The Users API allows Administrators to manage system accounts — list all users, retrieve a specific user, update their profile or role, and delete accounts. Every endpoint in this group is protected by two middleware layers:Documentation Index
Fetch the complete documentation index at: https://mintlify.com/sheeplettuce/Monitor/llms.txt
Use this file to discover all available pages before exploring further.
verificarToken (validates the JWT) and soloAdmin (asserts the Administrador role). Any request missing a valid token or issued from a non-Admin account will be rejected before the controller is reached.
All four endpoints require an Authorization: Bearer <token> header where the token belongs to a user with the Administrador role.
To create a new user account, use
POST /api/auth/register (the auth routes). The /api/usuarios endpoints only support reading, updating, and deleting existing accounts.GET /api/usuarios
Returns a flat array of every user registered in the system, ordered byid ascending.
Response — 200 OK
Auto-incremented primary key of the user record.
Human-readable display name of the user. May be
null if not set during registration.Unique login handle. No whitespace allowed. Used as the credential identifier at login.
Role assigned to the user. One of
Administrador, Operador, or Tecnico.GET /api/usuarios/:id
Retrieves a single user by their numeric database ID.Path Parameters
The numeric ID of the user to retrieve. Must be a valid integer. Returns
400 if not parseable and 404 if no user with that ID exists.Response — 200 OK
The user’s primary key.
Display name of the user.
Unique login handle.
Role of the user:
Administrador, Operador, or Tecnico.Error Responses
| Status | Body | Cause |
|---|---|---|
400 | { "error": "ID inválido" } | :id could not be parsed as an integer |
404 | { "error": "Usuario no encontrado" } | No user found with the given ID |
401 | { "error": "Token requerido" } | Missing or malformed JWT |
403 | { "error": "Acceso denegado" } | Token is valid but role is not Admin |
PUT /api/usuarios/:id
Updates one or more fields on an existing user account. All body fields are optional — only the fields provided will be changed. Ifpassword is supplied it is re-hashed with bcrypt (10 rounds) before being stored.
Path Parameters
The numeric ID of the user to update. Returns
400 if not parseable as an integer.Body Parameters
New display name for the user. Replaces the current value; may be set to an empty string to clear it.
New unique login handle. Must not contain any whitespace characters. Returns
400 if whitespace is detected. Returns 400 if the username is already taken by another account.New plain-text password. The service automatically hashes it with
bcrypt.hash(password, 10) before writing to password_hash. The plain-text value is never persisted.New role for the user. Must be exactly one of:
Administrador, Operador, Tecnico. Any other value returns 400.Response — 200 OK
Returns the full updated user object (same shape as the read endpoints — nopassword_hash).
The user’s primary key.
Updated display name.
Updated (or unchanged) login handle.
Updated (or unchanged) role.
Error Responses
| Status | Body | Cause |
|---|---|---|
400 | { "error": "ID inválido" } | :id is not a valid integer |
400 | { "error": "Rol inválido. Debe ser: …" } | rol value is not one of the three permitted roles |
400 | { "error": "El usuario no puede contener espacios" } | username contains whitespace |
400 | { "error": "El username ya está en uso" } | Another account already uses the requested username |
400 | { "error": "Usuario no encontrado" } | No user with the given :id exists |
401 | { "error": "Token requerido" } | Missing or malformed JWT |
403 | { "error": "Acceso denegado" } | Authenticated user does not have the Admin role |
DELETE /api/usuarios/:id
Permanently deletes a user account from the database. Administrators cannot delete their own account — the controller compares the token’sid claim against the :id parameter and returns 400 if they match.
Path Parameters
The numeric ID of the user to delete. Returns
400 if not parseable as an integer.Response — 200 OK
Returns a confirmation object withok: true and the deleted record’s ID.
Always
true on a successful deletion.The ID of the user that was deleted.
Error Responses
| Status | Body | Cause |
|---|---|---|
400 | { "error": "No puedes eliminar tu propia cuenta" } | The requesting Admin’s own ID matches the target :id |
400 | { "error": "ID inválido" } | :id cannot be parsed as an integer |
400 | { "error": "Usuario no encontrado" } | No user with the given :id exists in the database |
401 | { "error": "Token requerido" } | Missing or malformed JWT |
403 | { "error": "Acceso denegado" } | Authenticated user does not have the Administrador role |