Skip to main content

POST /api/auth/register

Creates a new user account and automatically activates a 14-day Solo trial. Returns a JWT token for immediate API access.

Request

email
string
required
Valid email address. Must be unique across the platform.
name
string
required
Display name for the user. 1—100 characters.
password
string
required
Account password. Must be 8—128 characters.
curl -X POST https://auth.panguard.ai/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "name": "Alice Chen",
    "password": "secureP@ssw0rd"
  }'

Response

{
  "ok": true,
  "data": {
    "user": {
      "id": "usr_a1b2c3d4e5f6",
      "email": "user@example.com",
      "name": "Alice Chen",
      "tier": "solo",
      "trialEndsAt": "2026-03-21T00:00:00.000Z",
      "createdAt": "2026-03-07T12:00:00.000Z"
    },
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expiresAt": "2026-03-08T12:00:00.000Z"
  }
}

Trial Activation

Every new account automatically receives a 14-day Solo trial that includes:
  • Up to 3 machines
  • Full scan, guard, chat, and report capabilities
  • Basic AI analysis
After the trial expires, the account reverts to the Community tier (1 machine, scan + Layer 1 guard only). Upgrade at any time from the CLI with panguard upgrade or from the web dashboard.

Security: Duplicate Email Handling

To prevent email enumeration attacks, registering with an already-used email returns a 200 OK with a generic success message instead of revealing that the email is taken. The actual account is not modified, and no new token is issued.
This means:
  • Attackers cannot probe the API to discover which emails have accounts
  • The original account remains unaffected
  • A “password reset” email is silently sent to the existing account holder

Validation Rules

FieldRule
emailMust be a valid email format
name1—100 characters, trimmed
password8—128 characters, no other restrictions
After registration, store the returned token securely. Use it as a Bearer token for all subsequent Auth API requests. The CLI handles this automatically when you run panguard login.