Begin sign up

POST

/_torii/auth/signup

curl --request POST \
  --url 'https://your-app.torii.so/_torii/auth/signup?_is_native=false' \
  --header 'Content-Type: application/json' \
  --data '{ "email": "founder@example.com", "password": "example", "name": "Jane Doe", "captchaToken": "example", "legalConsentAccepted": true, "unsafeMetadata": { "onboardingStep": 0 } }'

• Your Torii tenant

Validates the signup and emails a 6-digit verification code. No session is created until the code is verified.

Parameters

Header Parameters

Origin

string

Host

string

Query Parameters

_is_native

boolean

Request Body ^required

Media type application/json

Payload for creating a new user within a project environment. Project environment is identified by the X-API-Key header.

object

email

required

Email address to associate with the new user

string format: email

>= 1 characters

Example

founder@example.com

password

required

Plain text password that will be hashed prior to persistence

string

>= 8 characters <= 2147483647 characters

name

User’s display name (split into first/last on the profile)

string | null

Example

Jane Doe

captchaToken

Cloudflare Turnstile CAPTCHA token (required when Turnstile is enabled)

string | null

legalConsentAccepted

required

Whether the user ticked the legal-consent checkbox on the signup form. Must be true when GET /_torii/legal reports requireConsent: true — otherwise the server rejects the signup with 422 legal_consent_required.

boolean

unsafeMetadata

required

Optional unsafe metadata to seed on the new user. This is the only metadata bag the end-user may write. Capped at 512 bytes serialized; oversized payloads are rejected with 400.

object

key

additional properties

any

Example

{
  "onboardingStep": 0
}

Responses

200

OK

Media type application/json

object

token

required

string

email

required

string

Example ^generated

{
  "token": "example",
  "email": "example"
}