Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/sdurutr436/stay-sidekick/llms.txt

Use this file to discover all available pages before exploring further.

The Profile area is the configuration hub for every authenticated user in Stay Sidekick. Any logged-in user can view their own account details and change their password directly from this area. Company admins go further: from the same set of endpoints they can wire up PMS and AI integrations, map XLSX column layouts for bulk imports, and configure late check-in notification rules — all without touching code or triggering a redeployment.

User profile

These two endpoints are available to every authenticated user, regardless of role.

GET /api/perfil

Returns the authenticated user’s email, role, company identifier, and the timestamp of their last password change.
curl -X GET http://localhost/api/perfil \
  -H "Authorization: Bearer $TOKEN"
Response 200:
{
  "ok": true,
  "data": {
    "email": "julia@coastalstays.com",
    "rol": "admin",
    "empresa_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "password_changed_at": "2025-06-01T09:00:00+00:00"
  }
}

PUT /api/perfil/password

Changes the password for the currently authenticated user. Requires the current password (password_actual) and the desired new password (password_nueva). An optional password_confirm field may be included — if provided it must match password_nueva.
curl -X PUT http://localhost/api/perfil/password \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "X-CSRF-Token: <csrf_token>" \
  -d '{
    "password_actual": "xK7!mQ2nRpLw",
    "password_nueva": "MyNewSecure#99",
    "password_confirm": "MyNewSecure#99"
  }'
Response 200:
{ "ok": true }
If password_actual does not match the stored hash the API returns 422 with a descriptive error. This endpoint is the standard path for users completing their first login after being assigned a temporary password by an admin.

Company integrations

Integration configuration is scoped to the company, not to individual users. Any authenticated user can read the integration status; only an admin can write to it.

GET /api/perfil/integraciones

Returns the connection status of the PMS, AI, and Google integrations for the authenticated user’s company.
curl -X GET http://localhost/api/perfil/integraciones \
  -H "Authorization: Bearer $TOKEN"
Response 200:
{
  "ok": true,
  "data": {
    "pms": {
      "configurado": true,
      "proveedor": "smoobu"
    },
    "ia": {
      "configurado": false,
      "proveedor": "default",
      "modelo": null
    },
    "google": {
      "configurado": false
    }
  }
}

PUT /api/perfil/integraciones/pms

Sets or replaces the PMS API key for the company. Requires both the proveedor and api_key fields. Supported providers: smoobu, beds24, hostaway, cloudbeds. The key is encrypted with Fernet symmetric encryption before being written to the database and is never returned in plaintext by any endpoint.
PMS and AI API keys are stored encrypted using Fernet symmetric encryption (app/common/crypto.py). The raw key material is never returned via any API response — only a configurado boolean status is exposed. If you need to rotate a key, simply call this endpoint again with the new value.
curl -X PUT http://localhost/api/perfil/integraciones/pms \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "X-CSRF-Token: <csrf_token>" \
  -d '{
    "proveedor": "smoobu",
    "api_key": "smoobu_live_xxxxxxxxxxxxxxxx"
  }'
Response 200:
{ "ok": true }
To disconnect the PMS integration entirely, call DELETE /api/perfil/integraciones/pms. This removes the stored key and marks the integration as disconnected.

PUT /api/perfil/integraciones/ia

Sets or replaces the company’s own AI provider API key (BYOK — Bring Your Own Key). Requires a proveedor value; api_key and modelo are optional. Supported providers: default, gemini, openai, claude. When a company configures its own key it bypasses the platform’s shared free-tier usage counters and routes AI requests through its own account.
curl -X PUT http://localhost/api/perfil/integraciones/ia \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "X-CSRF-Token: <csrf_token>" \
  -d '{
    "proveedor": "openai",
    "modelo": "gpt-4o",
    "api_key": "sk-xxxxxxxxxxxxxxxxxxxxxxxx"
  }'
Response 200:
{ "ok": true }
Similarly, DELETE /api/perfil/integraciones/ia removes the key and reverts the company to the platform’s shared AI tier.

XLSX column configuration

When a company does not have an active PMS API integration, operational tools (heat map, late check-in notifications, contact sync) fall back to XLSX file uploads. The column mapping tells the backend which zero-based spreadsheet column indices correspond to each apartment field.

Read mapping

GET /api/perfil/xlsx-apartamentos — Returns the current column mapping for the company, or null if none has been saved yet. Available to all authenticated users.

Save mapping

PUT /api/perfil/xlsx-apartamentos — Persists a new column mapping for the company. Admin only. The mapping is stored as a JSON object in the company’s configuration.
curl -X PUT http://localhost/api/perfil/xlsx-apartamentos \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "X-CSRF-Token: <csrf_token>" \
  -d '{
    "col_id_externo": 0,
    "col_nombre": 1,
    "col_direccion": 2,
    "col_ciudad": 3
  }'
Response 200:
{ "ok": true }
Column indices are zero-based integers (column A = 0, column B = 1, etc.). col_id_externo and col_nombre are required; col_direccion and col_ciudad default to 0 if omitted.

Late check-in cutoff

Stay Sidekick can flag check-ins that arrive after a company-defined cutoff hour and apply notification rules automatically. The cutoff and column mappings are stored per company so different operations teams can define their own thresholds.

Read config

GET /api/perfil/notificaciones-tardio-config — Returns the current cutoff time and XLSX column mappings for the company. Available to all authenticated users.

Save config

PUT /api/perfil/notificaciones-tardio-config — Persists a new cutoff time and column mappings. Admin only.
curl -X PUT http://localhost/api/perfil/notificaciones-tardio-config \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "X-CSRF-Token: <csrf_token>" \
  -d '{
    "hora_corte": "20:00",
    "col_nombre": "A",
    "col_checkin": "B",
    "col_hora_llegada": "C",
    "col_telefono": "D",
    "col_apartamento": "E"
  }'
Response 200:
{ "ok": true }
Setting hora_corte to "20:00" means any check-in expected after 20:00 will be considered late. The column letter fields (col_nombre, col_checkin, etc.) map to the XLSX columns used in the uploaded arrivals sheet. The notification rules defined here drive the late check-in tool’s output when it processes the day’s arrivals from the PMS or from an uploaded XLSX.

Integration route summary

MethodEndpointRole requiredDescription
GET/api/perfilAnyCurrent user profile
PUT/api/perfil/passwordAnyChange own password
GET/api/perfil/integracionesAnyIntegration status for company
PUT/api/perfil/integraciones/pmsAdminSet PMS API key (encrypted)
DELETE/api/perfil/integraciones/pmsAdminRemove PMS integration
PUT/api/perfil/integraciones/iaAdminSet AI API key (BYOK, encrypted)
DELETE/api/perfil/integraciones/iaAdminRemove AI integration
GET/api/perfil/xlsx-apartamentosAnyRead XLSX column mapping
PUT/api/perfil/xlsx-apartamentosAdminSave XLSX column mapping
GET/api/perfil/notificaciones-tardio-configAnyRead late check-in config
PUT/api/perfil/notificaciones-tardio-configAdminSave late check-in config

Build docs developers (and LLMs) love