Skip to main content
PUT
/
usuarios
/
actualizar
/
{user_id}
Update User
curl --request PUT \
  --url https://api.example.com/usuarios/actualizar/{user_id} \
  --header 'Content-Type: application/json' \
  --data '
{
  "nombre": "<string>",
  "email": "<string>",
  "password": "<string>",
  "rol": "<string>"
}
'
{
  "message": "Usuario actualizado correctamente.",
  "usuario": {
    "nombre": "Juan Carlos Pérez",
    "email": "[email protected]",
    "rol": "editor"
  }
}

Authentication

Requires JWT authentication. Users can update their own profile, or admins can update any user. 
Authorization: Bearer <jwt_token>

Path Parameters

user_id
string
required
The unique identifier of the user to update (MongoDB ObjectId)

Body Parameters

nombre
string
User’s full name
email
string
User’s email address
password
string
New password (will be hashed with bcrypt before storage)
rol
string
User role: admin, editor, or visitanteNote: Only admins can change roles. Non-admin users attempting to set this field will have it ignored.

Authorization Rules

  • Self-update: Any authenticated user can update their own profile (except role)
  • Admin-update: Admins can update any user and change roles
  • Restricted: Users cannot update other users’ profiles unless they are admins

Request Example

{
  "nombre": "Juan Carlos Pérez",
  "email": "[email protected]",
  "password": "newSecurePassword123",
  "rol": "editor"
}

Response

message
string
Success message
usuario
object
Updated user information
{
  "message": "Usuario actualizado correctamente.",
  "usuario": {
    "nombre": "Juan Carlos Pérez",
    "email": "[email protected]",
    "rol": "editor"
  }
}

Code Examples

curl -X PUT "https://api.tesisrutas.com/usuarios/actualizar/507f1f77bcf86cd799439011" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "Content-Type: application/json" \
  -d '{
    "nombre": "Juan Carlos Pérez",
    "email": "[email protected]"
  }'

Error Responses

403
error
Forbidden - User attempting to update another user without admin privileges
{
  "detail": "No tienes permisos para actualizar este usuario."
}
400
error
Bad Request - Invalid data or user not found
{
  "detail": "Usuario no encontrado."
}
401
error
Unauthorized - Missing or invalid JWT token
{
  "detail": "Not authenticated"
}

Implementation Details

Source: src/infrastructure/api/routers/usuario_router.py:34-81 This endpoint uses the ActualizarUsuarioUseCase which:
  • Validates user existence
  • Applies partial updates (only provided fields are changed)
  • Hashes passwords using bcrypt before storage
  • Enforces role update restrictions for non-admin users
All fields are optional - you can update only the fields you need to change.

Build docs developers (and LLMs) love

Get started for freeTalk to us