Users
Endpoints for registration, query, and user management.
Quick Navigation
- π User Registration
- π€ Get Profile
- βοΈ Edit Profile
- π Change Password
- π Password Recovery
User Registration
Creates a new user account on the platform.
This endpoint only requires API Key, no prior authentication needed.
Endpoint
POST /user/Headers
Content-Type: application/json
Accept: application/json
x-api-key: [API_KEY]Request Body
| Field | Type | Required | Description |
|---|---|---|---|
username | string | β | Must be valid email for PANEL/API |
email | string | β | Email address (converted to lowercase) |
password | string | β | Password (max 100 chars) |
phone | string | β | Phone number without country code |
country_code | string | β | Country code (e.g., 57 for Colombia) |
first_name | string | β | First name (max 100 chars) |
last_name | string | β | Last name (max 100 chars) |
Person Types
| Value | Type | Description |
|---|---|---|
1 | NATURAL | Natural person |
2 | JURIDICAL | Juridical person (company) |
For juridical persons (type_person=2): The country_company_incorporation field is mandatory.
Fields for Juridical Person
If type_person=2, you can send legal representative data:
| Field | Description |
|---|---|
document_type_legal | Representativeβs document type |
document_number_legal | Representativeβs document number |
name_legal | Representativeβs name |
last_name_legal | Representativeβs last name |
date_birth_legal | Representativeβs birth date |
gender_legal | Representativeβs gender |
Validations
The system validates for duplicates before creating the user.
- β Unique email β No other user can have the same email
- β Unique username β No other user can have the same username
- β Unique phone β No other user can have the same phone
- β Unique document β No other user can have the same document
- β Username = Email β For PANEL and API platforms, username must be a valid email
Successful Response
{
"id": 123,
"username": "user@example.com",
"email": "user@example.com",
"first_name": "John",
"last_name": "Doe"
}Errors
| Code | Error | Description |
|---|---|---|
400 | InvalidReferrer | Invalid referral code |
400 | ProfileAlreadyReferred | Profile already has a referral assigned |
404 | ReferalCodeNotExist | Referral code doesnβt exist |
400 | TypePersonRequired | Person type required |
400 | InfoBusinessDoesNotExist | Business info doesnβt exist |
400 | IntegrationException | External integration error |
Get Profile
Gets the authenticated userβs profile information.
Endpoint
GET /user/Headers
Authorization: Bearer [ACCESS_TOKEN]
x-api-key: [API_KEY]Query Parameters
| Parameter | Type | Description |
|---|---|---|
lite | boolean | Returns reduced version of profile |
Response
{
"id": 123,
"uuid": "abc-123-def-456",
"username": "user@example.com",
"email": "user@example.com",
"first_name": "John",
"last_name": "Doe",
"alias": "jdoe",
"phone": "3001234567",
"country": "CO",
"country_code": "57",
"city": "BogotΓ‘",
"address": "Street 123 #45-67",
"document_type": "CC",
"document_number": "1234567890",
"phone_verified": true,
"email_verified": true,
"type_person": "NATURAL",
"level": 5,
"document_status": "APPROVED",
"has_pin": true,
"has_otp": false,
"roles": ["user"],
"last_login": "2024-01-15T10:30:00Z",
"platform": "API"
}Profile Fields
| Field | Type | Description |
|---|---|---|
id | int | Unique profile ID |
uuid | string | Universal UUID |
username | string | Username (email) |
email | string | Email address |
first_name | string | First name |
last_name | string | Last name |
phone | string | Phone |
country_code | string | Country code |
phone_verified | boolean | Is phone verified? |
email_verified | boolean | Is email verified? |
type_person | string | NATURAL or JURIDICAL |
level | int | Validation level (0-5) |
has_pin | boolean | Has PIN configured? |
has_otp | boolean | Has 2FA enabled? |
is_merchant | boolean | Is merchant? |
Edit Profile
Updates the authenticated userβs profile information.
Endpoint
POST /edit_profile/Headers
Authorization: Bearer [ACCESS_TOKEN]
Content-Type: application/json
x-api-key: [API_KEY]Editable Fields
{
"first_name": "John Carlos",
"last_name": "Doe Smith",
"alias": "jcdoe",
"phone": "3009876543",
"gender": "M",
"date_birth": "1990-01-15",
"date_expiration": "2030-01-15",
"profile_picture": "https://example.com/photo.jpg"
}Apply Referral Code
{
"referal_code": "ABC123"
}When applying a valid referral code, the following are automatically updated:
max_transaction_quantitypayment_methods_configurationpayment_methods_configuration_reload
Successful Response
{
"message": "Profile edited successfully"
}Or for specific configurations:
{
"result": "ok"
}Errors
| Code | Error | Description |
|---|---|---|
404 | UNABLE_TO_GET_PROFILE | Profile not found |
400 | UserToEditExist | User to edit already exists |
400 | UserByEmail | Email already in use by another user |
400 | UserByPhoneExist | Phone already in use by another user |
Change Password
Updates the authenticated userβs password.
For security, the current password is required and the new password must be confirmed.
Endpoint
PUT /profile/change-passwordHeaders
Authorization: Bearer [ACCESS_TOKEN]
Content-Type: application/json
x-api-key: [API_KEY]Request
{
"old_password": "CurrentPassword123",
"new_password": "NewPassword456!",
"new_password_confirmation": "NewPassword456!"
}| Field | Type | Required | Description |
|---|---|---|---|
old_password | string | β | Current password |
new_password | string | β | New password |
new_password_confirmation | string | β | New password confirmation |
Validations
- β Current password must be correct
- β
new_passwordmust equalnew_password_confirmation - β Rate limiting implemented to prevent brute force attacks
Response
{
"message": "Password updates successfully."
}Errors
| Code | Error | Description |
|---|---|---|
429 | PasswordInTimeout | Too many attempts, wait before retrying |
400 | PasswordNotMatch | Current password incorrect |
Password Recovery
Process to recover access when the user forgot their password.
This endpoint only requires API Key, no authentication needed.
Endpoint - Request Recovery
POST /password_recovery_request/Headers
Content-Type: application/json
x-api-key: [API_KEY]Request
{
"email": "user@example.com"
}Recovery Flow
Step 1: Request recovery
User sends their email to /password_recovery_request/ endpoint.
Step 2: Receive code
System sends a verification code to userβs email.
Step 3: Validate code
User enters the received code to validate their identity.
Step 4: Set new password
User can set a new password.
Validation Levels
The system handles different identity verification levels:
The level determines what operations the user can perform.
| Level | Status | Description |
|---|---|---|
0 | π΄ Unvalidated | Newly created user |
1 | π‘ Pending | Documents submitted, under review |
2 | π With errors | Documents rejected |
5 | π’ Validated | Verification complete |
Level 0 - Unvalidated
New user, can only view their profile. Cannot perform transactions.
Level 1 - Pending
Documents submitted, awaiting compliance team approval.
Level 2 - With errors
Documents rejected for some reason. User must resubmit documentation.
Level 5 - Fully validated
Full access to all platform functionalities.
Collaborators
If the user is a collaborator (not a regular profile), the GET /user/ response returns data from ColaboratorSerializer instead of ProfileSerializer.
Collaborators are users with special roles that belong to an organization.