view and update tickets routed to their assigned area.

USUARIO

End users. Can only create tickets and look up their own ticket status via public endpoints.

Create a user

Use POST /api/auth/users to create a new user account. Required fields
FieldTypeConstraintsDescription
emailstringValid email addressLogin credential and contact address.
nombrestringMinimum 2 charactersFull name of the user.
passwordstringMinimum 6 charactersInitial password. Should be changed on first login.
rolstringADMIN, MESA, AREA, or USUARIORole assignment.
Optional fields
FieldTypeConstraintsDescription
areastringArea name, required for AREA role users.
telefonostringMax 30 charactersContact phone number.
curl
curl -X POST https://api.example.com/api/auth/users \
  -H "Authorization: Bearer YOUR_ADMIN_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "nombre": "Carlos Mendoza",
    "password": "SecurePass123",
    "rol": "ADMIN",
    "telefono": "+573009876543"
  }'
Always set area when creating an AREA role user. Without it, the user will not receive tickets routed to any specific area.

List all users

Use GET /api/auth/users to retrieve every user account in the system.
curl
curl -X GET https://api.example.com/api/auth/users \
  -H "Authorization: Bearer YOUR_ADMIN_TOKEN"
The response is an array of user objects. Use this endpoint to find user IDs before performing update or delete operations.

Update a user

Use PATCH /api/auth/users/{user_id} to update one or more fields on an existing user. All fields are optional — only include the fields you want to change. Updatable fields
FieldTypeConstraintsDescription
emailstringValid email addressNew login email.
nombrestringUpdated display name.
rolstringADMIN, MESA, AREA, or USUARIOChange the user’s role.
areastringNew area assignment (relevant for AREA role).
telefonostringMax 30 charactersUpdated phone number.
passwordstringMinimum 6 charactersSet a new password.
is_activebooleanfalse to deactivate the account without deleting it.
curl
curl -X PATCH https://api.example.com/api/auth/users/usr_001 \
  -H "Authorization: Bearer YOUR_ADMIN_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "rol": "AREA",
    "area": "FACTURACION"
  }'
Deactivating a user with "is_active": false prevents login without removing the account or its history. This is the recommended approach when an employee leaves, so their ticket history is preserved.

Delete a user

Use DELETE /api/auth/users/{user_id} to permanently remove a user account.
curl
curl -X DELETE https://api.example.com/api/auth/users/usr_001 \
  -H "Authorization: Bearer YOUR_ADMIN_TOKEN"
Deletion is permanent and cannot be undone. Consider deactivating the account with "is_active": false instead of deleting it, especially if the user has ticket history you need to preserve for auditing.

Best practices

Role assignment
  • Assign ADMIN only to users who actively manage the system. Avoid using admin accounts for day-to-day ticket handling.
  • Use MESA for front-line help desk agents who need to triage, assign, and transfer tickets across all areas.
  • Use AREA for technical specialists. Always set their area field to match the area name used in ticket routing.
  • Create USUARIO accounts for internal staff who submit tickets through the API rather than the public form.
Area naming
  • Use consistent, uppercase area names across users and tickets: MESA, INFRAESTRUCTURA, SISTEMAS, FACTURACION, RRHH.
  • An AREA user can only see tickets where areaAsignada matches their area value exactly. Inconsistent casing or spelling will break routing.
Password management
  • Set a temporary password when creating accounts and require users to change it on first login.
  • Use the PATCH endpoint to reset passwords when users are locked out.
  • Passwords must be at least 6 characters. Enforce stronger passwords at the application layer if your security policy requires it.

Build docs developers (and LLMs) love

Get started for freeTalk to us