Skip to main content
POST
/
api
/
auth
/
register
Register
curl --request POST \
  --url https://api.example.com/api/auth/register \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "<string>",
  "password": "<string>",
  "name": "<string>",
  "walletAddress": "<string>",
  "role": "<string>"
}
'
{
  "400": {},
  "409": {},
  "message": "<string>",
  "token": "<string>",
  "user": {
    "id": "<string>",
    "email": "<string>",
    "name": "<string>",
    "role": "<string>",
    "walletAddress": {}
  }
}

Overview

Create a new user account in the GatePass system. This endpoint validates user input, hashes the password securely, and returns a JWT access token along with user details.

Request Body

email
string
required
User’s email address. Must be a valid email format.
password
string
required
User’s password. Must meet the following requirements:
  • Minimum 8 characters long
  • Contains at least one uppercase letter
  • Contains at least one lowercase letter
  • Contains at least one number
name
string
required
User’s full name. Cannot be empty.
walletAddress
string
Ethereum wallet address. Must be a valid Ethereum address format if provided.
role
string
User role. Can be USER or ORGANIZER. Defaults to USER if not specified or if an invalid value is provided.

Response

message
string
Success message confirming user registration.
token
string
JWT access token valid for 15 minutes. Use this token in the Authorization header for authenticated requests.
user
object
User information object.

Authentication

A refresh token is automatically set as an HttpOnly cookie (refreshToken) with the following properties:
  • HttpOnly: true (cannot be accessed via JavaScript)
  • Secure: true in production
  • SameSite: strict
  • Max-Age: 7 days

Example Request

cURL
curl -X POST https://api.gatepass.com/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePass123",
    "name": "John Doe",
    "role": "USER"
  }'

Example Response

{
  "message": "User registered successfully",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "[email protected]",
    "name": "John Doe",
    "role": "USER",
    "walletAddress": null
  }
}

Error Responses

400
Bad Request
Validation errors for email, password, or name fields.
{
  "error": "Password must be at least 8 characters long"
}
409
Conflict
User with the provided email or wallet address already exists.
{
  "error": "User with this email or wallet address already exists"
}

Password Validation Rules

  • Minimum Length: 8 characters
  • Uppercase: At least one uppercase letter (A-Z)
  • Lowercase: At least one lowercase letter (a-z)
  • Number: At least one digit (0-9)
  • Hashing: Passwords are hashed using bcrypt with 12 rounds

Notes

  • Email addresses are normalized (lowercased) before storage
  • Duplicate emails or wallet addresses are not allowed
  • The access token expires in 15 minutes
  • The refresh token (stored in cookie) expires in 7 days

Build docs developers (and LLMs) love

Get started for freeTalk to us