POST /auth/signup
Register a new user. Response format depends on accessTokenType configuration:
Signup
/auth/signupRegister a new user. Response format depends on accessTokenType configuration: - Header mode (default): Returns tokens in response body - Cookie mode: Sets tokens in HTTP-only cookies and returns success message
Request body
NestAuthSignupRequestDto
| Field | Type | Required | Description |
|---|---|---|---|
email | string | optional | User email address (required if phone not provided) Example: user@example.com |
phone | string | optional | User phone number (required if email not provided) Example: +1234567890 |
password | string | required | User password Example: SecurePass123! |
tenantId | string | optional | Tenant ID for multi-tenant applications Example: 123e4567-e89b-12d3-a456-426614174000 |
guard | string | optional | Guard context (e.g. admin, web, vendor) for isolation. Deprecated: use client Example: admindeprecated |
Examples
Example
{
"email": "user@example.com",
"phone": "+1234567890",
"password": "SecurePass123!",
"tenantId": "123e4567-e89b-12d3-a456-426614174000",
"guard": "admin"
}Responses
200Header mode: Returns message + tokens in body
AuthWithTokensResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
accessToken | string | required | JWT access token (short-lived) Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJpYXQiOjE2OTk5OTk5… |
refreshToken | string | required | JWT refresh token (long-lived) Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVz… |
message | string | optional | Success message (added by controller based on configuration) Example: Login successful |
isRequiresMfa | boolean | required | Whether multi-factor authentication is required Example: false |
mfaMethods | "email" | "sms" | "totp"[] | optional | Available MFA methods when isRequiresMfa is true Example: ["email","totp"] |
defaultMfaMethod | "email" | "sms" | "totp" | optional | Default/recommended MFA methodemailsmstotpExample: email |
trustToken | string | optional | Trust token for trusted device verification Example: 1234567890 |
Example response
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJpYXQiOjE2OTk5OTk5OTksImV4cCI6MTY5OTk5OTk5OX0.xyz",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVzaCIsImlhdCI6MTY5OTk5OTk5OX0.abc",
"message": "Login successful",
"isRequiresMfa": false,
"mfaMethods": [
"email",
"totp"
],
"defaultMfaMethod": "email",
"trustToken": "1234567890"
}Try it
curl -X POST 'https://api.example.com/auth/signup' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
-d '{"email":"user@example.com","phone":"+1234567890","password":"SecurePass123!","tenantId":"123e4567-e89b-12d3-a456-426614174000","guard":"admin"}'