POST

/api/auth/register

Create a new user account and return JWT tokens

URL:
https://hub.regardingwork.com/api/auth/register
Method:
POST
Authentication:
Not required
Content-Type:
application/json

Use Cases

External App Integration

Third-party applications can register new users within their app flow instead of redirecting to Hub registration page.

Secure Account Creation

Create RegardingWork accounts with proper validation, security checks, and immediate JWT token generation.

Request Body

Field Type Required Description
username string USERNAME only - letters, numbers, underscores, hyphens (3-64 chars)
⚠️ EMAIL addresses NOT allowed
email string Valid email address (separate from username)
password string Password (8-128 chars, at least 1 letter and 1 number)
Important Validation Rules
  • Username: Must be 3-64 characters, only letters, numbers, underscores, and hyphens
  • Username: Cannot contain @ symbol or look like an email address
  • Email: Must be valid email format and unique
  • Password: 8-128 characters with at least one letter and one number
  • Uniqueness: Both username and email must be unique across all users

Request Example

curl:
curl -X POST "https://hub.regardingwork.com/api/auth/register" \
  -H "Content-Type: application/json" \
  -d '{
    "username": "johndoe123",
    "email": "john@example.com", 
    "password": "SecurePass123"
  }'
JavaScript (fetch):
const response = await fetch('https://hub.regardingwork.com/api/auth/register', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    username: 'johndoe123',
    email: 'john@example.com',
    password: 'SecurePass123'
  })
});

const result = await response.json();

Response

Success Response (201 Created):
{
  "message": "User registered successfully",
  "user": {
    "id": 42,
    "username": "johndoe123",
    "bio": null,
    "profile_photo_url": null,
    "website_url": null,
    "created_at": "2025-09-06T15:30:45.123456",
    "updated_at": "2025-09-06T15:30:45.123456",
    "is_active": true,
    "role": "USER",
    "premium_tier": "FREE"
  },
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Error Responses

Status Error Description
400 Username, email, and password are required Missing required fields
400 Invalid email format Email doesn't match valid format
400 Username can only contain letters, numbers, underscores, and hyphens Username contains invalid characters
400 Username cannot contain @ symbol Attempted to use email as username
400 Password must be at least 8 characters long Password too short
400 Password must contain at least one letter and one number Password lacks required complexity
409 Username already exists Username is taken
409 Email already exists Email is already registered
500 Registration failed Internal server error

Security & Best Practices

Password Security
  • Passwords are automatically hashed using Werkzeug
  • Plain text passwords are never stored
  • Enforce minimum complexity requirements
Input Validation
  • All inputs are sanitized to prevent XSS
  • Username format strictly enforced
  • Email format validation with regex
Token Management
  • Immediate JWT token generation upon registration
  • 24-hour access token lifespan
  • 30-day refresh token lifespan
Data Integrity
  • Unique constraints on username and email
  • Case-insensitive username checks
  • Transaction rollback on errors

Integration Example for External Apps

Perfect for client.easyprodesign.com and other external applications that want to register RegardingWork users within their own signup flow.

Complete Registration Flow:
async function registerUserInApp(userData) {
  try {
    // Step 1: Register with RegardingWork Hub
    const response = await fetch('https://hub.regardingwork.com/api/auth/register', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        username: userData.username,
        email: userData.email,
        password: userData.password
      })
    });

    if (!response.ok) {
      const error = await response.json();
      throw new Error(error.error);
    }

    const result = await response.json();
    
    // Step 2: Store tokens in your app
    localStorage.setItem('rw_access_token', result.access_token);
    localStorage.setItem('rw_refresh_token', result.refresh_token);
    
    // Step 3: User is now registered and authenticated
    console.log('User registered:', result.user);
    
    return result;
    
  } catch (error) {
    console.error('Registration failed:', error.message);
    throw error;
  }
}

Next Steps After Registration

Validate Tokens

Use the validate endpoint to verify user authentication in your app.

Get User Profile

Retrieve detailed user information and profile data.

Refresh Tokens

Maintain user authentication with token refresh.

SSO Integration

Set up Single Sign-On for seamless user experience.