Create User (Admin) - E-commerce API

POST

auth

create-user

Create User (Admin)

curl --request POST \
  --url https://api.example.com/auth/create-user \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "email": "<string>",
  "password": "<string>",
  "role": "<string>"
}
'

{
  "message": "<string>",
  "user": {
    "user.id": 123,
    "user.name": "<string>",
    "user.email": "<string>",
    "user.role": "<string>",
    "user.createdAt": "<string>"
  }
}

Overview

Creates a new user account with a specified role. This endpoint is restricted to administrators only and allows creating users with either customer or admin roles. This endpoint is rate-limited to 10 requests per 15-minute window.

Authentication

Required: This endpoint requires a valid JWT token with admin role in the Authorization header.

Authorization: Bearer <admin_token>

Request Body

name

string

required

The user’s full name

string

required

The user’s email address. Must be a valid email format and unique in the system.

password

string

required

The user’s password. Must be at least 6 characters long.

role

string

required

The user’s role. Must be either customer or admin.

Request Example

{
  "name": "Admin User",
  "email": "admin@example.com",
  "password": "securePassword123",
  "role": "admin"
}

Response

message

string

Success message confirming user creation

user

object

The created user object without sensitive data

user.id

integer

Unique user identifier

user.name

string

User’s full name

user.email

string

User’s email address

user.role

string

User’s assigned role (“customer” or “admin”)

user.createdAt

string

ISO 8601 timestamp of account creation

Response Example

{
  "message": "Usuario creado exitosamente",
  "user": {
    "id": "2",
    "name": "Admin User",
    "email": "admin@example.com",
    "role": "admin",
    "createdAt": "2026-03-06T10:30:00.000Z"
  }
}

Error Responses

401 Unauthorized

Returned when no valid authentication token is provided.

{
  "error": "No autorizado"
}

403 Forbidden

Returned when the authenticated user does not have admin privileges.

{
  "error": "Acceso denegado. Se requieren permisos de administrador"
}

409 Conflict

Returned when the email address is already registered.

{
  "error": "El email ya está en uso"
}

400 Bad Request

Returned when validation fails (invalid email format, password too short, invalid role, missing fields).

{
  "error": "Validation failed",
  "details": [
    "El rol debe ser 'customer' o 'admin'"
  ]
}

429 Too Many Requests

Returned when rate limit is exceeded (10 requests per 15 minutes).

{
  "error": "Demasiados intentos. Intenta de nuevo en 15 minutos."
}

Notes

Only administrators can access this endpoint
Passwords are hashed using bcrypt before storage
The password hash is never returned in the response
Valid roles are: customer and admin
Email addresses are case-sensitive and must be unique
This endpoint differs from /auth/register by allowing role specification

Update Profile

Delete User Account

Create User (Admin)

curl --request POST \
  --url https://api.example.com/auth/create-user \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "email": "<string>",
  "password": "<string>",
  "role": "<string>"
}
'

{
  "message": "<string>",
  "user": {
    "user.id": 123,
    "user.name": "<string>",
    "user.email": "<string>",
    "user.role": "<string>",
    "user.createdAt": "<string>"
  }
}

​Overview

​Authentication

​Request Body

​Request Example

​Response

​Response Example

​Error Responses

​401 Unauthorized

​403 Forbidden

​409 Conflict

​400 Bad Request

​429 Too Many Requests

​Notes

Overview

Authentication

Request Body

Request Example

Response

Response Example

Error Responses

401 Unauthorized

403 Forbidden

409 Conflict

400 Bad Request

429 Too Many Requests

Notes