Registration follows a three-step flow: initialize a signup session, submit account details, then verify the email address. A verified email is required before the account can be used.
Request Step 1 — Initialize signup POST /api/v1/auth/signup/init
No request body or authentication required. Returns a short-lived signup_token (valid for 3 minutes) that must be included in Step 2.
Response Short-lived signup token to include in the registration request.
ISO 8601 expiration timestamp for the signup token.
{ "token" : "su_a1b2c3d4e5f6" , "expires_at" : "2024-01-15T10:03:00Z" }
Step 2 — Create account POST /api/v1/auth/register
No authentication required.
The new user’s email address. Must be a valid email format; used as the organization’s contact email.
Account password. Must be at least 8 characters.
The user’s full name. Also used as the initial organization name.
The one-time token obtained from POST /api/v1/auth/signup/init.
ISO 3166-1 alpha-2 country code (e.g., NG, GH, KE). Used to create a local-currency balance account for your organization.
Response Confirmation message. Indicates whether a verification email was sent.
Whether the user has completed onboarding.
{ "message" : "Verification code sent to your email. Please verify to activate your account." , "user" : { "id" : "usr_xyz789" , "email" : "jane@example.com" , "full_name" : "Jane Doe" , "hasOnboarded" : false } }
Step 3 — Verify email POST /api/v1/auth/verify-email
No authentication required.
The email address to verify.
The verification code sent to the email address (4–8 characters).
Response Short-lived JWT access token (valid for 15 minutes).
Long-lived refresh token (valid for 30 days).
Whether the user has completed onboarding.
{ "access_token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." , "refresh_token" : "rt_a1b2c3d4e5f6g7h8i9j0" , "user" : { "id" : "usr_xyz789" , "email" : "jane@example.com" , "full_name" : "Jane Doe" , "hasOnboarded" : false } }
Resend verification code POST /api/v1/auth/verify-email/resend
The email address to send a new verification code to.
Response { "message" : "Verification code sent to your email." }
Password reset Request a reset link POST /api/v1/auth/forgot-password
Always returns a success response to prevent email enumeration.
The email address associated with the account.
Response { "message" : "If an account exists with this email, a password reset link has been sent." , "isFirstTime" : false }
Set a new password POST /api/v1/auth/reset-password
The reset token from the password reset email.
The new password. Must be at least 8 characters.
Response { "message" : "Password has been reset successfully. You can now login with your new password." }
Error codes Status Description 400Missing or invalid fields, weak password, or invalid/expired signup_token. 409An account with this email already exists.
Example
Initialize a signup session
curl --request POST \ --url https://api.syncgrampay.com/api/v1/auth/signup/init
Create account
curl --request POST \ --url https://api.syncgrampay.com/api/v1/auth/register \ --header 'Content-Type: application/json' \ --data '{ "email": "jane@example.com", "password": "supersecret", "full_name": "Jane Doe", "signup_token": "su_a1b2c3d4e5f6", "country": "NG" }'
Verify email address
curl --request POST \ --url https://api.syncgrampay.com/api/v1/auth/verify-email \ --header 'Content-Type: application/json' \ --data '{ "email": "jane@example.com", "otp": "482910" }'