Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Gianluca-X/DigitalMoney/llms.txt

Use this file to discover all available pages before exploring further.

The /auth/register endpoint creates a new user record in the auth service’s database, BCrypt-hashes the provided password, assigns a role, and immediately dispatches an email containing a UUID verification code. A JWT is generated and returned alongside the new user’s internal auth ID, but the account cannot be used to log in until the verification step is completed.

Endpoint

POST http://localhost:8085/auth/register
Authentication: None required. Content-Type: application/json
This endpoint is typically called indirectly through POST /users/register on the user-service, which orchestrates auth-service registration, user-service profile creation, and account provisioning in a single flow. Call /auth/register directly only when you need to create an auth record in isolation.

Request Body

email
string
required
The user’s email address. Must be unique across the auth database — the email column carries a UNIQUE constraint, so submitting a duplicate address causes a database constraint violation.
password
string
required
Plain-text password for the account. The service encodes it with BCrypt before persisting.
rol
string
The role to assign to the new user. Accepted values: USER, ADMIN. Defaults to USER when omitted.

Response Fields

A successful 200 OK response returns an AuthResponse object.
token
string
A signed HS256 JWT whose subject is the user’s email address and whose role claim carries the assigned role. The token is valid for 24 hours (86 400 000 ms). Although returned immediately, callers should treat this token as inactive until the email is verified — the login endpoint enforces the emailVerified flag.
authId
number
The auto-generated primary key of the newly created User record in the auth database (auth_db). This ID is propagated to the user-service during orchestrated registration.
message
string
A human-readable status message. Returns null on this endpoint — the message field is populated more consistently on login.

Example

Request

curl -X POST http://localhost:8085/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "ada@digitalmoney.io",
    "password": "S3cure!Pass",
    "rol": "USER"
  }'

Response 200 OK

{
  "token": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZGFAZGlnaXRhbG1vbmV5LmlvIiwicm9sZSI6IlVTRVIiLCJpYXQiOjE3MjAwMDAwMDAsImV4cCI6MTcyMDA4NjQwMH0.abc123signature",
  "authId": 42,
  "message": null
}

Error Codes

HTTP StatusExceptionDescription
400 Bad RequestInvalidPasswordExceptionThe supplied password does not meet the service’s validation requirements.
500 Internal Server ErrorExceptionAn unexpected server-side error occurred. This also covers duplicate-email submissions — the auth service does not pre-validate uniqueness, so a DB constraint violation surfaces as a 500 from this endpoint. To guard against duplicate emails, use POST /users/register, which checks uniqueness before forwarding to the auth service.
After a successful 200 response, the account is not yet active. The user must verify their email before they can call POST /auth/login. Attempting to log in with an unverified account returns 403 Forbidden.

Build docs developers (and LLMs) love