Skip to main content
POST
/
signup
curl -X POST "http://localhost:8080/signup" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "securepassword123",
    "data": {
      "first_name": "John",
      "last_name": "Doe"
    }
  }'

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "aud": "authenticated",
  "role": "authenticated",
  "email": "[email protected]",
  "phone": null,
  "email_confirmed_at": null,
  "phone_confirmed_at": null,
  "last_sign_in_at": null,
  "app_metadata": {
    "provider": "email",
    "providers": ["email"]
  },
  "user_metadata": {
    "first_name": "John",
    "last_name": "Doe"
  },
  "created_at": "2023-01-01T00:00:00Z",
  "updated_at": "2023-01-01T00:00:00Z"
}
Register a new user account with email or phone number and password. This endpoint creates a new user in the system and optionally sends a confirmation email/SMS. 
curl -X POST "http://localhost:8080/signup" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "securepassword123",
    "data": {
      "first_name": "John",
      "last_name": "Doe"
    }
  }'

Request Body

email
string
required
User’s email address. Must be a valid email format.
phone
string
User’s phone number in international format (e.g., +1234567890). Either email or phone is required.
password
string
required
User’s password. Must meet minimum security requirements.
data
object
Additional user metadata to store with the user profile.
captcha_token
string
Captcha token for verification if captcha is enabled.

Response

id
string
Unique user identifier (UUID format)
aud
string
Audience claim, typically “authenticated”
role
string
User role, typically “authenticated”
email
string
User’s email address
phone
string
User’s phone number
email_confirmed_at
string
Timestamp when email was confirmed (null if not confirmed)
phone_confirmed_at
string
Timestamp when phone was confirmed (null if not confirmed)
last_sign_in_at
string
Timestamp of last sign in (null for new users)
app_metadata
object
Application metadata managed by the system
user_metadata
object
User metadata provided during registration
created_at
string
User creation timestamp
updated_at
string
User last update timestamp
{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "aud": "authenticated",
  "role": "authenticated",
  "email": "[email protected]",
  "phone": null,
  "email_confirmed_at": null,
  "phone_confirmed_at": null,
  "last_sign_in_at": null,
  "app_metadata": {
    "provider": "email",
    "providers": ["email"]
  },
  "user_metadata": {
    "first_name": "John",
    "last_name": "Doe"
  },
  "created_at": "2023-01-01T00:00:00Z",
  "updated_at": "2023-01-01T00:00:00Z"
}

Error Responses

{
  "code": 400,
  "msg": "Invalid request data",
  "details": "Email is required"
}

Password Requirements

Passwords must meet the following requirements:
  • Minimum 8 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • At least one special character

Email Confirmation

After successful registration:
  1. If email confirmation is enabled, a confirmation email will be sent
  2. The user’s email_confirmed_at field will be null until confirmed
  3. Users may need to confirm their email before accessing certain features

Phone Registration

To register with a phone number instead of email: 
{
  "phone": "+1234567890",
  "password": "securepassword123"
}

Rate Limiting

This endpoint is rate limited to prevent abuse:
  • Limit: 5 requests per minute per IP address
  • Headers: Rate limit information is included in response headers

Security Considerations

  • Passwords are securely hashed using bcrypt
  • Email addresses are validated and normalized
  • Phone numbers are validated for proper format
  • Captcha verification may be required based on configuration

Next Steps

After successful registration, users typically need to:
  1. Confirm their email/phone - Use the verify endpoint
  2. Sign in - Use the login endpoint
  3. Complete profile - Use the update profile endpoint