User account

The user account endpoints are used to register and verify Bloom user accounts, and to reset passwords.

Register user

Registering a user is the first step in creating a Bloom account. After registering a new account, the user will receive an email with a link to verify their email address, which includes a new user verification token.

The verification token must be verified using the verify endpoint before the user can log in to their account. The verification token is valid for 72 hours.

POST /user/register

{
  "email": "user@example.com",
  "password": "examplePassword123!",
  "meta": {
    "name_first": "Jon",
    "name_last": "Doe"
  }
}

Fields

  • email
    required string
    Email address of the user.
  • password
    required string
    Password for the user account. The password must meet the following requirements:
    • Minimum length of 12 characters
    • Contain at least one lowercase letter
    • Contain at least one uppercase letter
    • Contain at least one number
  • meta.name_first
    required string
    First name of the user.
  • meta.name_last
    required string
    Last name of the user.

Response

HTTP status Title Description Schema
201 Created Successfully created User object
400 Bad Request Invalid or missing field(s) Error object
409 Conflict Email address already registered Error object

Verification request

The verification request endpoint is used to request a new user verification token if not received when registering a new user account.

Verification requests can be made no more than once every 3 minutes for a given email address.

POST /user/verification-request

{
  "email": "user@example.com"
}

Fields

  • email
    required string
    Email address of the user.

Response

HTTP status Title Description Schema
204 No content New user verification requested
400 Bad Request Invalid or missing field(s) Error object
401 Unauthorized User disabled or not verified Error object
429 Too Many Requests Too many verification requests Error object

Verify

The verify endpoint is used to verify a new email address using a valid user verification token.

POST /user/verify

{
  "email": "user@example.com",
  "token": "USER_VERIFICATION_TOKEN"
}

Fields

Response

HTTP status Title Description Schema
204 No content Email address verified
400 Bad Request Invalid or missing field(s) Error object
401 Unauthorized User disabled or not verified Error object

Password reset request

The password reset request endpoint is used to request a password reset for an existing user account. After requesting a password request, the user will receive an email with a password reset token if an active user account exists with the given email address. This token can be used with the password reset endpoint.

Password requests can be made no more than once every 3 minutes for a given email address. Emailed password reset tokens are valid for 15 minutes.

POST /user/password-request

{
  "email": "user@example.com"
}

Fields

  • email
    required string
    Email address of the user.

Response

HTTP status Title Description Schema
204 No content Password request accepted
400 Bad Request Invalid or missing field(s) Error object
429 Too Many Requests Too many password requests Error object

Password reset

The password reset endpoint is used to reset the password for an existing user account using a valid password reset token provided from the password reset request endpoint.

POST /user/password

{
  "email": "user@example.com",
  "password": "examplePassword123!",
  "token": "PASSWORD_RESET_TOKEN"
}

Fields

  • email
    required string
    Email address of the user.
  • password
    required string
    Password for the user account. The password must meet the following requirements:
    • Minimum length of 12 characters
    • Contain at least one lowercase letter
    • Contain at least one uppercase letter
    • Contain at least one number
  • token
    required string
    Password reset token provided from the password reset request endpoint.

Response

HTTP status Title Description Schema
204 No content Password successfully reset
400 Bad Request Invalid or missing field(s) Error object
401 Unauthorized User disabled or not verified or invalid token value Error object
Was this page helpful?
© 2026 Bloom Data · System status