Skip to main content
Create a new user account to access the Medical Appointments API. New users are automatically assigned the PATIENT role.

Registration Endpoint

POST /api/auth/register

Required Fields

All three fields are mandatory for registration:
FieldTypeValidationDescription
emailstringValid email formatUser’s email address (must be unique)
passwordstringMinimum 8 charactersUser’s password
namestring2-100 charactersUser’s full name
The role field is automatically set to PATIENT during registration and cannot be specified in the request.

Validation Rules

Email Validation

  • Must be a valid email format
  • Must be unique (not already registered)
  • Validated using Joi schema (src/schemas/usersSchema.js:5)

Password Requirements

Passwords must be at least 8 characters long. This requirement is enforced both at the schema level and in the service layer.
The password is hashed using bcryptjs with a salt rounds value (default: 10) before storage: 
// From src/services/authService.js:12-13
if (password.length < 8) {
    throw new Error('La contraseña debe tener al menos 8 caracteres.');
}

Name Validation

  • Minimum length: 2 characters
  • Maximum length: 100 characters

Example Request

curl -X POST http://localhost:3000/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "patient@example.com",
    "password": "securePassword123",
    "name": "John Doe"
  }'

Success Response

When registration is successful, you receive a confirmation message: 
{
  "message": "Usuario registrado con éxito"
}
Status Code: 201 Created
After successful registration, proceed to the login endpoint to obtain a JWT token.

Error Responses

Missing Required Fields

Status Code: 400 Bad Request 
{
  "error": "Email, password y nombre son obligatorios."
}

Password Too Short

Status Code: 400 Bad Request 
{
  "error": "La contraseña debe tener al menos 8 caracteres."
}

Email Already Exists

If you attempt to register with an email that’s already in use: Status Code: 400 Bad Request 
{
  "error": "Error con conexión a la base de datos"
}
The error message for duplicate emails is generic to prevent email enumeration attacks.

Invalid Email Format

When the email doesn’t meet validation requirements: Status Code: 400 Bad Request 
{
  "error": "\"email\" must be a valid email"
}

Implementation Details

The registration process (src/services/authService.js:8-32) performs the following steps:
1

Validate Input

Checks that email, password, and name are provided and meet requirements.
2

Hash Password

Uses bcryptjs to hash the password with configurable salt rounds.
3

Create User

Stores the user in the database with role set to PATIENT.
4

Audit Log

Records the registration event in the audit log.
5

Return Confirmation

Sends a success message (user data is not returned for security).
// From src/services/authService.js:17-25
const newUser = await prisma.user.create({
    data: {
        email,
        password: hashedPassword,
        name,
        role: 'PATIENT'
    },
    select: { id: true, email: true, name: true, role: true }, // no devolver password
});

Security Features

Password Hashing

Passwords are hashed using bcryptjs before storage. The hashed password is never returned in API responses.

Audit Logging

Every registration is logged in the audit system with the user ID and action type (register).

Default Role Assignment

All registered users receive the PATIENT role by default. Admin and doctor roles must be assigned through administrative endpoints.

Next Steps

After registering, you can:
  1. Login to obtain a JWT token
  2. Use the token to access protected endpoints
  3. Learn about JWT token usage

Build docs developers (and LLMs) love

Get started for freeTalk to us