Skip to main content

Overview

The User Management API provides endpoints for creating, reading, updating, and deleting user accounts. All endpoints require JWT authentication and return user data without sensitive password information.
All endpoints in this section require a valid JWT token passed in the Authorization header as Bearer {token}.

Get All Users

Retrieve a list of all users in the system. 
curl -X GET https://localhost:8443/v1/api/users \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Response

users
array
Array of UserDTO objects
[
  {
    "dni": "11223344C",
    "name": "John Doe",
    "number": 612345678,
    "email": "[email protected]",
    "admin": false,
    "roles": ["ROLE_USER"]
  },
  {
    "dni": "99887766B",
    "name": "Jane Smith",
    "number": 698765432,
    "email": "[email protected]",
    "admin": true,
    "roles": ["ROLE_USER", "ROLE_ADMIN"]
  }
]

Status Codes

CodeDescription
200Successfully retrieved list of users
403Forbidden - Access denied (invalid or missing JWT token)

Get User by ID

Retrieve a specific user by their DNI (national identification number).
id
string
required
DNI of the user to retrieve (e.g., “11223344C”)
curl -X GET https://localhost:8443/v1/api/users/11223344C \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Response

user
UserDTO
User object containing all user information
{
  "dni": "11223344C",
  "name": "John Doe",
  "number": 612345678,
  "email": "[email protected]",
  "admin": false,
  "roles": ["ROLE_USER"]
}

Status Codes

CodeDescription
200Successfully retrieved user
404User not found
403Forbidden - Access denied

Create User

Create a new user account with the provided details. 
curl -X POST https://localhost:8443/v1/api/users \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "dni": "11223344C",
    "name": "John Doe",
    "number": 612345678,
    "password": "securePassword123",
    "email": "[email protected]",
    "admin": false,
    "roles": ["ROLE_USER"]
  }'

Request Body

dni
string
required
User’s national identification number (unique identifier)
name
string
required
Full name of the user
number
integer
User’s phone number (must be 9 digits)
password
string
required
User’s password (will be encrypted before storage)
email
string
required
User’s email address
admin
boolean
Whether the user should have administrator privileges (default: false)
roles
array
List of role strings to assign to the user (e.g., [“ROLE_USER”])

Response

Returns the created user as a UserDTO object (password is not included in response). 
{
  "dni": "11223344C",
  "name": "John Doe",
  "number": 612345678,
  "email": "[email protected]",
  "admin": false,
  "roles": ["ROLE_USER"]
}

Status Codes

CodeDescription
201User created successfully
400Invalid input (e.g., duplicate DNI, invalid email)
403Forbidden - Access denied

Update User

Update an existing user’s information.
id
string
required
DNI of the user to update (e.g., “11223344C”)
curl -X PUT https://localhost:8443/v1/api/users/11223344C \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "dni": "11223344C",
    "name": "John Updated",
    "number": 612999888,
    "password": "newPassword123",
    "email": "[email protected]",
    "admin": false,
    "roles": ["ROLE_USER"]
  }'

Request Body

dni
string
required
User’s DNI (should match the path parameter)
name
string
required
Updated full name
number
integer
Updated phone number
password
string
required
Updated password
email
string
required
Updated email address
admin
boolean
Updated administrator status
roles
array
Updated list of roles

Response

Returns the updated user as a UserDTO object. 
{
  "dni": "11223344C",
  "name": "John Updated",
  "number": 612999888,
  "email": "[email protected]",
  "admin": false,
  "roles": ["ROLE_USER"]
}

Status Codes

CodeDescription
200User updated successfully
404User not found
400Invalid input
403Forbidden - Access denied

Delete User

Delete a user account by DNI.
id
string
required
DNI of the user to delete (e.g., “11223344C”)
curl -X DELETE https://localhost:8443/v1/api/users/11223344C \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Response

No content is returned on successful deletion.

Status Codes

CodeDescription
204User deleted successfully
404User not found
403Forbidden - Access denied

Authentication

All User Management endpoints require JWT authentication. Include your token in the Authorization header: 
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
To obtain a JWT token, use the Authentication API login endpoint.

Error Responses

All endpoints may return the following error responses:
error
string
Error type (e.g., “Forbidden”, “Not Found”, “Bad Request”)
message
string
Detailed error message
{
  "error": "Forbidden",
  "message": "Access denied - Invalid JWT token"
}

Build docs developers (and LLMs) love

Get started for freeTalk to us