Skip to main content
All user management endpoints require authentication AND the Administrator role.

List Users

Authentication

Required: JWT token via cookie
Role: Administrador

Request Parameters

No parameters required.

Response

ok
boolean
Success indicator
statusCode
number
HTTP status code (200)
mensaje
string
Empty string
data
array
Array of user objects

Example Request

curl -X GET http://localhost:3000/api-productos/usuarios \
  -b cookies.txt

Example Response

{
  "ok": true,
  "statusCode": 200,
  "mensaje": "",
  "data": [
    {
      "id": 1,
      "nombre": "admin",
      "correo": "[email protected]",
      "rol": "Administrador",
      "creado": "2026-01-01T00:00:00.000Z",
      "actualizado": "2026-01-01T00:00:00.000Z"
    },
    {
      "id": 2,
      "nombre": "usuario1",
      "correo": "[email protected]",
      "rol": "Usuario",
      "creado": "2026-01-05T10:30:00.000Z",
      "actualizado": "2026-01-05T10:30:00.000Z"
    }
  ]
}

Error Responses

401 Unauthorized
Missing or invalid authentication token
403 Forbidden
User does not have Administrator role
500 Internal Server Error
Server error
{
  "ok": false,
  "statusCode": 500,
  "mensaje": "Error al listar los usuarios.",
  "detalles": "Error message"
}

Create User

Authentication

Required: JWT token via cookie
Role: Administrador

Request Body

nombre
string
required
Username (must be unique)
contrasena
string
required
User password (will be hashed with bcrypt)
correo
string
required
Email address
rol
string
required
User role: “Usuario” or “Administrador”

Response

ok
boolean
Success indicator
statusCode
number
HTTP status code (201)
mensaje
string
“Usuario registrado exitosamente.”
data
null
No data returned

Example Request

curl -X POST http://localhost:3000/api-productos/usuarios \
  -H "Content-Type: application/json" \
  -b cookies.txt \
  -d '{
    "nombre": "usuario1",
    "contrasena": "SecurePass123",
    "correo": "[email protected]",
    "rol": "Usuario"
  }'

Example Response

{
  "ok": true,
  "statusCode": 201,
  "mensaje": "Usuario registrado exitosamente.",
  "data": null
}

Error Responses

401 Unauthorized
Missing or invalid authentication token
403 Forbidden
User does not have Administrator role
500 Internal Server Error
Server error or duplicate username/email
{
  "ok": false,
  "statusCode": 500,
  "mensaje": "Error al registrar el usuario.",
  "detalles": "Error message"
}

Get User by ID

Authentication

Required: JWT token via cookie
Role: Administrador

Path Parameters

id
number
required
User ID

Response

ok
boolean
Success indicator
statusCode
number
HTTP status code (200)
mensaje
string
Empty string
data
object
User object with same structure as list endpoint (password field excluded)

Example Request

curl -X GET http://localhost:3000/api-productos/usuarios/1 \
  -b cookies.txt

Example Response

{
  "ok": true,
  "statusCode": 200,
  "mensaje": "",
  "data": {
    "id": 1,
    "nombre": "admin",
    "correo": "[email protected]",
    "rol": "Administrador",
    "creado": "2026-01-01T00:00:00.000Z",
    "actualizado": "2026-01-01T00:00:00.000Z"
  }
}

Error Responses

400 Bad Request
User not found
{
  "ok": false,
  "statusCode": 400,
  "mensaje": "Credenciales incorrectas.",
  "detalles": null
}
401 Unauthorized
Missing or invalid authentication token
403 Forbidden
User does not have Administrator role
500 Internal Server Error
Server error
{
  "ok": false,
  "statusCode": 500,
  "mensaje": "Error al leer el usuario.",
  "detalles": "Error message"
}

Update User

Authentication

Required: JWT token via cookie
Role: Administrador

Path Parameters

id
number
required
User ID

Request Body

nombre
string
required
Username
contrasena
string
required
User password (will be hashed with bcrypt)
correo
string
required
Email address
rol
string
required
User role: “Usuario” or “Administrador”

Response

ok
boolean
Success indicator
statusCode
number
HTTP status code (200)
mensaje
string
“Usuario actualizado exitosamente.”
data
null
No data returned

Example Request

curl -X PUT http://localhost:3000/api-productos/usuarios/2 \
  -H "Content-Type: application/json" \
  -b cookies.txt \
  -d '{
    "nombre": "usuario1_updated",
    "contrasena": "NewSecurePass456",
    "correo": "[email protected]",
    "rol": "Administrador"
  }'

Example Response

{
  "ok": true,
  "statusCode": 200,
  "mensaje": "Usuario actualizado exitosamente.",
  "data": null
}

Error Responses

400 Bad Request
User not found
{
  "ok": true,
  "statusCode": 400,
  "mensaje": "Usuario no encontrado.",
  "data": null
}
401 Unauthorized
Missing or invalid authentication token
403 Forbidden
User does not have Administrator role
500 Internal Server Error
Server error
{
  "ok": false,
  "statusCode": 500,
  "mensaje": "Error al actualizar el usuario.",
  "detalles": "Error message"
}

Delete User

Authentication

Required: JWT token via cookie
Role: Administrador

Path Parameters

id
number
required
User ID

Response

ok
boolean
Success indicator
statusCode
number
HTTP status code (200)
mensaje
string
“Usuario eliminado exitosamente.”
data
null
No data returned

Example Request

curl -X DELETE http://localhost:3000/api-productos/usuarios/2 \
  -b cookies.txt

Example Response

{
  "ok": true,
  "statusCode": 200,
  "mensaje": "Usuario eliminado exitosamente.",
  "data": null
}

Error Responses

400 Bad Request
User not found
{
  "ok": true,
  "statusCode": 400,
  "mensaje": "Usuario no encontrado.",
  "data": null
}
401 Unauthorized
Missing or invalid authentication token
403 Forbidden
User does not have Administrator role
500 Internal Server Error
Server error
{
  "ok": false,
  "statusCode": 500,
  "mensaje": "Error al eliminar el usuario.",
  "detalles": "Error message"
}

Notes

  • All user management endpoints require Administrator role
  • Passwords are hashed using bcrypt with 10 salt rounds before storage
  • Password hashes are never returned in API responses
  • All timestamps are automatically managed by the database
  • The creado field is set to CURRENT_TIMESTAMP on creation
  • The actualizado field is updated to CURRENT_TIMESTAMP on every update
  • User data is retrieved from the UsuariosView database view
  • Users are returned ordered by name alphabetically
  • Username and email must be unique in the system

Build docs developers (and LLMs) love

Get started for freeTalk to us