Monitor API uses JSON Web Tokens (JWT) for authentication. Every protected endpoint requires anDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/sheeplettuce/Monitor/llms.txt
Use this file to discover all available pages before exploring further.
Authorization: Bearer <token> header. Tokens are signed with a server-side secret and carry the user’s identity and role, so no session state is stored on the server.
Obtaining a Token
Send aPOST request to /api/auth/login with a JSON body containing username and password. On success the API returns a signed token alongside a summary of the authenticated user.
200 OK):
token — you will include it in every subsequent request to a protected endpoint.
Token Lifetime
Tokens are valid for 8 hours from the moment of issue. This is hardcoded inauth.service.ts:
401 response. Re-authenticate via /api/auth/login to obtain a new token.
Using the Token
Pass the token in theAuthorization header as a Bearer credential on every request to a protected endpoint:
verificarToken) extracts the header, verifies the JWT signature and expiry using the server’s JWT_SECRET, and attaches the decoded user payload to the request before passing it to the route handler. Requests that omit the header or present a malformed value are rejected immediately with 401.
Token Payload
The decoded JWT contains the following claims:The unique numeric ID of the authenticated user in the
usuario table.The user’s login username.
The user’s role — one of
Administrador, Operador, or Tecnico. This claim drives all authorization checks across every protected route.Error Responses
Returned when
username or password are missing from the request body, or when the username value contains whitespace characters.Returned when credentials are invalid (wrong password or non-existent user) or when a supplied token is expired or has an invalid signature.
Returned when the request is authenticated (valid token) but the user’s role does not meet the requirement of the endpoint being accessed. The message varies depending on which middleware rejected the request.Returned by Returned by
soloAdmin — for endpoints that require the Administrador role, such as deleting expedientes, evidence files, levantamiento records, or user accounts.soloAdminOOperador — for endpoints that require at least the Operador role, such as creating or updating expedientes and uploading evidence files.