Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/sheeplettuce/Monitor/llms.txt

Use this file to discover all available pages before exploring further.

The Users API allows Administrators to manage system accounts — list all users, retrieve a specific user, update their profile or role, and delete accounts. Every endpoint in this group is protected by two middleware layers: verificarToken (validates the JWT) and soloAdmin (asserts the Administrador role). Any request missing a valid token or issued from a non-Admin account will be rejected before the controller is reached. All four endpoints require an Authorization: Bearer <token> header where the token belongs to a user with the Administrador role.
The password_hash field is never returned in any response from the Users API. Prisma selects only id, nombre, username, and rol on every query — the hash is permanently excluded at the service layer.
To create a new user account, use POST /api/auth/register (the auth routes). The /api/usuarios endpoints only support reading, updating, and deleting existing accounts.

GET /api/usuarios

Returns a flat array of every user registered in the system, ordered by id ascending.
curl http://localhost:3000/api/usuarios \
  -H "Authorization: Bearer $ADMIN_TOKEN"

Response — 200 OK

[
  { "id": 1, "nombre": "Admin", "username": "admin", "rol": "Administrador" },
  { "id": 2, "nombre": "María", "username": "mlopez", "rol": "Operador" }
]
id
integer
Auto-incremented primary key of the user record.
nombre
string | null
Human-readable display name of the user. May be null if not set during registration.
username
string
Unique login handle. No whitespace allowed. Used as the credential identifier at login.
rol
string
Role assigned to the user. One of Administrador, Operador, or Tecnico.

GET /api/usuarios/:id

Retrieves a single user by their numeric database ID.

Path Parameters

id
integer
required
The numeric ID of the user to retrieve. Must be a valid integer. Returns 400 if not parseable and 404 if no user with that ID exists.
curl http://localhost:3000/api/usuarios/2 \
  -H "Authorization: Bearer $ADMIN_TOKEN"

Response — 200 OK

{ "id": 2, "nombre": "María", "username": "mlopez", "rol": "Operador" }
id
integer
The user’s primary key.
nombre
string | null
Display name of the user.
username
string
Unique login handle.
rol
string
Role of the user: Administrador, Operador, or Tecnico.

Error Responses

StatusBodyCause
400{ "error": "ID inválido" }:id could not be parsed as an integer
404{ "error": "Usuario no encontrado" }No user found with the given ID
401{ "error": "Token requerido" }Missing or malformed JWT
403{ "error": "Acceso denegado" }Token is valid but role is not Admin

PUT /api/usuarios/:id

Updates one or more fields on an existing user account. All body fields are optional — only the fields provided will be changed. If password is supplied it is re-hashed with bcrypt (10 rounds) before being stored.

Path Parameters

id
integer
required
The numeric ID of the user to update. Returns 400 if not parseable as an integer.

Body Parameters

nombre
string
New display name for the user. Replaces the current value; may be set to an empty string to clear it.
username
string
New unique login handle. Must not contain any whitespace characters. Returns 400 if whitespace is detected. Returns 400 if the username is already taken by another account.
password
string
New plain-text password. The service automatically hashes it with bcrypt.hash(password, 10) before writing to password_hash. The plain-text value is never persisted.
rol
string
New role for the user. Must be exactly one of: Administrador, Operador, Tecnico. Any other value returns 400.
curl -X PUT http://localhost:3000/api/usuarios/2 \
  -H "Authorization: Bearer $ADMIN_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"rol": "Administrador", "nombre": "María López"}'

Response — 200 OK

Returns the full updated user object (same shape as the read endpoints — no password_hash).
{ "id": 2, "nombre": "María López", "username": "mlopez", "rol": "Administrador" }
id
integer
The user’s primary key.
nombre
string | null
Updated display name.
username
string
Updated (or unchanged) login handle.
rol
string
Updated (or unchanged) role.

Error Responses

StatusBodyCause
400{ "error": "ID inválido" }:id is not a valid integer
400{ "error": "Rol inválido. Debe ser: …" }rol value is not one of the three permitted roles
400{ "error": "El usuario no puede contener espacios" }username contains whitespace
400{ "error": "El username ya está en uso" }Another account already uses the requested username
400{ "error": "Usuario no encontrado" }No user with the given :id exists
401{ "error": "Token requerido" }Missing or malformed JWT
403{ "error": "Acceso denegado" }Authenticated user does not have the Admin role

DELETE /api/usuarios/:id

Permanently deletes a user account from the database. Administrators cannot delete their own account — the controller compares the token’s id claim against the :id parameter and returns 400 if they match.

Path Parameters

id
integer
required
The numeric ID of the user to delete. Returns 400 if not parseable as an integer.
curl -X DELETE http://localhost:3000/api/usuarios/3 \
  -H "Authorization: Bearer $ADMIN_TOKEN"

Response — 200 OK

Returns a confirmation object with ok: true and the deleted record’s ID.
{ "ok": true, "id": 3 }
ok
boolean
Always true on a successful deletion.
id
integer
The ID of the user that was deleted.

Error Responses

StatusBodyCause
400{ "error": "No puedes eliminar tu propia cuenta" }The requesting Admin’s own ID matches the target :id
400{ "error": "ID inválido" }:id cannot be parsed as an integer
400{ "error": "Usuario no encontrado" }No user with the given :id exists in the database
401{ "error": "Token requerido" }Missing or malformed JWT
403{ "error": "Acceso denegado" }Authenticated user does not have the Administrador role

Build docs developers (and LLMs) love