API ReferencePasswords
POST
/v1/auth/password/signup

Authorization

Descope Project ID
AuthorizationBearer <token>

Project ID as bearer token.

In: header

Request Body

application/json

loginId?string
user?object
password?string
loginOptions?object

Sign-Up a new user utilizing password authentication. This endpoint will return the user's JWT.

Next Steps

Verify the user's email to allow for password reset by updating the email via OTP, Enchanted Link, or Magic Link

Add tenants to the user via Update User Add Tenant

Add roles to the user via Update User Add Role

See Also

  • See The User Object for further details on how to identify users and their contact information such as email addresses and phone number.
  • Use the Sign-In endpoint to sign-in an existing end user.
curl -X POST "https://api.descope.com/v1/auth/password/signup" \  -H "Content-Type: application/json" \  -d '{}'
{  "sessionJwt": "string",  "refreshJwt": "string",  "cookieDomain": "string",  "cookiePath": "string",  "cookieMaxAge": 0,  "cookieExpiration": 0,  "user": {    "loginIds": [      "string"    ],    "userId": "string",    "name": "string",    "email": "string",    "phone": "string",    "verifiedEmail": true,    "verifiedPhone": true,    "roleNames": [      "string"    ],    "userTenants": [      {        "tenantId": "string",        "roleNames": [          "string"        ],        "tenantName": "string",        "permissions": [          "string"        ]      }    ],    "status": "string",    "externalIds": [      "string"    ],    "picture": "string",    "test": false,    "customAttributes": {      "attribute-key": "attribute-value"    },    "createdTime": 0,    "TOTP": false,    "SAML": false,    "OAuth": {      "property1": false,      "property2": false    },    "webauthn": true,    "password": true,    "ssoAppIds": [      "string"    ],    "givenName": "string",    "middleName": "string",    "familyName": "string",    "editable": true,    "SCIM": true,    "push": true,    "permissions": [      "string"    ],    "OIDC": true,    "consentExpiration": 0  },  "firstSeen": true,  "idpResponse": {    "samlResponse": "string",    "samlGeneratedUser": "string",    "samlGeneratedRoles": "string",    "oidcResponse": "string",    "oidcGeneratedUser": "string",    "oidcGeneratedRoles": "string",    "idpGroups": [      "string"    ],    "idpSAMLAttributes": false,    "idpOIDCClaims": {}  },  "sessionExpiration": 0,  "externalToken": "string",  "claims": {},  "tenantSSOID": "string",  "trustedDeviceJwt": "string",  "nextRefreshSeconds": 0,  "cookieName": "string",  "sessionCookieName": "string",  "sessionCookieDomain": "string"}
/** * NOTE: if you add a new field to this message, also add it to the OptionalJWTResponse message */export interface Response {sessionJwt?: stringrefreshJwt?: stringcookieDomain?: stringcookiePath?: stringcookieMaxAge?: numbercookieExpiration?: numberuser?: ResponseUserfirstSeen?: booleanidpResponse?: IDPResponsesessionExpiration?: numberexternalToken?: stringclaims?: {}tenantSSOID?: stringtrustedDeviceJwt?: stringnextRefreshSeconds?: numbercookieName?: stringsessionCookieName?: stringsessionCookieDomain?: string}export interface ResponseUser {loginIds?: string[]userId?: stringname?: stringemail?: stringphone?: stringverifiedEmail?: booleanverifiedPhone?: booleanroleNames?: string[]userTenants?: UserTenants[]status?: stringexternalIds?: string[]picture?: stringtest?: boolean/** * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays. */customAttributes?: {[k: string]: string}createdTime?: numberTOTP?: booleanSAML?: booleanOAuth?: {[k: string]: boolean}webauthn?: booleanpassword?: booleanssoAppIds?: string[]givenName?: stringmiddleName?: stringfamilyName?: stringeditable?: booleanSCIM?: booleanpush?: booleanpermissions?: string[]OIDC?: booleanconsentExpiration?: number}export interface UserTenants {tenantId?: stringroleNames?: string[]tenantName?: stringpermissions?: string[]}export interface IDPResponse {samlResponse?: stringsamlGeneratedUser?: stringsamlGeneratedRoles?: stringoidcResponse?: stringoidcGeneratedUser?: stringoidcGeneratedRoles?: stringidpGroups?: string[]idpSAMLAttributes?: booleanidpOIDCClaims?: {}}
Was this helpful?

Password Authentication API Overview

Use the Descope REST API to build password authentication for your application.

Sign-In User POST

### Sign-In an existing user utilizing password authentication. This endpoint will return the user's JWT. ### Next Steps Verify the user's email to allow for password reset by updating the email via [OTP](/api/otp/email/update-email), [Enchanted Link](/api/enchanted-link/update-email), or [Magic Link](/api/magic-link/email/update-email) Add tenants to the user via [Update User Add Tenant](/api/management/users/update-user-add-tenant) Add roles to the user via [Update User Add Role](/api/management/users/update-user-add-roles) ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email addresses and phone number. - Use the [Sign-Up](/api/passwords/sign-up) endpoint to sign-up a new end user.