Skip to main content
POST
/
register
Register
curl --request POST \
  --url https://api.example.com/register \
  --header 'Accept: <accept>' \
  --header 'Content-Type: <content-type>' \
  --header 'X-XSRF-TOKEN: <x-xsrf-token>' \
  --data '
{
  "name": "<string>",
  "email": "<string>",
  "password": "<string>",
  "password_confirmation": "<string>"
}
'

Overview

Create a new user account in MediaStream. Upon successful registration, the user is automatically authenticated and a session is created.
Registration must be enabled in the Fortify configuration (Features::registration()).

Endpoint

POST /register

Request Headers

X-XSRF-TOKEN
string
required
CSRF token retrieved from /sanctum/csrf-cookie
Content-Type
string
required
Must be application/json
Accept
string
required
Must be application/json

Request Body

name
string
required
User’s full nameConstraints:
  • Maximum 255 characters
  • Cannot be empty
email
string
required
User’s email address (automatically converted to lowercase)Constraints:
  • Must be a valid email format
  • Must be unique (not already registered)
  • Maximum 255 characters
password
string
required
User’s passwordConstraints:
  • Minimum 8 characters
  • Must meet Laravel’s default password rules
  • Cannot be a commonly used password
password_confirmation
string
required
Password confirmation (must match password field)

Response

User account created successfully. The user is automatically logged in.
{
  "id": 1,
  "name": "John Doe",
  "email": "[email protected]",
  "email_verified_at": null,
  "created_at": "2026-03-05T18:30:00.000000Z",
  "updated_at": "2026-03-05T18:30:00.000000Z"
}
id
integer
Unique user identifier
name
string
User’s full name
email
string
User’s email address (lowercase)
email_verified_at
string | null
Timestamp of email verification (null if not verified)
created_at
string
Account creation timestamp (ISO 8601)
updated_at
string
Last update timestamp (ISO 8601)
Set-Cookie Header:
Set-Cookie: laravel_session=...; Path=/; HttpOnly; SameSite=Lax

Validation Rules

Name Field

  • Required
  • Must be a string
  • Maximum 255 characters

Email Field

  • Required
  • Must be a valid email format
  • Must be unique (case-insensitive)
  • Maximum 255 characters
  • Automatically converted to lowercase

Password Field

  • Required
  • Minimum 8 characters
  • Must not be a commonly used password
  • Must be confirmed (match password_confirmation)

Code Examples

// Step 1: Get CSRF cookie
await fetch('https://your-domain.com/sanctum/csrf-cookie', {
  credentials: 'include'
});

// Step 2: Get CSRF token
const csrfToken = document.cookie
  .split('; ')
  .find(row => row.startsWith('XSRF-TOKEN='))
  ?.split('=')[1];

// Step 3: Register
const response = await fetch('https://your-domain.com/register', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Accept': 'application/json',
    'X-XSRF-TOKEN': decodeURIComponent(csrfToken)
  },
  credentials: 'include',
  body: JSON.stringify({
    name: 'John Doe',
    email: '[email protected]',
    password: 'SecurePass123!',
    password_confirmation: 'SecurePass123!'
  })
});

if (response.ok) {
  const user = await response.json();
  console.log('Registration successful:', user);
  // User is now authenticated
} else {
  const errors = await response.json();
  console.error('Registration failed:', errors);
}

Password Requirements

MediaStream uses Laravel’s default password validation rules:
1

Minimum Length

Password must be at least 8 characters long
2

Not Compromised

Password must not appear in data breaches (checked against haveibeenpwned.com)
3

Confirmation

Password must match the password_confirmation field
Encourage users to create strong passwords with a mix of uppercase, lowercase, numbers, and special characters.

Post-Registration

After successful registration:
  1. User is authenticated - A session is automatically created
  2. Email verification - If enabled, user will need to verify their email
  3. Redirect - Frontend typically redirects to /dashboard

Email Verification

If email verification is enabled (Features::emailVerification()), the user must verify their email before accessing protected routes. Verification endpoint: 
GET /email/verify/{id}/{hash}

Common Errors

{
  "errors": {
    "email": ["The email has already been taken."]
  }
}
The email address is already registered. User should login instead or use password reset if they forgot their password.
{
  "errors": {
    "password": ["The password must be at least 8 characters."]
  }
}
Password must meet minimum length requirement.
{
  "errors": {
    "password": ["The password confirmation does not match."]
  }
}
The password and password_confirmation fields must be identical.
If registration is disabled in the Fortify configuration, the endpoint will return a 404 error.

Database Schema

New users are created with the following fields: 
CREATE TABLE users (
    id BIGINT PRIMARY KEY AUTO_INCREMENT,
    name VARCHAR(255) NOT NULL,
    email VARCHAR(255) UNIQUE NOT NULL,
    email_verified_at TIMESTAMP NULL,
    password VARCHAR(255) NOT NULL,
    remember_token VARCHAR(100) NULL,
    two_factor_secret TEXT NULL,
    two_factor_recovery_codes TEXT NULL,
    two_factor_confirmed_at TIMESTAMP NULL,
    created_at TIMESTAMP NULL,
    updated_at TIMESTAMP NULL
);
Passwords are automatically hashed using bcrypt before storage. The plain text password is never stored.

Login

Authenticate existing users

Email Verification

Verify email address

Profile Settings

Update user profile

Build docs developers (and LLMs) love

Get started for freeTalk to us