Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/sheeplettuce/Monitor/llms.txt

Use this file to discover all available pages before exploring further.

Use this endpoint to obtain a JWT token for the Monitor API. All protected endpoints require this token to be passed in the Authorization: Bearer header. Tokens are signed with the server’s JWT_SECRET and expire after 8 hours — after expiry, a new login is required.

Endpoint

POST /api/auth/loginno authentication required.

Request Body

username
string
required
The user’s login name. Must not contain any whitespace characters.
password
string
required
The user’s password in plaintext. Compared server-side against the stored bcrypt hash.

Example Request

curl -X POST http://localhost:3000/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"username": "admin", "password": "yourpassword"}'

Success Response

Status: 200 OK
token
string
Signed JWT token. Include this value in subsequent requests as Authorization: Bearer <token>. Expires in 8 hours.
usuario
object
The authenticated user’s profile.
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "usuario": {
    "id": 1,
    "nombre": "Admin User",
    "username": "admin",
    "rol": "Administrador"
  }
}

Error Responses

StatusConditionResponse Body
400 Bad Requestusername or password is missing from the request body{ "error": "Usuario y contraseña requeridos" }
400 Bad Requestusername contains whitespace characters{ "error": "El usuario no puede contener espacios" }
401 UnauthorizedUser not found or password does not match{ "error": "Credenciales inválidas" }
Example 400 — missing credentials:
{ "error": "Usuario y contraseña requeridos" }
Example 401 — wrong username or password:
{ "error": "Credenciales inválidas" }

Using the Token

Store the token from the login response and attach it as a Bearer token on every subsequent protected request.
# 1. Log in and capture the token
TOKEN=$(curl -s -X POST http://localhost:3000/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"username": "admin", "password": "pass"}' | jq -r .token)

# 2. Use the token to call a protected endpoint
curl http://localhost:3000/api/expedientes \
  -H "Authorization: Bearer $TOKEN"
The JWT payload contains { id, username, rol }. Every protected endpoint decodes this payload via the verificarToken middleware to identify the caller and apply role-based access checks — no additional session lookup is performed.

Build docs developers (and LLMs) love