Skip to main content
POST
/
api
/
auth
/
register
Register
curl --request POST \
  --url https://api.example.com/api/auth/register \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "<string>",
  "password": "<string>",
  "confirmPassword": "<string>",
  "firstName": "<string>",
  "lastName": "<string>"
}
'
{
  "success": true,
  "data": {
    "message": "<string>"
  },
  "error": "<string>",
  "details": {}
}

Authentication

This endpoint does not require authentication.

Request Body

email
string
required
User’s email address. Must be a valid email format and unique.
password
string
required
User’s password. Must meet the following requirements:
  • Minimum 8 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
confirmPassword
string
required
Password confirmation. Must match the password field exactly.
firstName
string
required
User’s first name. Minimum 2 characters.
lastName
string
required
User’s last name. Minimum 2 characters.

Response

Success Response (201 Created)

success
boolean
Always true for successful requests.
data
object
Response data object.
message
string
Success message. Returns: “Cuenta creada. Pendiente de aprobacion por un ADMIN.”

Error Response

success
boolean
Always false for error responses.
error
string
Error message describing what went wrong.
details
object
Additional error details, such as validation errors.

Error Responses

Status CodeError MessageDescription
400Datos inválidosRequest body validation failed. Check details for specific field errors.
409El email ya existeAn account with this email address already exists.

Validation Error Details

When status is 400, the details object contains field-specific validation errors: 
{
  "success": false,
  "error": "Datos inválidos",
  "details": {
    "fieldErrors": {
      "password": ["Debe contener al menos una mayúscula"],
      "confirmPassword": ["Las contraseñas no coinciden"]
    }
  }
}

Registration Flow

  1. Input validation using Zod schema
  2. Check if email already exists
  3. Create or get default organization (“Por defecto”)
  4. Assign USER role with default permissions
  5. Hash password using bcrypt
  6. Create user with status PENDING_VERIFICATION
  7. Create audit log entry
  8. Return success message

Important Notes

  • New users are created with status PENDING_VERIFICATION
  • Users cannot log in until an admin changes their status to ACTIVE
  • All new users are assigned to a default organization
  • Users are automatically assigned the USER role
  • Registration activity is logged in the audit log

Code Examples

curl -X POST https://your-domain.com/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePass123",
    "confirmPassword": "SecurePass123",
    "firstName": "John",
    "lastName": "Doe"
  }'

Password Requirements

Passwords must meet the following criteria (enforced by passwordSchema):
  • Minimum length: 8 characters
  • Uppercase: At least one uppercase letter (A-Z)
  • Lowercase: At least one lowercase letter (a-z)
  • Number: At least one digit (0-9)
Example valid passwords:
  • SecurePass123
  • MyP@ssw0rd
  • Welcome2024
Example invalid passwords:
  • password (no uppercase, no number)
  • PASSWORD123 (no lowercase)
  • Pass123 (too short)
  • SecurePass (no number)

Build docs developers (and LLMs) love

Get started for freeTalk to us