GET /api/recetas/[id] Returns full data for a single recipe, including the author’s profile. If the requester is authenticated, the response also indicates whether they are the recipe’s author or a site admin.
No authentication is required to retrieve a recipe.
Path parameters UUID of the recipe to retrieve.
Response fields The full recipe object. Unique UUID of the recipe.
Short description of the recipe.
Preparation and cooking time.
JSON-encoded array of ingredient strings.
JSON-encoded array of step strings.
URL of the recipe image, or null if none.
Whether the recipe is currently hidden from public listings.
ISO 8601 timestamp of when the recipe was created.
UUID of the user who created the recipe.
Nested author profile. Display name of the author.
URL of the author’s avatar image.
Whether the author has admin privileges.
true if the authenticated user is the recipe’s author. Always false for unauthenticated requests.
true if the authenticated user has admin privileges. Always false for unauthenticated requests.
Example request curl -X GET "https://example.com/api/recetas/a1b2c3d4-e5f6-7890-abcd-ef1234567890"
Example response { "receta" : { "id" : "a1b2c3d4-e5f6-7890-abcd-ef1234567890" , "titulo" : "Pasta al pesto" , "descripcion" : "Una receta clásica italiana con albahaca fresca." , "tiempo" : "20 minutos" , "dificultad" : "Fácil" , "ingredientes" : "[ \" pasta \" , \" albahaca \" , \" ajo \" ]" , "pasos" : "[ \" Cocer la pasta. \" , \" Mezclar con el pesto. \" ]" , "imagen_url" : "https://example.com/images/pasta.jpg" , "oculta" : false , "fecha_creacion" : "2024-03-15T10:30:00.000Z" , "autor_id" : "f1e2d3c4-b5a6-7890-abcd-ef0987654321" , "perfiles" : { "nombre" : "María García" , "avatar_url" : "https://example.com/avatars/maria.jpg" , "is_admin" : false } }, "isOwnRecipe" : false , "currentUserIsAdmin" : false }
Error responses Status Condition 400Database query error 404No recipe found with the given ID 500Unexpected server error
PUT /api/recetas/[id] Replaces the content of an existing recipe. The update only applies when the authenticated user is the recipe’s author — the query filters by both id and autor_id.
Authentication is required. The request must come from the recipe’s author. Requests from other authenticated users silently update zero rows.
Path parameters UUID of the recipe to update.
Request body Updated title. Maximum 60 characters.
Updated description. Maximum 300 characters.
Updated preparation and cooking time.
Updated difficulty level.
Updated list of ingredients. At least one non-empty string is required.
Updated list of preparation steps. At least one non-empty string is required.
Example request curl -X PUT "https://example.com/api/recetas/a1b2c3d4-e5f6-7890-abcd-ef1234567890" \ -H "Content-Type: application/json" \ -H "Cookie: <session-cookie>" \ -d '{ "titulo": "Pasta al pesto mejorada", "descripcion": "Versión actualizada con piñones tostados.", "tiempo": "25 minutos", "dificultad": "Fácil", "ingredientes": ["pasta", "albahaca", "ajo", "piñones", "aceite de oliva"], "pasos": ["Cocer la pasta.", "Tostar los piñones.", "Preparar el pesto.", "Mezclar y servir."], "imagen_url": "https://example.com/images/pasta-v2.jpg" }'
Example response { "message" : "Receta actualizada correctamente" }
Error responses Status Condition 400Missing required fields, validation failure, or database error 401No authenticated session 500Unexpected server error
DELETE /api/recetas/[id] Permanently deletes a recipe. The delete query filters by both id and autor_id, so only the recipe’s author can delete it.
Authentication is required. The request must come from the recipe’s author. This action is irreversible.
Path parameters UUID of the recipe to delete.
Example request curl -X DELETE "https://example.com/api/recetas/a1b2c3d4-e5f6-7890-abcd-ef1234567890" \ -H "Cookie: <session-cookie>"
Example response { "message" : "Receta eliminada correctamente" }
Error responses Status Condition 400Database error 401No authenticated session 500Unexpected server error
PATCH /api/recetas/[id] Sets the visibility of a recipe by updating its oculta field. This endpoint is restricted to users with admin privileges.
Authentication is required and the authenticated user must have is_admin: true in their profile. Non-admin users receive 403 Forbidden.
Path parameters UUID of the recipe whose visibility will be changed.
Request body Set to true to hide the recipe from public listings, or false to make it visible.
Example request curl -X PATCH "https://example.com/api/recetas/a1b2c3d4-e5f6-7890-abcd-ef1234567890" \ -H "Content-Type: application/json" \ -H "Cookie: <session-cookie>" \ -d '{"oculta": true}'
Example response { "message" : "Visibilidad de la receta actualizada" }
Error responses Status Condition 400Database error 401No authenticated session 403Authenticated user does not have admin privileges 500Unexpected server error