The register endpoint creates a new user account in the Auth service database. It validates the request body with a Zod schema, hashes the submitted password withDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/astrxnomo/shop-microservers/llms.txt
Use this file to discover all available pages before exploring further.
bcrypt using 10 salt rounds, persists the new User record (PostgreSQL, CUID primary key), and returns a signed JWT alongside the user object. If the email address is already associated with an existing account, the request is rejected with a 409 Conflict before any write is attempted.
Endpoint
Request Body
A valid email address for the new account. Must be unique across all registered users — submitting an email that already exists returns
409 Conflict. Validated with Zod’s z.string().email() rule.The plain-text password for the new account. Must be at least 6 characters long (enforced by
z.string().min(6)). The password is never stored in plain text — it is hashed with bcrypt at 10 rounds before being written to the database.Example Request
Success Response
Status:201 Created
Response Fields
A signed JWT generated with
jsonwebtoken. The token payload contains the user’s id (as sub) and email, is signed with the JWT_SECRET environment variable, and expires in 7 days. Pass it in the Authorization: Bearer <token> header on all authenticated requests.The new user’s database identifier. Uses Prisma’s CUID format (e.g.,
clxxxxxxxxxxxxx).The email address that was registered. This value is unique within the system.
Error Responses
| Status | Cause |
|---|---|
400 Bad Request | Validation failed — invalid email format, missing email or password field, or password shorter than 6 characters. The error field in the response body contains the Zod error message. |
409 Conflict | The submitted email address is already registered. No new record is created. |
Store the returned token securely. The Shop Microservers frontend saves it to
localStorage and reads it on every request. Losing the token simply requires the user to log in again — a fresh token is issued on each successful /login call.