List All Users Retrieve a list of all users in the system.
Response Array of User objects. See User Object for full structure. Example Request curl -X GET "https://api.example.com/api/v1/users" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Example Response [ { "id" : 1 , "username" : "admin_master" , "email" : "[email protected] " , "firstName" : "Juan" , "lastName" : "Pérez" , "role" : "administrador" , "avatar" : "https://ui-avatars.com/api/?name=Juan+Pérez" , "status" : "active" , "lastLogin" : "2024-01-15T10:30:00Z" , "createdAt" : "2023-06-01T00:00:00Z" , "permissions" : [ "admin_completo" , "asignar_roles" ], "stats" : { "postsCreated" : 45 , "commentsApproved" : 234 , "usersManaged" : 12 } }, { "id" : 2 , "username" : "editor_pro" , "email" : "[email protected] " , "firstName" : "María" , "lastName" : "González" , "role" : "editor" , "avatar" : "https://ui-avatars.com/api/?name=María+González" , "status" : "active" , "lastLogin" : "2024-01-15T09:15:00Z" , "createdAt" : "2023-08-15T00:00:00Z" , "permissions" : [ "crear_post" , "editar_post_cualquiera" ], "stats" : { "postsEdited" : 128 , "postsPublished" : 89 , "commentsModerated" : 456 } } ]
Get User by ID Retrieve a specific user by their ID.
Path Parameters The unique identifier of the user
Example Request curl -X GET "https://api.example.com/api/v1/users/1" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Example Response { "id" : 1 , "username" : "admin_master" , "email" : "[email protected] " , "firstName" : "Juan" , "lastName" : "Pérez" , "role" : "administrador" , "avatar" : "https://ui-avatars.com/api/?name=Juan+Pérez" , "status" : "active" , "lastLogin" : "2024-01-15T10:30:00Z" , "createdAt" : "2023-06-01T00:00:00Z" , "stats" : { "postsCreated" : 45 , "totalViews" : 125430 } }
Change User Role Update a user’s role in the system. Requires admin privileges.
Path Parameters The unique identifier of the user
Body Parameters User ID (required by backend UpdateUserDto)
The role ID to assign to the user. Available role IDs:
1 - administrador2 - editor3 - autor4 - comentador Example Request curl -X PATCH "https://api.example.com/api/v1/users/3" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "id": 3, "rolId": 2 }'
Example Response { "id" : 3 , "username" : "writer_seo" , "email" : "[email protected] " , "firstName" : "Carlos" , "lastName" : "Martínez" , "role" : "editor" , "avatar" : "https://ui-avatars.com/api/?name=Carlos+Martínez" , "status" : "active" , "lastLogin" : "2024-01-15T08:45:00Z" , "createdAt" : "2023-09-20T00:00:00Z" }
Changing a user’s role will immediately update their permissions. Frontend roles like creador and escritor are automatically mapped to autor (ID: 3).
Update User Status Update a user’s account status (active, inactive, or suspended).
Path Parameters The unique identifier of the user
Body Parameters User ID (required by backend UpdateUserDto)
The new status for the user. One of:
active - User can access the platforminactive - User account is deactivatedsuspended - User account is suspended Example Request curl -X PATCH "https://api.example.com/api/v1/users/5" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "id": 5, "status": "suspended" }'
Example Response { "id" : 5 , "username" : "commenter_active" , "email" : "[email protected] " , "firstName" : "Laura" , "lastName" : "García" , "role" : "comentador" , "status" : "suspended" , "lastLogin" : "2024-01-15T12:00:00Z" , "createdAt" : "2023-12-01T00:00:00Z" }
Suspending a user will immediately revoke their access to the platform. They will be logged out and unable to sign in until their status is changed back to active.
Delete User Permanently delete a user from the system. This action cannot be undone.
DELETE /api/v1/users/{id}
Path Parameters The unique identifier of the user to delete
Example Request curl -X DELETE "https://api.example.com/api/v1/users/5" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Response Returns 204 No Content on success.
This operation is permanent and cannot be undone. All user data, including posts, comments, and activity history, may be affected. Consider implementing a soft delete by setting status to inactive instead.
Get Available Roles Retrieve all available roles in the system with their IDs and permissions.
Example Request curl -X GET "https://api.example.com/api/v1/rbac/roles" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Example Response [ { "id" : 1 , "nombre" : "administrador" , "descripcion" : "Full system access" , "permisos" : [ "admin_completo" , "asignar_roles" , "crear_post" , "editar_post_cualquiera" ] }, { "id" : 2 , "nombre" : "editor" , "descripcion" : "Can publish and moderate content" , "permisos" : [ "crear_post" , "editar_post_cualquiera" , "publicar_post" ] }, { "id" : 3 , "nombre" : "autor" , "descripcion" : "Can create and edit own posts" , "permisos" : [ "crear_post" , "editar_post_propio" ] }, { "id" : 4 , "nombre" : "comentador" , "descripcion" : "Can only comment and react" , "permisos" : [ "comentar" , "reaccionar" ] } ]
Use this endpoint to verify the correct role ID mapping before changing user roles.
Error Responses 400 Bad Request { "statusCode" : 400 , "message" : "Invalid role ID" , "error" : "Bad Request" }
403 Forbidden { "statusCode" : 403 , "message" : "Insufficient permissions to manage users" , "error" : "Forbidden" }
404 Not Found { "statusCode" : 404 , "message" : "User not found" , "error" : "Not Found" }
Users Overview Learn about the User object structure and authentication
User Profiles Manage detailed user profiles and preferences