diff --git a/api/routes/asistencias/asistencias.js b/api/routes/asistencias/asistencias.js
index b494e60..772494b 100644
--- a/api/routes/asistencias/asistencias.js
+++ b/api/routes/asistencias/asistencias.js
@@ -15,7 +15,7 @@ router.get('/', async (req, res) => {
 });
 
 // GET asistencia by ID
-router.get('/:id', async (req, res) => {
+router.get('/:id(\\d+)', async (req, res) => {
   const { id } = req.params;
   try {
     const asistencia = await prisma.asistencia.findUnique({
@@ -79,7 +79,7 @@ router.post('/', async (req, res) => {
 });
 
 // PUT actualizar asistencia
-router.put('/:id', async (req, res) => {
+router.put('/:id(\\d+)', async (req, res) => {
   const { id } = req.params;
   const {
     empleado_id,
@@ -131,7 +131,7 @@ router.put('/:id', async (req, res) => {
 });
 
 // DELETE asistencia
-router.delete('/:id', async (req, res) => {
+router.delete('/:id(\\d+)', async (req, res) => {
   const { id } = req.params;
   try {
     await prisma.asistencia.delete({
diff --git a/api/routes/empleados/empleados.js b/api/routes/empleados/empleados.js
index 3b031b6..9091982 100644
--- a/api/routes/empleados/empleados.js
+++ b/api/routes/empleados/empleados.js
@@ -19,7 +19,7 @@ router.get('/', async (_req, res) => {
 })
 
 // ───── GET empleado por ID ─────
-router.get('/:id', async (req, res) => {
+router.get('/:id(\\d+)', async (req, res) => {
   const id = BigInt(req.params.id)
   try {
     const empleado = await prisma.cliente.findFirst({ where: { id, empleado: true } })
@@ -70,7 +70,7 @@ router.post('/', async (req, res) => {
 })
 
 // ───── PUT actualizar empleado ─────
-router.put('/:id', async (req, res) => {
+router.put('/:id(\\d+)', async (req, res) => {
   const id = BigInt(req.params.id)
   const {
     name,
@@ -115,7 +115,7 @@ router.put('/:id', async (req, res) => {
 })
 
 // ───── DELETE eliminar empleado ─────
-router.delete('/:id', async (req, res) => {
+router.delete('/:id(\\d+)', async (req, res) => {
   const id = BigInt(req.params.id)
   try {
     const existe = await prisma.cliente.findFirst({ where: { id, empleado: true } })
diff --git a/api/routes/planillas/planillas.js b/api/routes/planillas/planillas.js
index a08ee80..3080b84 100644
--- a/api/routes/planillas/planillas.js
+++ b/api/routes/planillas/planillas.js
@@ -151,7 +151,7 @@ router.post('/', async (req, res) => {
 });
 
 // PUT update planilla by ID
-router.put('/:id', async (req, res) => {
+router.put('/:id(\\d+)', async (req, res) => {
   const { id } = req.params;
   const {
     empleado_id,
@@ -195,7 +195,7 @@ router.put('/:id', async (req, res) => {
 });
 
 // DELETE planilla by ID
-router.delete('/:id', async (req, res) => {
+router.delete('/:id(\\d+)', async (req, res) => {
   const { id } = req.params;
   try {
     log('delete planilla', id);
diff --git a/api/routes/tareas/tareas.js b/api/routes/tareas/tareas.js
index 67d48fe..f12a0e9 100644
--- a/api/routes/tareas/tareas.js
+++ b/api/routes/tareas/tareas.js
@@ -15,7 +15,7 @@ router.get('/', async (req, res) => {
 });
 
 // GET tarea by ID
-router.get('/:id', async (req, res) => {
+router.get('/:id(\\d+)', async (req, res) => {
   const { id } = req.params;
   try {
     const tarea = await prisma.tareaRealizada.findUnique({
@@ -89,7 +89,7 @@ router.post('/', async (req, res) => {
 });
 
 // PUT update tarea by ID
-router.put('/:id', async (req, res) => {
+router.put('/:id(\\d+)', async (req, res) => {
   const { id } = req.params;
   const {
     empleado_id,
@@ -143,7 +143,7 @@ router.put('/:id', async (req, res) => {
 });
 
 // DELETE tarea by ID
-router.delete('/:id', async (req, res) => {
+router.delete('/:id(\\d+)', async (req, res) => {
   const { id } = req.params;
   try {
     await prisma.tareaRealizada.delete({