Calling this endpoint creates a new player account and immediately returns a JWT access token and refresh token. You do not need to make a separate login call after registration — your client can start making authenticated requests with the tokens returned here.
Endpoint No authentication is required.
Request body The player’s email address. Must be a valid email format. Used as the unique account identifier.
The player’s password. Minimum 8 characters.
A unique identifier for the player’s device. This value is stored as the player’s auth_user_id and becomes the sub claim in all issued JWTs.
Example request curl -X POST https://playsmart-gateway-1w8ko864.uc.gateway.dev/auth/register \ -H "Content-Type: application/json" \ -d '{ "email": "player@example.com", "password": "s3cur3pass", "deviceId": "device-abc-123" }'
Response 201 Created A signed JWT bearer token. Include this in the Authorization: Bearer header on every authenticated request. Expires in 30 days.
A signed JWT refresh token. Use this to obtain a new access token when the current one expires. Expires in 180 days.
The player’s unique identifier. Matches the deviceId supplied at registration and the sub claim in the JWT.
The player’s email address.
The player’s display name. Empty string on a freshly created account.
Total games the player has completed. Always 0 on registration.
{ "data" : { "access_token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." , "refresh_token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." , "user" : { "id" : "device-abc-123" , "email" : "player@example.com" , "pseudo" : "" , "total_games_completed" : 0 } } }
Error responses HTTP status Code Message Meaning 400 BAD_REQUESTBAD_REQUESTinvalid_payloadThe request body failed validation. Check details for field-level errors. 409 CONFLICTCONFLICTemail_already_registeredAn account with this email already exists. Direct the player to log in instead.
{ "error" : { "code" : "CONFLICT" , "message" : "email_already_registered" } }
