tag: BETA
This webservice is used to submit a seller property commercialization request from mobile applications. It allows property owners to submit their properties for sale or rent with detailed information and optional file attachments (images and PDFs).
| Resource information | |
|---|---|
| Authentication | Required (OAuth2 Bearer Token) |
| HTTP Method | POST |
| Request Format | JSON |
| Response | JSON |
| Version | 1 |
| Rate Limiting | 10 requests/hour, 10MB bandwidth/hour |
Resource URL
https://mapaprop.app/api/action/express-v1/seller-submissions
Authentication
This endpoint requires OAuth2 authentication. You must include a valid Bearer token in the Authorization header.
Authorization: Bearer {your-oauth2-token}
The customerId is automatically extracted from the authenticated token. Do not include it in the request body.
Parameters
Required Parameters
| Key | Type | Required | Description |
|---|---|---|---|
| websiteId | integer | yes | The website ID where the submission will be associated. Must belong to the authenticated customer. |
| name | string | yes | Name of the property owner (min: 3, max: 100 characters) |
| string | yes | Email of the property owner (valid email format, max: 100 characters) | |
| phone | string | yes | Phone number of the property owner (max: 20 characters) |
| propertyType | string | yes | Type of property (e.g., "Casa", "Departamento", "Local", "Terreno") |
| propertyOperation | string | yes | Type of operation (e.g., "Venta", "Alquiler", "Alquiler Temporal") |
| propertyAddress | string | yes | Full address of the property (max: 200 characters) |
| domain | string | yes | Domain of the requesting application |
| url | string | yes | URL reference for the submission |
| ip | string | yes | IP address of the user submitting the request (for spam detection) |
Optional Parameters - Contact Information
| Key | Type | Required | Description |
|---|---|---|---|
| contactHours | string | no | Preferred contact hours (e.g., "Lunes a Viernes de 9 a 18hs") |
Optional Parameters - Property Details
| Key | Type | Required | Description |
|---|---|---|---|
| propertyListed | string | no | Whether property is currently listed ("true" or "false") |
| propertyValuation | string | no | Whether owner wants property valuation ("true" or "false") |
| availabilityDate | string | no | Date when property will be available (format: YYYY-MM-DD) |
| propertyCurrency | string | no | Currency for price (e.g., "USD", "ARS", "EUR") |
| propertyPrice | string | no | Asking price for the property |
| propertyLegalId | string | no | Legal identification number (e.g., "12-34-567890-1") |
| propertyBetweenStreets | string | no | Cross streets reference (max: 200 characters) |
| propertyZipcode | string | no | Postal/ZIP code (max: 10 characters) |
| propertyZone | string | no | Zone or neighborhood name (max: 200 characters) |
| propertyDescription | string | no | Detailed property description (max: 4000 characters) |
| propertyStatus | string | no | Current condition of property (e.g., "Excelente", "Bueno", "A Refaccionar") |
| propertyBuildingArea | string | no | Built area in square meters |
| propertyLandArea | string | no | Land area in square meters |
| propertyYearsOld | string | no | Age of the property in years |
| propertyRooms | string | no | Number of rooms/bedrooms |
| propertyBathrooms | string | no | Number of bathrooms |
| propertyAmbiences | string | no | Number of ambiences/environments |
| propertyAttributes | string | no | Special features (e.g., "Garage, Jardín, Parrilla, Piscina") |
Optional Parameters - File Attachments
| Key | Type | Required | Description |
|---|---|---|---|
| image | string | no | Property image as Base64 Data URL (format: data:image/{type};base64,{data}). Supported formats: JPEG, PNG, GIF, WebP. Max size: 2MB |
| string | no | Property documentation as Base64 Data URL (format: data:application/pdf;base64,{data}). Max size: 2MB |
Optional Parameters - Mobile App Metadata
| Key | Type | Required | Description |
|---|---|---|---|
| platform | string | no | Mobile platform ("iOS" or "Android") - used for analytics |
| appVersion | string | no | Application version (e.g., "2.5.1") - used for analytics |
| userAgent | string | no | Browser/app user agent string - used for spam detection |
| referer | string | no | Referrer URL - used for spam detection |
File Upload Format
Images and PDFs must be uploaded as Base64-encoded Data URLs:
Image format:
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJ...
PDF format:
data:application/pdf;base64,JVBERi0xLjQKJcOkw7zDtsKBw4XDqsOPDQoxIDAgb2Jq...
Supported image types:
- image/jpeg
- image/png
- image/gif
- image/webp
File size limits:
- Maximum per file: 2MB
- Maximum total bandwidth: 10MB per hour
Security:
- Files are validated using magic number validation (not just MIME type)
- All files are scanned for security threats
- Files are uploaded to secure S3 storage
Sample Request
POST /api/action/express-v1/seller-submissions HTTP/1.1
Host: mapaprop.app
Content-Type: application/json
Authorization: Bearer ya29.1.AADtN_UxybTdjLw9jX6lg_SXIgc3wTtek4q2WvfETzSrz7Q6loEYoJEWd1x4qvlpGw
{
"websiteId": 869,
"name": "Juan Carlos Rodriguez",
"email": "juan.rodriguez@gmail.com",
"phone": "+54 11 4567-8901",
"contactHours": "Lunes a Viernes de 9 a 18hs",
"propertyType": "Casa",
"propertyOperation": "Venta",
"propertyAddress": "Av. Corrientes 1234",
"propertyZone": "Barrio Norte",
"propertyLandArea": "250",
"propertyBuildingArea": "180",
"propertyPrice": "150000000",
"propertyCurrency": "ARS",
"propertyRooms": "3",
"propertyBathrooms": "2",
"propertyDescription": "Hermosa casa de 3 plantas con jardín y garage.",
"propertyListed": "false",
"propertyValuation": "true",
"image": "data:image/png;base64,iVBORw0KGgo...",
"pdf": "data:application/pdf;base64,JVBERi0xLjQ...",
"platform": "iOS",
"appVersion": "2.5.1",
"userAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X)",
"ip": "181.47.123.45",
"referer": "https://www.mapaprop.com/publicar-propiedad",
"domain": "www.mapaprop.com",
"url": "https://www.mapaprop.com/publicar-propiedad/formulario"
}
Response
The JSON response will tell you if the seller submission was successful and provide details about the created contact.
Success Response
| Field | Type | Description |
|---|---|---|
| error | boolean | Always false on success |
| message | string | Success message |
| contactId | integer | (Optional) ID of the created contact |
| websiteId | integer | (Optional) ID of the website |
| processingTimeMs | integer | (Optional) Processing time in milliseconds |
Error Response
| Field | Type | Description |
|---|---|---|
| error | boolean | Always true on error |
| message | string | Error message describing what went wrong |
| code | string | (Optional) Error code for programmatic handling |
Sample Response - Success
{
"error": false,
"message": "Seller commercialization request submitted successfully",
"contactId": 1065875,
"websiteId": 869,
"processingTimeMs": 5215
}
Sample Response - Errors
Invalid website ownership:
{
"error": true,
"message": "Website not found or does not belong to customer",
"code": "NOT_FOUND"
}
Rate limit exceeded:
{
"error": true,
"message": "Too many seller submissions. Please try again later.",
"code": "RATE_LIMIT_EXCEEDED"
}
Invalid file format:
{
"error": true,
"message": "Invalid file format. Only JPEG, PNG, GIF, WebP images and PDF documents are allowed.",
"code": "INVALID_FILE"
}
Missing required field:
{
"error": true,
"message": "Name is required and must be between 3 and 100 characters",
"code": "INVALID_INPUT"
}
Spam detected:
{
"error": true,
"message": "Spam detected",
"code": "SPAM_DETECTED"
}
Rate Limiting
This endpoint is rate-limited to prevent abuse:
- Request limit: 10 requests per hour per customer
- Bandwidth limit: 10MB per hour per customer
When rate limit is exceeded, you will receive:
{
"error": true,
"message": "Too many seller submissions. Please try again later.",
"code": "RATE_LIMIT_EXCEEDED"
}
Security Features
Spam Detection
All submissions are checked for spam using Akismet integration in production environment. Submissions flagged as spam are logged but not blocked automatically.
File Security
- Magic number validation: Files are validated by their actual content, not just MIME type
- File size limits: 2MB per file, 10MB total bandwidth per hour
- Supported formats: Only whitelisted image and PDF formats accepted
- Secure storage: Files uploaded to encrypted S3 buckets
Input Validation
- All text fields are sanitized and validated
- Email addresses must be valid RFC-compliant format
- Phone numbers are validated for format
- SQL injection prevention through prepared statements
- XSS prevention through template escaping
What Happens After Submission
- Contact Creation: A new contact is created in the CRM with type "SELLER"
- File Storage: Images and PDFs are uploaded to secure S3 storage
- Email Notification: An email is queued (via SQS) and sent to the customer with:
- All property details
- Attached files (image and PDF)
- Contact information
- Submission metadata (platform, app version, timestamp)
- Statistics: Event is logged with detailed metadata for analytics
- Audit Trail: Complete audit log is created for compliance
Error Codes
| Code | HTTP Status | Description |
|---|---|---|
| INVALID_INPUT | 400 | Required field missing or validation failed |
| NOT_FOUND | 404 | Website not found or doesn't belong to customer |
| UNAUTHORIZED | 401 | Invalid or missing OAuth2 token |
| RATE_LIMIT_EXCEEDED | 429 | Too many requests (10/hour limit) |
| SPAM_DETECTED | 400 | Submission flagged as spam by Akismet |
| INVALID_FILE | 400 | File format not supported or failed validation |
| SERVICE_BUSY | 503 | Bandwidth limit exceeded (10MB/hour) |
Best Practices
- Always include OAuth2 token: The endpoint requires authentication
- Validate on client side: Check required fields before sending
- Compress images: Optimize images before Base64 encoding to stay under 2MB limit
- Handle rate limits: Implement exponential backoff if rate limited
- Track app version: Always send
platformandappVersionfor analytics - Provide accurate IP: Send the real user IP for spam detection accuracy
- Use HTTPS: Always use secure connection in production
Integration Notes
- customerId is automatic: Do not include
customerIdin the request body; it's extracted from the OAuth2 token - websiteId ownership: The endpoint validates that the websiteId belongs to the authenticated customer
- DEV vs PROD: Spam detection is bypassed in development environment but active in production
- Email redirect in DEV: In development, emails are redirected to
info@mapaprop.cominstead of the customer email
Related Documentation
📋 Flujo de Funcionalidad Práctica Para ver el flujo completo de cómo funciona la captación de propiedades en el sistema, consulta:
👉 Captación de Propiedades - Vender (Flujo Práctico)
Version History
| Version | Date | Changes |
|---|---|---|
| 1.0 | 2025-10-22 | Initial release - Express API seller submissions endpoint |
API Version: 1.0 Last Updated: 2025-10-22 Status: ✅ Production Ready