Skip to main content
All admin endpoints require authentication with ROLE_GOBIERNO. Access the admin login at /login/admin.

Dashboard

GET /admin/dashboard

Displays the main administrative dashboard. Authentication: Required (ROLE_GOBIERNO) Response: HTML view of the admin dashboard

Person Management

GET /admin/persons

Lists all persons in the system and displays the person creation form. Authentication: Required (ROLE_GOBIERNO) Response: HTML view with list of persons and creation form Model Attributes:
  • people: List of all Person entities
  • form: Empty PersonCreateForm
  • idTypes: Available ID types (CC, TI, CE, etc.)

GET /admin/persons/new

Displays the dedicated form for creating a new person. Authentication: Required (ROLE_GOBIERNO) Response: HTML form view

POST /admin/persons

Creates a new person and their associated folder in the filesystem. Authentication: Required (ROLE_GOBIERNO)
idType
IdType
required
Type of identification (CC, TI, CE, etc.)
idNumber
string
required
Identification number
firstName
string
required
First name
lastName
string
required
Last name
email
string
required
Email address
phone
string
Phone number (optional)
birthdate
LocalDate
Date of birth (optional)
Response: Redirect to /admin/persons/{id} Reference: AdminController.java:269 
curl -X POST https://api.example.com/admin/persons \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "idType=CC&idNumber=1234567890&firstName=John&lastName=Doe&[email protected]"

GET /admin/persons/

Displays details of a specific person including their documents and access state. Authentication: Required (ROLE_GOBIERNO)
id
Long
required
Internal person ID
Response: HTML view with person details Model Attributes:
  • person: Person entity
  • docs: List of PersonDocument entities
  • userAccess: UserAccess entity (if user exists)
  • accessStateOptions: Available access states
Reference: AdminController.java:292

POST /admin/persons//access-state

Updates the access state for a user associated with a person. Authentication: Required (ROLE_GOBIERNO)
id
Long
required
Person ID
state
string
required
New access state: ENABLED, SUSPENDED, or DISABLED
reason
string
Reason for state change (optional)
Response: Redirect to /admin/persons/{id} with flash message Synchronization: Automatically syncs state to Indy if configured Reference: AdminController.java:308

Document Management

POST /admin/persons//upload

Uploads a document for a specific person. Authentication: Required (ROLE_GOBIERNO)
id
Long
required
Person ID
documentId
Long
required
Document definition ID
status
string
required
Document status (VIGENTE, VENCIDO, etc.)
issueDate
LocalDate
Document issue date (optional)
expiryDate
LocalDate
Document expiry date (optional)
file
MultipartFile
required
The document file to upload
Response: Redirect to /admin/persons/{id} Reference: AdminController.java:355

POST /admin/person-documents//review

Reviews and updates the status of a person document. Authentication: Required (ROLE_GOBIERNO)
id
Long
required
PersonDocument ID
status
ReviewStatus
required
Review status: PENDING, APPROVED, or REJECTED
notes
string
Review notes (optional)
personId
Long
required
Person ID for redirect
Response: Redirect to /admin/persons/{personId} Reference: PersonDocumentAdminController.java:43

Issuer Management

Issuer management endpoints allow administrators to view issuer statistics and manage which document types each issuer is authorized to upload.

GET /admin/issuers

Displays the issuer management dashboard with statistics. Authentication: Required (ROLE_GOBIERNO) Response: HTML view with issuer statistics Model Attributes:
  • stats: Issuer statistics (total issuers, active entities, document counts)
Reference: IssuerAdminController.java:46

GET /admin/issuers/

Displays detailed view of a specific issuer with document authorization management. Authentication: Required (ROLE_GOBIERNO)
id
Long
required
Issuer entity ID
Response: HTML view of issuer details Model Attributes:
  • issuer: IssuingEntity with assigned documents
  • allDocs: All available document definitions
Usage: Allows administrators to see which documents this issuer can upload and add/remove document authorizations. Reference: IssuerAdminController.java:58

POST /admin/issuers//documents/add

Associates a document definition with an issuer, authorizing them to upload that document type. Authentication: Required (ROLE_GOBIERNO)
id
Long
required
Issuer entity ID
documentId
Long
required
Document definition ID to authorize
Response: Redirect to /admin/issuers/{id} Effect: The issuer can now upload documents of the specified type via the issuer portal. Reference: IssuerAdminController.java:73

POST /admin/issuers//documents/remove

Removes a document definition association from an issuer, revoking their authorization. Authentication: Required (ROLE_GOBIERNO)
id
Long
required
Issuer entity ID
documentId
Long
required
Document definition ID to revoke
Response: Redirect to /admin/issuers/{id} Effect: The issuer can no longer upload documents of the specified type. Reference: IssuerAdminController.java:88

Reports and Analytics

GET /admin/reports

Displays the administrative dashboard with analytics and blockchain traceability. Authentication: Required (ROLE_GOBIERNO)
from
LocalDate
Start date for analytics (defaults to 30 days ago)
to
LocalDate
End date for analytics (defaults to today)
period
string
default:"DAY"
Trend granularity: DAY, WEEK, or MONTH
traceIdType
string
ID type for blockchain trace (optional)
traceIdNumber
string
ID number for blockchain trace (optional)
traceAll
boolean
default:"false"
Enable global blockchain trace without specific ID
view
string
default:"analytics"
Active view: analytics or blockchain
Response: HTML view with dashboard report Reference: AdminController.java:122

GET /admin/reports/pdf

Exports the administrative traceability report as PDF. Authentication: Required (ROLE_GOBIERNO)
from
LocalDate
Start date (optional)
to
LocalDate
End date (optional)
period
string
default:"DAY"
Trend period
view
string
default:"analytics"
Report view type
Response: PDF file download Content-Type: application/pdf Filename Pattern: ccdigital-reporte-trazabilidad-{from}-{to}.pdf Reference: AdminController.java:197

GET /admin/reports/block-detail

Retrieves detailed blockchain information for a specific reference. Authentication: Required (ROLE_GOBIERNO)
network
string
required
Blockchain network: Fabric or Indy
reference
string
required
Blockchain reference (docId or pres_ex_id)
idType
string
ID type (required for Fabric)
idNumber
string
ID number (required for Fabric)
Response: JSON payload
network
string
Blockchain network
reference
string
Original reference
detail
object
Complete blockchain block details
Error Response (400): 
{
  "error": "Error message",
  "network": "Fabric",
  "reference": "doc123"
}
Reference: AdminController.java:156

Synchronization

GET /admin/sync

Displays the synchronization page for Fabric and Indy operations. Authentication: Required (ROLE_GOBIERNO) Response: HTML view with sync options Reference: AdminController.java:377

POST /admin/sync/fabric/all

Executes full synchronization of all data to Hyperledger Fabric. Authentication: Required (ROLE_GOBIERNO) Response: HTML view with execution result Process:
  • Syncs all person documents from database to Fabric ledger
  • Executes Node.js script: sync-db-to-ledger.js
  • Returns execution output and status
Reference: AdminController.java:391

POST /admin/sync/fabric/person

Synchronizes data for a specific person to Hyperledger Fabric. Authentication: Required (ROLE_GOBIERNO)
idType
IdType
required
Person’s ID type
idNumber
string
required
Person’s ID number
Response: HTML view with execution result Process:
  • Syncs specific person’s documents to Fabric
  • Executes Node.js script with person parameters
Reference: AdminController.java:408

POST /admin/sync/indy/issue

Issues Indy credentials from database information. Authentication: Required (ROLE_GOBIERNO) Response: HTML view with execution result Process:
  • Executes Python script: issue_credentials_from_db.py
  • Issues verifiable credentials to eligible users
  • Returns execution output
Reference: AdminController.java:425

Security

All admin endpoints are protected by:
  • Role requirement: ROLE_GOBIERNO
  • Session validation: App instance ID check
  • CSRF protection: Enabled for all POST requests
  • Rate limiting: Applied on sensitive endpoints

Login

Endpoint: /login/admin Method: POST Form Parameters:
  • username: Email or full name (case-insensitive)
  • password: User password
Success: Redirects to /admin/dashboard Failure: Redirects to /login/admin?error=true

Logout

Endpoint: /admin/logout Method: POST Response: Redirects to /login/admin?logout=true Session: Invalidated and cookies deleted

Error Handling

Session Expiration

URL Parameter: ?expired=true Trigger: Session timeout or invalid session Redirect: /login/admin?expired=true

Access Denied

URL Parameter: ?denied=true Trigger: Insufficient permissions Redirect: /login/admin?denied=true

Session Management

GET /admin/session/keepalive

Keeps the admin session alive during active UI interaction. Authentication: Required (ROLE_GOBIERNO) Response: 204 No Content Usage: Called periodically by frontend to prevent session timeout during active use. Reference: SessionActivityController.java:38

GET /admin/session/expire

Explicitly expires the admin session due to client-detected inactivity. Authentication: Required (ROLE_GOBIERNO) Response: 204 No Content Behavior:
  • Invalidates HTTP session
  • Clears Spring Security context
Reference: SessionActivityController.java:64

REST API Endpoints

The /api/** endpoints provide a REST API for programmatic access to persons, documents, and files. These endpoints are restricted to ROLE_GOBIERNO only.

GET /api/persons

Lists all persons in the system. Authentication: Required (ROLE_GOBIERNO) Response: JSON array of Person entities Reference: PersonController.java:38

GET /api/persons/

Retrieves a specific person by ID. Authentication: Required (ROLE_GOBIERNO)
id
Long
required
Internal person ID
Response: JSON Person object or 404 Not Found Reference: PersonController.java:48

GET /api/persons//documents

Lists all documents associated with a person. Authentication: Required (ROLE_GOBIERNO)
personId
Long
required
Internal person ID
Response: JSON array of PersonDocument entities Reference: PersonDocumentRestController.java:54

POST /api/persons//documents

Creates a new document for a person via JSON request. Authentication: Required (ROLE_GOBIERNO)
personId
Long
required
Internal person ID
Request Body:
documentId
Long
required
Document definition ID
notes
string
Optional notes
Response: Created PersonDocument entity Reference: PersonDocumentRestController.java:66

GET /api/person-documents/

Retrieves a specific person document by ID. Authentication: Required (ROLE_GOBIERNO)
id
Long
required
PersonDocument ID
Response: JSON PersonDocument entity Reference: PersonDocumentRestController.java:79

GET /api/person-documents//files/

Downloads or displays a file associated with a person document. Authentication: Required (ROLE_GOBIERNO)
personDocId
Long
required
PersonDocument ID
fileId
Long
required
File ID
Response: File resource with appropriate Content-Type and Content-Disposition headers Validation: Verifies that the file belongs to the specified person document Reference: PersonDocumentRestController.java:92

GET /api/document-definitions/

Retrieves a document definition by ID. Authentication: Required (ROLE_GOBIERNO)
id
Long
required
Document definition ID
Response: JSON DocumentDefinition entity or 404 Not Found Reference: DocumentDefinitionController.java:51

Build docs developers (and LLMs) love

Get started for freeTalk to us