Confirm email and complete signup
POST/api/v1/auth/confirm-email
Confirm email, set first/last name and password, and auto-log-in.
Combines email verification, profile setup, and login into one step; the caller receives a JWT on success. A pending invite on the user is consumed here if present; otherwise a default personal organization is created.
- Not gated by
release_register(in-flight signups must complete). - 400 on invalid/expired/already-used confirmation tokens.
- Rate limit: 10 / hour / IP (
auth_recoverytier).
Request
Responses
- 200
- 400
- 404
- 409
- 422
- 429
- 500
Successful Response
Bad request — malformed input or failed validation.
Resource not found, or hidden for tenant-enumeration safety (the caller lacks permission to know whether the resource exists).
Conflict — the current resource state does not allow this operation (e.g. assessment already started, email already in use).
Semantic validation failure — request shape was valid but contents were not.
Too many requests — rate limited. Retry after the window resets.
Internal server error — unexpected failure.