First API Call
The quickest way to verify your integration is to register a user. This is a single HTTP POST call that requires no authentication — only your application ID in the URL.
Prerequisites
You need:
- Your Application ID — found in the dashboard URL and application settings
- An HTTP client (curl, fetch, or your language's HTTP library)
API keys are not required for the registration endpoint. Authentication is enforced by the application ID in the URL path.
Register a User
Endpoint
POST https://api.yorauth.com/api/v1/applications/{applicationId}/users/register
Request body
| Field | Type | Required | Notes |
|---|---|---|---|
email | string | Yes | Must be unique within this application |
password | string | Yes | Min 8 chars, mixed case, number, and symbol required |
name | string | Yes | Display name for the user |
metadata | object | No | Any additional key-value data you want to attach |
curl -X POST https://api.yorauth.com/api/v1/applications/your-application-id/users/register \
-H "Content-Type: application/json" \
-d '{
"email": "jane@example.com",
"password": "Secure1!Pass",
"name": "Jane Smith"
}'
const response = await fetch(
'https://api.yorauth.com/api/v1/applications/your-application-id/users/register',
{
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
email: 'jane@example.com',
password: 'Secure1!Pass',
name: 'Jane Smith',
}),
}
);
const result = await response.json();
console.log(result);
$response = file_get_contents(
'https://api.yorauth.com/api/v1/applications/your-application-id/users/register',
false,
stream_context_create([
'http' => [
'method' => 'POST',
'header' => 'Content-Type: application/json',
'content' => json_encode([
'email' => 'jane@example.com',
'password' => 'Secure1!Pass',
'name' => 'Jane Smith',
]),
],
])
);
$result = json_decode($response, true);
Response — 201 Created
{
"data": {
"id": "01234567-89ab-cdef-0123-456789abcdef",
"email": "jane@example.com",
"name": "Jane Smith",
"email_verified": false,
"created_at": "2026-02-25T10:00:00+00:00",
"metadata": null
},
"message": "Registration successful. Please check your email to verify your account."
}
The user is created. email_verified is false until they click the verification link sent to their inbox.
Log the User In
After registration, log the user in to receive an access token and refresh token.
Endpoint
POST https://api.yorauth.com/api/v1/applications/{applicationId}/users/login
Request body
{
"email": "jane@example.com",
"password": "Secure1!Pass"
}
Response — 200 OK
{
"data": {
"access_token": "eyJ...",
"refresh_token": "ref_a1b2c3d4...",
"token_type": "Bearer",
"expires_in": 900,
"user": {
"id": "01234567-89ab-cdef-0123-456789abcdef",
"email": "jane@example.com",
"name": "Jane Smith",
"email_verified": false,
"created_at": "2026-02-25T10:00:00+00:00",
"metadata": null
}
}
}
Send the access_token as a Bearer token in the Authorization header for all subsequent authenticated requests.
Access tokens expire after expires_in seconds. Use the refresh_token to obtain a new access token without requiring the user to log in again. See the Token Refresh endpoint at POST /api/v1/applications/{applicationId}/users/token/refresh.
Common Errors
| HTTP Status | Error Code | Cause |
|---|---|---|
| 422 | Validation error | Missing or invalid field |
| 422 | — | Email already registered in this application |
| 401 | AUTH_INVALID_CREDENTIALS | Wrong email or password on login |
| 429 | AUTH_ACCOUNT_LOCKED | Too many failed login attempts |
Next Steps
Now that you can register and log in users, install an SDK to integrate YorAuth directly into your codebase without writing raw HTTP calls.