Skip to main content

Signup

Creates a new user account with the provided credentials. Upon successful registration, returns user details and a JWT access token.

Endpoint

POST /api/auth/signup

Request Body

name
string
User’s full name.
email
string
required
User’s email address. Must be a valid email format and unique.
password
string
required
User’s password. Must be at least 6 characters long.
dob
string
User’s date of birth. Optional field.

Response

message
string
Success message indicating the user was created successfully.
userId
integer
The unique identifier assigned to the newly created user.
email
string
The email address of the newly created user.
dob
string
The date of birth of the user (empty string if not provided).
created_at
string
ISO 8601 timestamp of when the user account was created.
The access token is automatically set as an HTTP-only cookie named access_token with a 10-day expiration. The password is securely hashed using bcrypt before storage.

Example Request

curl -X POST https://api.expireeye.com/api/auth/signup \
  -H "Content-Type: application/json" \
  -d '{
    "name": "John Doe",
    "email": "[email protected]",
    "password": "securepass123",
    "dob": "1990-01-15"
  }'

Example Response

{
  "message": "User created successfully",
  "userId": 123,
  "email": "[email protected]",
  "dob": "1990-01-15",
  "created_at": "2026-03-04T10:30:45.123456"
}

Error Responses

409 Conflict

Returned when a user with the provided email already exists. 
{
  "detail": "User already exists"
}

400 Bad Request

Returned when validation fails for required fields or password requirements. Missing email: 
{
  "detail": "Email is required"
}
Missing password: 
{
  "detail": "Password is required"
}
Password too short: 
{
  "detail": "Password must be at least 6 characters long"
}

500 Internal Server Error

Returned when a database or server error occurs. 
{
  "detail": "Internal server error"
}

Security Notes

  • Passwords are hashed using bcrypt with an automatically generated salt
  • The JWT token contains the user’s ID and email for authentication
  • Email addresses must be unique in the system
  • All sensitive operations are wrapped in database transactions

Build docs developers (and LLMs) love

Get started for freeTalk to us