Skip to main content

Overview

This page documents all available API endpoints in Finanzapp. All endpoints require the X-Requested-With: XMLHttpRequest header and return JSON responses.
Base URL: https://pro.finanzapp.es (Production) or http://localhost/FinanzApp (Development)

Authentication Endpoints

Login

Authenticate a user with email and password. 
curl -X POST https://pro.finanzapp.es/app/auth/sendLogin.php \
  -H "X-Requested-With: XMLHttpRequest" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "[email protected]" \
  -d "password=SecurePass123"
Endpoint: POST /app/auth/sendLogin.php

Request Parameters

email
string
required
User’s email address
password
string
required
User’s password (min 8 chars, 1 uppercase, 1 number)
g-recaptcha-response
string
reCAPTCHA token for bot protection

Response

success
boolean
required
Whether the login was successful
message
string
Human-readable status message
user
object
User information (only on success)

Response Examples

200 - Success
{
  "success": true,
  "message": "Login successful",
  "user": {
    "id": 123,
    "email": "[email protected]",
    "name": "John Doe",
    "url_image": "https://carefully-happy-quetzal.global.ssl.fastly.net/assets/avatars/01.jpeg",
    "accept_news": 1
  }
}
200 - Invalid Credentials
{
  "success": false,
  "message": "Email o contraseña incorrectas"
}
403 - Forbidden
{
  "success": false,
  "message": "Acceso prohibido"
}

Register

Create a new user account. 
curl -X POST https://pro.finanzapp.es/app/auth/sendRegister.php \
  -H "X-Requested-With: XMLHttpRequest" \
  -d "nombre=John Doe" \
  -d "[email protected]" \
  -d "password=SecurePass123" \
  -d "confirm-password=SecurePass123" \
  -d "terms=on" \
  -d "notifications=on"
Endpoint: POST /app/auth/sendRegister.php

Request Parameters

nombre
string
required
User’s full name
email
string
required
User’s email address (must be unique)
password
string
required
User’s password (min 8 chars, 1 uppercase, 1 number)
confirm-password
string
required
Password confirmation (must match password)
terms
string
required
Terms acceptance (must be “on”)
notifications
string
Newsletter subscription (“on” or omit)

Response

success
boolean
required
Registration success status
message
string
required
Status message

Response Examples

200 - Success
{
  "success": true,
  "message": "Usuario registrado correctamente"
}
200 - Email Exists
{
  "success": false,
  "message": "El email ya está registrado"
}

Google Login

Authenticate using Google OAuth credentials. 
fetch('https://pro.finanzapp.es/app/auth/google-callback-login.php', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    credential: 'eyJhbGciOiJSUzI1NiIsImtpZCI6IjE4MmU0M...' // Google JWT
  })
})
.then(res => res.json())
.then(data => console.log(data));
Endpoint: POST /app/auth/google-callback-login.php

Request Parameters

credential
string
required
Google JWT credential token

Response

status
string
required
"exists" if user exists, "inserted" if new user created
user
object
User profile data from Google

Response Examples

Existing User
{
  "status": "exists",
  "user": {
    "id": 456,
    "email": "[email protected]",
    "name": "John Doe"
  }
}
New User
{
  "status": "inserted",
  "user": {
    "id": 789,
    "email": "[email protected]",
    "name": "Jane Smith"
  }
}

Logout

End the current user session. 
curl -X POST https://pro.finanzapp.es/app/auth/logout.php \
  -H "X-Requested-With: XMLHttpRequest"
Endpoint: POST /app/auth/logout.php Source: /home/daytona/workspace/source/app/auth/logout.php

Request Parameters

No parameters required.

Response

success
boolean
required
Logout success status
message
string
required
Status message

Response Examples

200 - Success
{
  "success": true,
  "message": "Sesión cerrada correctamente"
}
403 - Invalid Request
{
  "success": false,
  "message": "Acceso prohibido"
}
405 - Method Not Allowed
{
  "success": false,
  "message": "Método no permitido"
}

User Management

Update User Configuration

Update user profile settings including name, password, avatar, and notification preferences. 
const formData = new FormData();
formData.append('name', 'John Updated');
formData.append('avatar', 'https://carefully-happy-quetzal.global.ssl.fastly.net/assets/avatars/02.jpeg');
formData.append('password', 'NewSecurePass123'); // Optional
formData.append('confirm_password', 'NewSecurePass123'); // If password provided
formData.append('notifications', 'on'); // Optional

fetch('https://pro.finanzapp.es/app/auth/sendUserConfig.php', {
  method: 'POST',
  headers: { 'X-Requested-With': 'XMLHttpRequest' },
  body: formData
})
.then(res => res.json())
.then(data => {
  if (data.success) {
    console.log('Settings updated successfully');
    window.location.reload();
  }
});
Endpoint: POST /app/auth/sendUserConfig.php Authentication Required: Yes (active session)

Request Parameters

name
string
required
User’s full name
avatar
string
URL of selected avatar image (from predefined options)
password
string
New password (optional, only if changing password)
confirm_password
string
Password confirmation (required if password provided)
notifications
string
Newsletter preference (“on” or omit)

Available Avatars

Finanzapp provides 10 predefined avatar options plus a default: 
https://carefully-happy-quetzal.global.ssl.fastly.net/assets/avatars/01.jpeg
https://carefully-happy-quetzal.global.ssl.fastly.net/assets/avatars/02.jpeg
...
https://carefully-happy-quetzal.global.ssl.fastly.net/assets/avatars/10.jpeg
https://carefully-happy-quetzal.global.ssl.fastly.net/assets/avatars/default.jpeg

Response

success
boolean
required
Update success status
message
string
Status message

Response Examples

200 - Success
{
  "success": true,
  "message": "Configuración actualizada correctamente"
}
200 - Validation Error
{
  "success": false,
  "message": "Las contraseñas no coinciden"
}

Delete Account

Permanently delete the user’s account and all associated data. 
fetch('https://pro.finanzapp.es/app/auth/deleteAccount.php', {
  method: 'POST',
  headers: { 'X-Requested-With': 'XMLHttpRequest' }
})
.then(res => res.json())
.then(data => {
  if (data.success) {
    console.log('Account deleted');
    window.location.href = '/index.php';
  }
});
Endpoint: POST /app/auth/deleteAccount.php Source: /home/daytona/workspace/source/app/auth/deleteAccount.php Authentication Required: Yes (active session with email)
This action is irreversible. All user data will be permanently deleted from the database.

Request Parameters

No parameters required. Uses the email from the current session.

Implementation Details

The endpoint (source: /home/daytona/workspace/source/app/auth/deleteAccount.php:21-24): 
$sql = "DELETE FROM users WHERE email LIKE ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $email);
$stmt->execute();

Response

success
boolean
required
Deletion success status
message
string
required
Status message

Response Examples

200 - Success
{
  "success": true,
  "message": "Usuario eliminado correctamente."
}
200 - No Active Session
{
  "success": false,
  "message": "No hay una sesión activa con email."
}
403 - Invalid Request
{
  "success": false,
  "message": "Acceso prohibido"
}

Password Reset

Request Password Reset

Send a password reset email to the user. 
const formData = new FormData();
formData.append('email', '[email protected]');

fetch('https://pro.finanzapp.es/app/auth/sendResetLink.php', {
  method: 'POST',
  headers: { 'X-Requested-With': 'XMLHttpRequest' },
  body: formData
})
.then(res => res.json())
.then(data => {
  if (data.success) {
    console.log('Reset email sent');
  }
});
Endpoint: POST /app/auth/sendResetLink.php

Request Parameters

email
string
required
Email address of the account to reset

Response

success
boolean
required
Email sent status
message
string
required
Status message

Response Examples

200 - Success
{
  "success": true,
  "message": "Correo de restablecimiento enviado"
}
200 - Email Not Found
{
  "success": false,
  "message": "No existe una cuenta con ese email"
}

Reset Password

Set a new password using a reset token. 
const formData = new FormData();
formData.append('token', 'abc123def456...');
formData.append('new_password', 'NewSecurePass123');
formData.append('confirm_password', 'NewSecurePass123');

fetch('https://pro.finanzapp.es/app/auth/resetPassword.php', {
  method: 'POST',
  headers: { 'X-Requested-With': 'XMLHttpRequest' },
  body: formData
})
.then(res => res.json())
.then(data => console.log(data));
Endpoint: POST /app/auth/resetPassword.php

Request Parameters

token
string
required
Password reset token from email link
new_password
string
required
New password (min 8 chars, 1 uppercase, 1 number)
confirm_password
string
required
Password confirmation (must match new_password)

Response

success
boolean
required
Password reset status
message
string
required
Status message

Response Examples

200 - Success
{
  "success": true,
  "message": "Contraseña restablecida con éxito"
}
200 - Invalid Token
{
  "success": false,
  "message": "Token inválido o expirado"
}
200 - Password Mismatch
{
  "success": false,
  "message": "Las contraseñas no coinciden"
}

Data Management

Receive Data

Generic endpoint for receiving and storing JSON data. 
const data = {
  userId: 123,
  action: 'update_preference',
  preferences: {
    theme: 'dark',
    notifications: true
  }
};

fetch('https://pro.finanzapp.es/receive-data.php', {
  method: 'POST',
  headers: {
    'X-Requested-With': 'XMLHttpRequest',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify(data)
})
.then(res => res.json())
.then(result => console.log(result));
Endpoint: POST /receive-data.php Source: /home/daytona/workspace/source/receive-data.php

Request Parameters

(any)
object | array
required
JSON data to store. Can be a single object or array of objects.

Implementation Details

The endpoint writes received JSON data to a file (data.txt) for logging/storage: 
$inputJSON = file_get_contents('php://input');
$data = json_decode($inputJSON, true);

if (json_last_error() === JSON_ERROR_NONE) {
    $file = fopen('data.txt', 'a');
    
    if (is_array($data)) {
        foreach ($data as $entry) {
            fwrite($file, json_encode($entry, JSON_UNESCAPED_UNICODE) . PHP_EOL);
        }
    } else {
        fwrite($file, json_encode($data, JSON_UNESCAPED_UNICODE) . PHP_EOL);
    }
    
    fclose($file);
}

Response

success
boolean
required
Data save status
message
string
required
Status message

Response Examples

200 - Success
{
  "success": true,
  "message": "Data saved successfully"
}
200 - Invalid JSON
{
  "success": false,
  "message": "Invalid JSON"
}
403 - Access Denied
{
  "success": false,
  "message": "Access denied"
}

Error Responses

All endpoints follow a consistent error response format:

Common Error Codes

403 Forbidden
Missing or invalid X-Requested-With header
{
  "success": false,
  "message": "Acceso prohibido"
}
405 Method Not Allowed
Invalid HTTP method used
{
  "success": false,
  "message": "Método no permitido"
}
401 Unauthorized
No active session or session expired
{
  "success": false,
  "message": "No hay una sesión activa"
}
400 Bad Request
Invalid or missing required parameters
{
  "success": false,
  "message": "Parámetros inválidos"
}

Validation Errors

Error MessageCause
El campo email es obligatorioEmail field is empty
Introduce un email válidoEmail format is invalid
La contraseña debe tener al menos 8 caracteres, una mayúscula y un númeroPassword doesn’t meet requirements
Las contraseñas no coincidenPassword and confirmation don’t match
Debe aceptar los términos y condicionesTerms checkbox not checked
El email ya está registradoEmail already exists in database
Token inválido o expiradoPassword reset token is invalid

Rate Limiting

Currently, there is no explicit rate limiting implemented in the API. For production deployments, consider adding:
  • Request throttling per IP address
  • Login attempt limiting (prevent brute force)
  • CAPTCHA verification on repeated failures
  • API key management for programmatic access

Testing the API

You can test the API endpoints using various tools:

Using Postman

  1. Create a new request
  2. Set method to POST
  3. Add header: X-Requested-With: XMLHttpRequest
  4. For form data: Select “Body” > “form-data” and add parameters
  5. For JSON: Select “Body” > “raw” > “JSON” and paste JSON data

Using Browser Console

// Test login endpoint
const testLogin = async () => {
  const formData = new FormData();
  formData.append('email', '[email protected]');
  formData.append('password', 'TestPass123');
  
  const response = await fetch('https://pro.finanzapp.es/app/auth/sendLogin.php', {
    method: 'POST',
    headers: { 'X-Requested-With': 'XMLHttpRequest' },
    body: formData
  });
  
  const data = await response.json();
  console.log(data);
};

testLogin();

Best Practices

All API endpoints validate this header to prevent direct browser access and CSRF attacks.
headers: {
  'X-Requested-With': 'XMLHttpRequest'
}
Check for authentication errors and redirect users to login when sessions expire.
if (!data.success && data.message.includes('sesión')) {
  window.location.href = '/app/login.php';
}
Implement client-side validation to provide immediate feedback and reduce server load.
if (!validateEmail(email)) {
  showError('Please enter a valid email');
  return;
}
Always use HTTPS to encrypt sensitive data like passwords during transmission.
Always handle errors gracefully and provide meaningful feedback to users.
try {
  const response = await fetch(url, options);
  const data = await response.json();
  if (data.success) {
    // Handle success
  } else {
    // Handle application error
  }
} catch (error) {
  // Handle network error
  console.error('Network error:', error);
}

Need Help?

API Overview

Learn about API architecture and concepts

Authentication

Detailed authentication documentation

Build docs developers (and LLMs) love

Get started for freeTalk to us