Skip to main content
POST
/
auth
/
create-user
Create User (Admin)
curl --request POST \
  --url https://api.example.com/auth/create-user \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "email": "<string>",
  "password": "<string>",
  "role": "<string>"
}
'
{
  "message": "<string>",
  "user": {
    "user.id": 123,
    "user.name": "<string>",
    "user.email": "<string>",
    "user.role": "<string>",
    "user.createdAt": "<string>"
  }
}

Overview

Creates a new user account with a specified role. This endpoint is restricted to administrators only and allows creating users with either customer or admin roles. This endpoint is rate-limited to 10 requests per 15-minute window.

Authentication

Required: This endpoint requires a valid JWT token with admin role in the Authorization header. 
Authorization: Bearer <admin_token>

Request Body

name
string
required
The user’s full name
email
string
required
The user’s email address. Must be a valid email format and unique in the system.
password
string
required
The user’s password. Must be at least 6 characters long.
role
string
required
The user’s role. Must be either customer or admin.

Request Example

{
  "name": "Admin User",
  "email": "[email protected]",
  "password": "securePassword123",
  "role": "admin"
}

Response

message
string
Success message confirming user creation
user
object
The created user object without sensitive data
user.id
integer
Unique user identifier
user.name
string
User’s full name
user.email
string
User’s email address
user.role
string
User’s assigned role (“customer” or “admin”)
user.createdAt
string
ISO 8601 timestamp of account creation

Response Example

{
  "message": "Usuario creado exitosamente",
  "user": {
    "id": "2",
    "name": "Admin User",
    "email": "[email protected]",
    "role": "admin",
    "createdAt": "2026-03-06T10:30:00.000Z"
  }
}

Error Responses

401 Unauthorized

Returned when no valid authentication token is provided. 
{
  "error": "No autorizado"
}

403 Forbidden

Returned when the authenticated user does not have admin privileges. 
{
  "error": "Acceso denegado. Se requieren permisos de administrador"
}

409 Conflict

Returned when the email address is already registered. 
{
  "error": "El email ya está en uso"
}

400 Bad Request

Returned when validation fails (invalid email format, password too short, invalid role, missing fields). 
{
  "error": "Validation failed",
  "details": [
    "El rol debe ser 'customer' o 'admin'"
  ]
}

429 Too Many Requests

Returned when rate limit is exceeded (10 requests per 15 minutes). 
{
  "error": "Demasiados intentos. Intenta de nuevo en 15 minutos."
}

Notes

  • Only administrators can access this endpoint
  • Passwords are hashed using bcrypt before storage
  • The password hash is never returned in the response
  • Valid roles are: customer and admin
  • Email addresses are case-sensitive and must be unique
  • This endpoint differs from /auth/register by allowing role specification

Build docs developers (and LLMs) love

Get started for freeTalk to us