The settings module provides endpoints for user / organization preference configuration. Currently most service methods are still stubs (placeholder strings) — the CreateSettingDto and UpdateSettingDto DTOs are empty. These endpoints live at the /settings route and all require Bearer JWT (no specific ACL permissions).
Property Value Base URL {HOST}/v1Auth Bearer JWT (header Authorization) or access_token cookie Content-Type application/jsonError envelope { "message": string | string[], "statusCode": number, "error": string }Validation Global ValidationPipe · whitelist: true, forbidNonWhitelisted: true Related modules users, organizations Document version v1 · 2026-05-20 Audience Internal FE devs (mobile + web)
Five standard REST endpoints, still at an early stage. The service only fills in createSettings (creating a basic UsersSettings record with user_id from the token) — the rest (findAll, findOne, update, remove) still return string stubs. FE should not hard-code the response schema; wait for the next backend release.
Method Path Auth Summary POST /v1/settingsbearer Create user settings (uses user from token) GET /v1/settingsbearer List all settings (stub) GET /v1/settings/:settings_idbearer Detail of one setting by ID (stub) PATCH /v1/settings/:settings_idbearer Update a setting (stub) DELETE /v1/settings/:settings_idbearer Delete a setting (stub)
CreateSettingDto and UpdateSettingDto are empty — the body FE sends must be {} to avoid being rejected by forbidNonWhitelisted.The UsersSettings entity currently only stores user_id + audit fields. OrganizationSettings stores organization_id. Configuration fields are not yet exposed in the public API.
No @Permissions on the controller — only the global Bearer guard applies.
The settings_id parameter is cast to number (+id) by the stub service; there is no UUID validation yet.
Create a new UsersSettings record for the logged-in user. The DTO body is empty; the server fills in user_id and created_by from the token.
bearer
Field Type Required Notes (empty) — — The DTO does not define any field yet. Send body {}.
"id" : " 550e8400-e29b-41d4-a716-446655440000 " ,
"user_id" : " 660e8400-e29b-41d4-a716-446655440111 " ,
"created_by" : " 660e8400-e29b-41d4-a716-446655440111 " ,
"created_at" : " 2026-05-20T08:30:00.000Z " ,
"updated_at" : " 2026-05-20T08:30:00.000Z "
Status When it occurs 400 Bad RequestBody contains non-whitelisted field 401 UnauthorizedBearer/cookie is invalid
List all settings. The service is still a stub — returns a placeholder string.
bearer
"data" : " This action returns all settings "
Status When it occurs 401 UnauthorizedBearer/cookie is invalid
Detail of one setting. The service is a stub — no real lookup yet.
bearer
Param Type Notes settings_idstring Currently cast to number (+id); no ParseUUIDPipe yet
"data" : " This action returns a #1 setting "
Status When it occurs 401 UnauthorizedBearer/cookie is invalid
Update a setting. The DTO is still PartialType(CreateSettingDto) empty — body must be {}.
bearer
Param Type Notes settings_idstring See notes on the detail endpoint
Field Type Required Notes (empty) — — The DTO has no fields; service is a stub
"data" : " This action updates a #1 setting "
Status When it occurs 400 Bad RequestNon-whitelisted field in body 401 UnauthorizedBearer/cookie is invalid
Delete a setting. Service stub.
bearer
Param Type Notes settings_idstring See notes on the detail endpoint
"data" : " This action removes a #1 setting "
Status When it occurs 401 UnauthorizedBearer/cookie is invalid
UsersSettings — user_id + audit fieldsOrganizationSettings — organization_id + audit fields
Configuration schemas (notifications, language, etc.) are not yet exposed in the public API.
Bearer JWT required on all endpoints
No specific @Permissions or @Roles
"message" : " property unknown_field should not exist " ,
400 body contains unknown field401 missing / expired token500 the service stub may throw a raw error when called 