Skip to main content
POST
/
auth
/
register
Register User
curl --request POST \
  --url https://api.example.com/auth/register \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "surname": "<string>",
  "email": "<string>",
  "password": "<string>",
  "rol": "<string>"
}
'

Endpoint

POST /auth/register

Authentication

No authentication required. This is a public endpoint.
By default, new users are created with the “user” role. To create an admin user, include the admin-key header with the correct secret key.

Request Headers

admin-key
string
Secret key to create an admin user. If this header matches the server’s configured admin key, the user will be created with admin privileges.

Request Body

name
string
required
User’s first name. Cannot be empty.
surname
string
required
User’s last name. Cannot be empty.
email
string
required
User’s email address. Must be a valid email format and unique in the system.
password
string
required
User’s password. Must be at least 6 characters long. The password will be hashed before storage.
rol
string
User role. This field is optional in the request body. The actual role is determined by the admin-key header and server logic.

Request Example

{
  "name": "María",
  "surname": "González",
  "email": "[email protected]",
  "password": "securePassword123"
}

Admin User Registration Example

curl -X POST https://api.clinicavitalis.com/auth/register \
  -H "Content-Type: application/json" \
  -H "admin-key: your-secret-admin-key" \
  -d '{
    "name": "Admin",
    "surname": "User",
    "email": "[email protected]",
    "password": "adminPassword123"
  }'

Response

Success Response (201 Created)

{
  "user": {
    "id": 1,
    "name": "María",
    "surname": "González",
    "email": "[email protected]",
    "password": "$2a$10$hashed.password.string.here",
    "rol": "50yunUs3r"
  }
}
The password in the response is the hashed version. The plain text password is never stored or returned.

Error Responses

400 Bad Request - Validation Error

Returned when validation fails for any required field or format. 
{
  "errors": [
    {
      "msg": "El nombre es obligatorio",
      "param": "name",
      "location": "body"
    }
  ]
}

400 Bad Request - Email Already Exists

{
  "errors": [
    {
      "msg": "El email ya está registrado",
      "param": "email",
      "location": "body"
    }
  ]
}

500 Internal Server Error

{
  "msg": "Error en el servidor"
}

Validation Rules

The following validations are enforced by express-validator:
  • name: Required, cannot be empty
  • surname: Required, cannot be empty
  • email: Required, must be a valid email format, must be unique in the database
  • password: Required, minimum length of 6 characters
Make sure to validate email uniqueness on the client side before submitting to provide better user experience. The server will reject duplicate emails.

User Roles

The system supports two roles:
  • 50yunUs3r - Standard user (default)
  • 50yun4dmin - Admin user (requires admin-key header)

Build docs developers (and LLMs) love

Get started for freeTalk to us