Start passwordless signup
POST/api/v1/auth/signup
Begin passwordless signup by sending a confirmation email.
Only email is collected; name and password are set later when the user
completes POST /auth/confirm-email. The endpoint always returns a
success message regardless of whether the email is already registered
(email-enumeration safety).
- Router-gated by
release_register— returns 404 when registration is off. - Rate limit: 5 / hour / IP (
auth_signuptier). - 503 if the instance has no Resend API key configured.
Request
Responses
- 200
- 400
- 404
- 409
- 422
- 429
- 500
Successful Response
Bad request — malformed input or failed validation.
Resource not found, or hidden for tenant-enumeration safety (the caller lacks permission to know whether the resource exists).
Conflict — the current resource state does not allow this operation (e.g. assessment already started, email already in use).
Semantic validation failure — request shape was valid but contents were not.
Too many requests — rate limited. Retry after the window resets.
Internal server error — unexpected failure.