Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/miagv/PlataformaEduca/llms.txt

Use this file to discover all available pages before exploring further.

PlataformaEduca uses stateless JWT authentication. Every protected endpoint expects a signed token in the Authorization header. Tokens are issued at login, signed with HS256, and expire after 24 hours (86400000 ms). No server-side session state is kept — each request is validated independently.

Register a new user

Send a POST request to /api/auth/register with a JSON body containing the new user’s details. 
curl -s -X POST http://localhost:8080/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "nombres": "María",
    "apellidos": "García López",
    "email": "maria@example.com",
    "password": "securepassword",
    "rol": "DOCENTE"
  }'

Request body fields

FieldTypeRequiredDescription
nombresstringYesFirst name(s) of the user.
apellidosstringYesLast name(s) of the user.
emailstringYesUnique email address used to log in.
passwordstringYesPlain-text password; stored as a BCrypt hash.
rolstringYesThe role to assign. See valid values below.

Valid rol values

COORDINADOR

Grants access to /api/coordinador/** endpoints.

DOCENTE

Grants access to /api/docente/** endpoints.

ESTUDIANTE

Grants access to /api/estudiante/** endpoints.

USER / ADMIN

Base roles; ADMIN is typically reserved for system administrators.

Successful response

On success, the API returns the created user object with HTTP 200: 
{
  "id": 5,
  "nombres": "María",
  "apellidos": "García López",
  "email": "maria@example.com",
  "password": null,
  "activo": true,
  "roles": [
    { "id": 4, "nombre": "DOCENTE" }
  ]
}
Registration automatically creates the corresponding role-specific profile record. Registering with DOCENTE creates a Docente entry; ESTUDIANTE creates an Estudiante entry; COORDINADOR creates a Coordinador entry.

Log in

Send a POST request to /api/auth/login with the user’s email and password. 
curl -s -X POST http://localhost:8080/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "maria@example.com",
    "password": "securepassword"
  }'

Successful response

{
  "token": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJtYXJpYUBleGFtcGxlLmNvbSIsInJvbGVzIjpbIlJPTEVfRE9DRU5URSJdLCJpYXQiOjE3MDAwMDAwMDAsImV4cCI6MTcwMDA4NjQwMH0.signature",
  "email": "maria@example.com",
  "roles": ["ROLE_DOCENTE"]
}
Store the token value — you will include it in every subsequent request.

Use the token

Include the token in the Authorization header as a Bearer token on every protected request: 
curl -s http://localhost:8080/api/cursos \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9..."
The token contains your email as the subject and a roles claim. The API uses the roles claim to enforce access control — no additional lookup is needed per request.

Token expiry

Tokens are valid for 24 hours (86400000 ms) from the time of issue. After expiry, protected requests return 401 Unauthorized. Re-authenticate by calling /api/auth/login again to receive a new token.

Public vs. protected routes

Route patternAccess
/api/auth/registerPublic — no token required
/api/auth/loginPublic — no token required
/api/cursos/**Any authenticated user
/api/notas/**Any authenticated user
/api/coordinador/**COORDINADOR role only
/api/docente/**DOCENTE role only
/api/estudiante/**ESTUDIANTE role only
/swagger-ui/**Public
/v3/api-docs/**Public

Common errors

The token is missing, malformed, or has expired. Check that the Authorization header is present and that the token has not exceeded its 24-hour lifetime. Re-login to obtain a fresh token.
The token is valid but the authenticated user does not have the role required for the requested endpoint. For example, a DOCENTE user calling a /api/coordinador/** route will receive a 403.

Build docs developers (and LLMs) love

Get started for freeTalk to us