Skip to main content

Endpoint

method
string
required
POST
url
string
required
/auth/register

Request

Headers

Content-Type
string
required
application/json

Body Parameters

email
string
required
User’s email address (max 255 characters)Must be a valid email format
password
string
required
User’s password (8-128 characters)Requirements:
  • Minimum 8 characters
  • At least 1 uppercase letter
  • At least 1 lowercase letter
  • At least 1 number
  • At least 1 special character (!@#$%^&*…)
  • Not a common password
name
string
required
User’s full name (2-100 characters)Cannot contain special HTML characters (angle brackets, braces, square brackets)

Example Request

cURL
curl -X POST https://api.ceboelha.com/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "SecureP@ss123",
    "name": "João Silva"
  }'
JavaScript
const response = await fetch('https://api.ceboelha.com/auth/register', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  credentials: 'include', // Important: include cookies
  body: JSON.stringify({
    email: 'user@example.com',
    password: 'SecureP@ss123',
    name: 'João Silva'
  })
});

const data = await response.json();
Python
import requests

response = requests.post(
    'https://api.ceboelha.com/auth/register',
    json={
        'email': 'user@example.com',
        'password': 'SecureP@ss123',
        'name': 'João Silva'
    }
)

data = response.json()

Response

Success Response (200)

success
boolean
required
Always true for successful requests
data
object
required
data.user
object
required
data.user._id
string
User’s unique identifier (MongoDB ObjectId)
data.user.email
string
User’s email address
data.user.name
string
User’s full name
data.user.role
string
User’s role (default: “user”)
data.user.status
string
Account status (default: “active”)
data.user.preferences
object
User preferences (theme, notifications, language, etc.)
data.user.stats
object
User statistics (all start at 0 for new users)
data.user.createdAt
string
ISO 8601 timestamp of account creation
data.user.updatedAt
string
ISO 8601 timestamp of last update
data.expiresIn
number
Seconds until access token expires (typically 900 = 15 minutes)
message
string
required
Success message: “Conta criada com sucesso! 🐰“

Response Cookies

The following HttpOnly cookies are automatically set:
  • accessToken: JWT access token (expires in 15 minutes)
  • refreshToken: JWT refresh token (expires in 7 days)

Example Success Response

{
  "success": true,
  "data": {
    "user": {
      "_id": "507f1f77bcf86cd799439011",
      "email": "user@example.com",
      "name": "João Silva",
      "role": "user",
      "status": "active",
      "preferences": {
        "theme": "light",
        "notifications": true,
        "soundEnabled": true,
        "language": "pt-BR",
        "fodmapPhase": "elimination"
      },
      "stats": {
        "daysUsingApp": 0,
        "totalMealsLogged": 0,
        "totalSymptomsLogged": 0,
        "currentStreak": 0,
        "longestStreak": 0,
        "achievementsUnlocked": 0,
        "foodsTested": 0,
        "triggersIdentified": 0,
        "lastActive": "2024-03-15T10:30:00.000Z"
      },
      "createdAt": "2024-03-15T10:30:00.000Z",
      "updatedAt": "2024-03-15T10:30:00.000Z"
    },
    "expiresIn": 900
  },
  "message": "Conta criada com sucesso! 🐰"
}

Error Responses

Weak Password (400)

{
  "success": false,
  "error": "Validation failed",
  "code": "VALIDATION_ERROR",
  "message": "Senha deve conter pelo menos uma letra maiúscula"
}

Email Already Exists (409)

{
  "success": false,
  "error": "Conflict",
  "code": "CONFLICT",
  "message": "Este e-mail já está cadastrado"
}

Invalid Input (400)

{
  "success": false,
  "error": "Validation failed",
  "code": "VALIDATION_ERROR",
  "message": "Nome deve ter entre 2 e 100 caracteres"
}

Rate Limit Exceeded (429)

{
  "success": false,
  "error": "Rate limit exceeded",
  "code": "RATE_LIMIT",
  "message": "Muitas requisições. Tente novamente mais tarde."
}

Notes

  • Rate Limit: 5 requests per 15 minutes per IP
  • Token Storage: Tokens are automatically stored in HttpOnly cookies
  • Password Security: Passwords are hashed with bcrypt before storage
  • Device Tracking: The system tracks the device and IP address for security purposes
  • Activity Logging: Registration events are logged for security auditing

Build docs developers (and LLMs) love

Get started for freeTalk to us