Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/LizandroCanul/back_sdo/llms.txt

Use this file to discover all available pages before exploring further.

Admin Only - Only administrators can create new user accounts.

Overview

Create a new user account in the system. The password is automatically encrypted using bcrypt with 10 salt rounds. New users are created with mustChangePassword: true by default.

Authentication

Requires a valid JWT token with admin role. 
Authorization: Bearer YOUR_JWT_TOKEN

Request Body

nombreCompleto
string
required
User’s full name. Minimum 3 characters.
email
string
required
User’s email address. Must be a valid email format and unique in the system.
password
string
required
User’s password. Minimum 6 characters. Will be encrypted with bcrypt before storage.
roles
string
default:"user"
User role. Must be either admin or user.
isActive
boolean
default:"true"
Whether the user account should be active immediately.

Response

Returns the created user object (password field is excluded).
id
string (UUID)
Unique identifier for the newly created user
email
string
User’s email address
nombreCompleto
string
User’s full name
roles
string
Assigned role: admin or user
isActive
boolean
Account active status
mustChangePassword
boolean
Always true for newly created users
createdAt
string (ISO 8601)
Timestamp when the user was created
updatedAt
string (ISO 8601)
Timestamp when the user was last updated

Example Request

cURL
curl -X POST https://api.yucatan.gob.mx/users \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "nombreCompleto": "María González",
    "email": "maria@yucatan.gob.mx",
    "password": "SecurePass123",
    "roles": "user"
  }'

Example Response

201 Created
{
  "id": "660e8400-e29b-41d4-a716-446655440001",
  "email": "maria@yucatan.gob.mx",
  "nombreCompleto": "María González",
  "roles": "user",
  "isActive": true,
  "mustChangePassword": true,
  "createdAt": "2024-03-03T15:30:00.000Z",
  "updatedAt": "2024-03-03T15:30:00.000Z"
}
400 Bad Request - Duplicate Email
{
  "statusCode": 400,
  "message": "El correo electrónico ya está registrado."
}
400 Bad Request - Validation Error
{
  "statusCode": 400,
  "message": [
    "La contraseña debe tener al menos 6 caracteres",
    "email must be an email"
  ],
  "error": "Bad Request"
}
403 Forbidden
{
  "statusCode": 403,
  "message": "Forbidden resource",
  "error": "Forbidden"
}

Validation Rules

  • nombreCompleto: Minimum 3 characters
  • email: Must be valid email format and unique in database
  • password: Minimum 6 characters (encrypted with bcrypt)
  • roles: Must be either admin or user (if provided)
  • isActive: Must be boolean (if provided)

Security Notes

  • Passwords are hashed using bcrypt with 10 salt rounds before storage
  • Password field is never returned in API responses
  • All new users are created with mustChangePassword: true
  • Database constraint prevents duplicate email addresses (error code 23505)