Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/sistemashm24/pagos_hotspot_api/llms.txt

Use this file to discover all available pages before exploring further.

Users authenticate with the Pagos Hotspot API and are assigned one of two roles: super_admin (platform operators with full access) or cliente_admin (company-scoped admins who manage their own company’s products, payments, and router settings). Only super_admin users can create, list, or toggle the active state of any user. All endpoints in this section require Authorization: Bearer <session_token> for a user with the super_admin role.

POST /admin/usuarios

Creates a new user. The role determines whether empresa_id is required or forbidden.
Role and empresa_id rules are strictly enforced:
  • cliente_admin requires empresa_id. The company must already exist.
  • super_admin must not have empresa_id. Passing one returns HTTP 400.
cURL — Create a cliente_admin
curl -X POST "https://api.example.com/admin/usuarios" \
  -H "Authorization: Bearer <session_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePass123!",
    "nombre": "María González",
    "rol": "cliente_admin",
    "empresa_id": "EMP_3A9F1C0B2D"
  }'
cURL — Create a super_admin
curl -X POST "https://api.example.com/admin/usuarios" \
  -H "Authorization: Bearer <session_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SuperSecure456!",
    "nombre": "Carlos Ruiz",
    "rol": "super_admin"
  }'

Request Body

email
string
required
User’s email address. Must be unique across the entire platform. Returns HTTP 400 if already registered.
password
string
required
Plain-text password. Hashed server-side using bcrypt before storage. Never stored or returned in plain text.
nombre
string
required
User’s full display name.
rol
string
required
User role. Must be exactly "super_admin" or "cliente_admin". Any other value returns HTTP 400.
empresa_id
string
Company to associate the user with.
  • Required for cliente_admin. Must be an existing company ID.
  • Forbidden for super_admin. Pass null or omit entirely.

Response

cliente_admin Created
{
  "message": "Usuario creado exitosamente",
  "usuario": {
    "id": 7,
    "email": "[email protected]",
    "nombre": "María González",
    "rol": "cliente_admin",
    "empresa_id": "EMP_3A9F1C0B2D",
    "activo": true
  }
}
super_admin Created
{
  "message": "Usuario creado exitosamente",
  "usuario": {
    "id": 8,
    "email": "[email protected]",
    "nombre": "Carlos Ruiz",
    "rol": "super_admin",
    "empresa_id": null,
    "activo": true
  }
}

Error Responses

StatusDetail
400"Rol inválido. Debe ser 'super_admin' o 'cliente_admin'"
400"cliente_admin requiere empresa_id"
400"super_admin no debe tener empresa_id"
400"El email ya está registrado"
404"Empresa no encontrada"

GET /admin/usuarios

Returns all users in the system. Supports optional filtering by role and/or company.
cURL — All users
curl -X GET "https://api.example.com/admin/usuarios" \
  -H "Authorization: Bearer <session_token>"
cURL — Filter by company
curl -X GET "https://api.example.com/admin/usuarios?empresa_id=EMP_3A9F1C0B2D" \
  -H "Authorization: Bearer <session_token>"
cURL — Filter by role
curl -X GET "https://api.example.com/admin/usuarios?rol=cliente_admin" \
  -H "Authorization: Bearer <session_token>"

Query Parameters

rol
string
Filter users by role. Accepted values: "super_admin", "cliente_admin". Omit to return all roles.
empresa_id
string
Filter users belonging to a specific company. Can be combined with rol.

Response

Returns an array of UserResponse objects.
id
integer
required
Auto-incremented user ID.
email
string
required
User’s email address.
nombre
string
required
User’s display name.
rol
string
required
User role: "super_admin" or "cliente_admin".
empresa_id
string
Associated company ID. Always null for super_admin users.
activo
boolean
required
Whether the user account is currently active. Inactive users cannot log in.
Example Response
[
  {
    "id": 7,
    "email": "[email protected]",
    "nombre": "María González",
    "rol": "cliente_admin",
    "empresa_id": "EMP_3A9F1C0B2D",
    "activo": true
  },
  {
    "id": 8,
    "email": "[email protected]",
    "nombre": "Carlos Ruiz",
    "rol": "super_admin",
    "empresa_id": null,
    "activo": true
  },
  {
    "id": 3,
    "email": "[email protected]",
    "nombre": "Desactivado",
    "rol": "cliente_admin",
    "empresa_id": "EMP_7B2E4F1A9C",
    "activo": false
  }
]

GET /admin/usuarios/

Returns a single user by their numeric database ID.
cURL
curl -X GET "https://api.example.com/admin/usuarios/7" \
  -H "Authorization: Bearer <session_token>"

Path Parameters

usuario_id
integer
required
Numeric user ID.

Response

Returns a single UserResponse object. Returns HTTP 404 if the user does not exist.
Example Response
{
  "id": 7,
  "email": "[email protected]",
  "nombre": "María González",
  "rol": "cliente_admin",
  "empresa_id": "EMP_3A9F1C0B2D",
  "activo": true
}

PUT /admin/usuarios//toggle-activo

Toggles the active/inactive state of a user. Deactivated users lose the ability to log in immediately — their existing sessions are not invalidated, but they cannot obtain new tokens.
A super admin cannot deactivate their own account. Attempting to do so returns HTTP 400. This prevents accidental lockout of the platform.
cURL
curl -X PUT "https://api.example.com/admin/usuarios/7/toggle-activo" \
  -H "Authorization: Bearer <session_token>"

Path Parameters

usuario_id
integer
required
Numeric ID of the user to activate or deactivate.

Response

User Deactivated
{
  "message": "Usuario desactivado",
  "usuario_id": 7,
  "activo": false
}
User Activated
{
  "message": "Usuario activado",
  "usuario_id": 7,
  "activo": true
}

Error Responses

StatusDetail
400"No puedes desactivar tu propio usuario"
404"Usuario no encontrado"

UserResponse Fields

All user-returning endpoints share the same UserResponse schema:
id
integer
required
Auto-incremented numeric user ID.
email
string
required
User’s email address. Unique across the platform.
nombre
string
required
User’s full display name.
rol
string
required
One of "super_admin" or "cliente_admin".
empresa_id
string
Company association. null for super_admin users, a valid company ID (e.g. EMP_3A9F1C0B2D) for cliente_admin users.
activo
boolean
required
true if the user can log in, false if deactivated.

Build docs developers (and LLMs) love