Skip to content
Handbid Developers

POST /v3/auth/register

POST
/v3/auth/register
 
curl --request POST \
  --url https://api-ha-prod-p8.handbid.dev/v3/auth/register \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: */*' \
  --data '"{\n  \"firstName\": \"Taylor\",\n  \"lastName\": \"Pearce\",\n  \"email\": \"taylor+{{$timestamp}}@example.com\",\n  \"mobile\": \"15551234567\",\n  \"countryCode\": \"US\",\n  \"whitelabelId\": {{whitelabelId}}\n}"'

Creates a password-less account (users.auth = NULL). SMS PIN fires to the provided mobile. Returns 201 with {phoneLastFourDigits}.

Next step after this runs: verify-pin. The access token is minted there, not here.

Field reference:

FieldRequiredNotes
firstNameYes
lastNameYes
emailYesMust be RFC-compliant. The {{$timestamp}} template ensures unique per send.
mobileYesAccepts three formats, all parsed via libphonenumber using countryCode as a region hint: E.164 (+13035551234), international (13035551234), or local (3035551234). Twilio Lookup validates reachability in prod/QA.
countryCodeYesISO 3166-1 alpha-2. Used as the libphonenumber region hint for mobile.
whitelabelIdYes1=Handbid. OGAC (4) is blocked.
captchaTokenNoOptional reCAPTCHA token, action=signup. Missing → stricter rate-limit budget (10 req / 5 min per IP).

Errors: 400 validation_error / invalid_email / invalid_phone / registration_blocked, 403 captcha_failed, 409 email_exists, 429 rate_limited.

Authorizations

Section titled “Authorizations ”

Request Body

Section titled “Request Body ”
Media type */*
string
Example 
"{\n  \"firstName\": \"Taylor\",\n  \"lastName\": \"Pearce\",\n  \"email\": \"taylor+{{$timestamp}}@example.com\",\n  \"mobile\": \"15551234567\",\n  \"countryCode\": \"US\",\n  \"whitelabelId\": {{whitelabelId}}\n}"

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Successful response

Media type application/json