NYYU Logo
APIRegistration

Registration & Authentication Overview

Comprehensive guide to user registration, authentication, and account security API endpoints

🔐 AUTHENTICATION API

Registration & Authentication

Secure user registration, multi-factor authentication, and comprehensive account security management with industry-standard protocols.

Overview

The Registration API provides a complete authentication system including user signup, email verification, two-factor authentication (2FA), secure sign-in, and password management. Built with security-first principles to protect user accounts and data.


Key Features

📝

Account Registration

Complete signup flow with email verification and country-based compliance

🔐

Two-Factor Auth

Multi-method 2FA support including authenticator apps, email, and SMS

Secure Sign-In

Protected authentication with 2FA validation and session management

📧

Email Verification

Time-limited verification codes with resend capability for account activation

🔑

Password Recovery

Secure password reset flow with code verification and new password setup

🛡️

Security Management

Enable, disable, and manage 2FA settings for account protection


Available Operations

Account Creation

Authentication

Two-Factor Authentication

Password Management


Registration Flow Architecture

Complete Registration Process

1

Initial Signup

User provides email, password, and country. System sends verification code to email (valid 10 minutes)

2

Email Verification

User enters 6-digit code to verify email ownership. Can request resend if code expired

3

2FA Setup

User chooses 2FA method (app/email/SMS), receives code or QR, and confirms setup

4

Avatar Creation

User sets unique avatar identity with prefix and name (e.g., Tesla#42)

5

Account Active

User can now sign in and access platform features with full account privileges


Authentication Methods

🔐
2FA Options
Available two-factor authentication methods
📱app
Authenticator App
Time-based OTP via Google Authenticator or similar apps
📧email
Email Code
6-digit code sent to registered email address
💬phone
SMS Code
6-digit code sent via SMS to verified phone number

Common Use Cases

🆕

New User Onboarding

Complete registration flow from initial signup through 2FA setup to full account activation

🔒

Secure Login

Multi-step authentication with password and 2FA verification for enhanced security

🔑

Password Recovery

Self-service password reset with email verification for users who forget credentials

🛡️

Security Management

Enable or disable 2FA and manage authentication preferences for account security


Integration Flow

Typical Sign-In Process

📧

Enter Credentials
Email & password

🔐

2FA Code Sent
Via app/email/SMS

Verify 2FA
Enter code

🎉

Authenticated
Receive JWT token

Best Practices

✅ Password Security

Enforce strong password requirements and validate against common password lists before acceptance

⏰ Code Expiration

Verification codes expire after 10 minutes. Implement clear UI feedback and easy resend options

🔐 2FA Enforcement

Require 2FA setup before allowing full platform access to ensure account security

🌍 Country Compliance

Use ISO 3166-1 alpha-3 country codes (e.g., USA, GBR, CAN) for regulatory compliance tracking

🔒 Token Security

Store JWT tokens securely, use HTTPS only, and implement proper token refresh mechanisms

📱 Multiple 2FA Methods

Allow users to configure multiple 2FA methods as backup options for account recovery


Security Features

Built-in Protection Mechanisms

🔐

Password Encryption

Passwords are hashed using industry-standard algorithms before storage

⏱️

Code Expiration

Verification codes automatically expire after 10 minutes for security

🚫

Rate Limiting

Automatic throttling prevents brute force attacks on authentication

📧

Email Verification

Mandatory email confirmation ensures account ownership validation

🔑

JWT Authentication

Secure token-based sessions with automatic expiration and refresh

🌍

Geographic Tracking

Country-based compliance and regulatory requirement enforcement