Skip to main content

GET /usuarios/porid/

Returns detailed profile information for a specific user. Users can view their own profile, and admins can view any user’s profile.

Authentication

Required: Bearer token (JWT) in the Authorization header
Authorization Rules:
  • Users can view their own profile (token.id == user_id)
  • Admins can view any user’s profile
  • Other users cannot view profiles they don’t own (403 Forbidden)

Path Parameters

user_id
string
required
The MongoDB ObjectId of the user to retrieve

Request

cURL
curl -X GET "http://localhost:8000/usuarios/porid/507f1f77bcf86cd799439011" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"
Python
import requests

user_id = "507f1f77bcf86cd799439011"
url = f"http://localhost:8000/usuarios/porid/{user_id}"
headers = {
    "Authorization": "Bearer YOUR_JWT_TOKEN"
}

response = requests.get(url, headers=headers)
print(response.json())
JavaScript
const userId = '507f1f77bcf86cd799439011';
const response = await fetch(`http://localhost:8000/usuarios/porid/${userId}`, {
  method: 'GET',
  headers: {
    'Authorization': 'Bearer YOUR_JWT_TOKEN'
  }
});

const user = await response.json();
console.log(user);

Response

id
string
User’s unique identifier
nombre
string
User’s full name
email
string
User’s email address
password_hash
string
Hashed password (bcrypt)
rol
string
User’s role: visitante, editor, or admin
favoritos
array
Array of favorite destination IDs (strings)
rutas_recorridas
array
Array of completed route objects with metadata
pois_visitados
array
Array of visited POI IDs (strings)
fecha_creacion
datetime
Account creation timestamp

Example Response

{
  "id": "507f1f77bcf86cd799439011",
  "nombre": "Juan Pérez",
  "email": "[email protected]",
  "password_hash": "$2b$12$KIXxWV8aBcD3fG2hIjKlMNoPqRsTuVwXyZ",
  "rol": "visitante",
  "favoritos": [
    "507f1f77bcf86cd799439012",
    "507f1f77bcf86cd799439013"
  ],
  "rutas_recorridas": [
    {
      "ruta_id": "507f1f77bcf86cd799439020",
      "fecha": "2025-03-01T10:30:00",
      "duracion_minutos": 120,
      "calificacion": 5
    }
  ],
  "pois_visitados": [
    "507f1f77bcf86cd799439012",
    "507f1f77bcf86cd799439013"
  ],
  "fecha_creacion": "2025-01-15T08:00:00"
}

Error Responses

Status CodeDescription
401Unauthorized - Invalid or missing JWT token
403Forbidden - User cannot access this profile
404Not Found - User with given ID does not exist

Implementation Reference

This endpoint is implemented in src/infrastructure/api/routers/usuario_router.py:89-102: 
@router.get("/porid/{user_id}")
def obtener_usuario(user_id: str, db=Depends(get_database), user=Depends(require_user)):

    # El dueño puede ver su info, admin puede ver todo
    if user.id != user_id and user.rol != "admin":
        raise HTTPException(status_code=403, detail="No autorizado")

    repo = UsuarioRepositoryImpl(db)
    usuario = repo.obtener_por_id(user_id)

    if not usuario:
        raise HTTPException(status_code=404, detail="Usuario no encontrado")

    return usuario.__dict__

Use Cases

  • Admins viewing user details for moderation
  • Users viewing their complete profile including tracking data
  • Fetching user information for analytics or reporting
  • Displaying user activity history
The response includes the password hash. In production, consider filtering sensitive fields from the response.

Build docs developers (and LLMs) love

Get started for freeTalk to us