Authentication API

User registration endpoint with comprehensive validation and security measures.

POST

/api/auth/register

Creates a new user account with the provided credentials and personal information.

Request Headers

Content-Type

application/json (required)

Request Body

{
  "name": "string (required, min: 2 characters)",
  "email": "string (required, valid email format)",
  "password": "string (required, min: 6 characters)"
}

Example Request

const response = await fetch('/api/auth/register', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    name: 'John Doe',
    email: 'john.doe@example.com',
    password: 'securepassword123'
  })
});

Responses

201 Created - Success

{
  "success": true,
  "message": "Account created successfully",
  "user": {
    "id": "string",
    "name": "John Doe",
    "email": "john.doe@example.com",
    "createdAt": "2024-01-15T10:30:00.000Z",
    "updatedAt": "2024-01-15T10:30:00.000Z"
  }
}

400 Bad Request - Validation Error

{
  "error": "All fields are required"
}

Other validation errors: "Invalid email format", "Password must be at least 6 characters long", "Name must be at least 2 characters long"

409 Conflict - Duplicate Account

{
  "error": "An account with this email already exists"
}

500 Internal Server Error

{
  "error": "Failed to create user account"
}

Security Features

Password Handling

Hashing with bcrypt (12 rounds)
Only hashed version stored
Plain text during registration (HTTPS required)

Data Protection

Email normalization (lowercase)
Input trimming
No password in response

Validation Rules

Name Field

Required: Yes
Minimum Length: 2 characters
Trimming: Leading/trailing whitespace removed

Email Field

Required: Yes
Format: Valid email format
Normalization: Converted to lowercase
Uniqueness: Must not exist in database

Password Field

Required: Yes
Minimum Length: 6 characters
Hashing: BCrypt with 12 rounds