Skip to main content
The DEMET Backend API provides a complete authentication system for employee management. All authenticated endpoints use HTTP-only cookies for secure token management.

Base URL

https://api.demet.com/intern

Authentication Flow

  1. Login: Authenticate with email and password to receive access and refresh tokens
  2. Access: Use the access token (stored in cookies) to access protected endpoints
  3. Refresh: When the access token expires, use the refresh token to obtain a new one
  4. Logout: Clear all authentication cookies to end the session

Token Management

Tokens are automatically managed through HTTP-only cookies:
  • access_token: Short-lived token for API access
  • refresh_token: Long-lived token for refreshing access tokens
Both cookies are configured with:
  • httpOnly: false
  • secure: true (HTTPS only in production)
  • sameSite: none (allows cross-site requests)

Role-Based Access Control

The API supports two employee roles:
  • Administrador: Full access to all endpoints including employee management
  • Asistente de Gerencia: Limited access (role-specific permissions)
Many endpoints require the Administrador role and will return 401 Unauthorized if accessed by other roles.

Available Endpoints

Register Employee

Create a new employee account

Login

Authenticate and receive tokens

Logout

End the current session

Refresh Token

Obtain a new access token

Get Current User

Get role of authenticated user

Manage Employees

List, update, or delete employees

Error Handling

All endpoints follow a consistent error response format: 
{
  "message": "Error description",
  "error": "Detailed error information"
}
Common HTTP status codes:
  • 200: Success
  • 201: Resource created successfully
  • 400: Bad request or validation error
  • 401: Unauthorized (invalid token or insufficient permissions)
  • 500: Internal server error

Build docs developers (and LLMs) love

Get started for freeTalk to us