User account
The user account endpoints are used to register and verify Bloom user accounts, and to reset passwords.
Register user
Registering a user is the first step in creating a Bloom account. After registering a new account, the user will receive an email with a link to verify their email address, which includes a new user verification token.
The verification token must be verified using the verify endpoint before the user can log in to their account. The verification token is valid for 72 hours.
POST /user/register
{
"email": "user@example.com",
"password": "examplePassword123!",
"meta": {
"name_first": "Jon",
"name_last": "Doe"
}
}
Fields
- emailrequired stringEmail address of the user.
- passwordrequired stringPassword for the user account. The password must meet the following requirements:
- Minimum length of 12 characters
- Contain at least one lowercase letter
- Contain at least one uppercase letter
- Contain at least one number
- meta.name_firstrequired stringFirst name of the user.
- meta.name_lastrequired stringLast name of the user.
Response
| HTTP status | Title | Description | Schema |
|---|---|---|---|
| 201 | Created | Successfully created | User object |
| 400 | Bad Request | Invalid or missing field(s) | Error object |
| 409 | Conflict | Email address already registered | Error object |
Verification request
The verification request endpoint is used to request a new user verification token if not received when registering a new user account.
Verification requests can be made no more than once every 3 minutes for a given email address.
POST /user/verification-request
{
"email": "user@example.com"
}
Fields
- emailrequired stringEmail address of the user.
Response
| HTTP status | Title | Description | Schema |
|---|---|---|---|
| 204 | No content | New user verification requested | |
| 400 | Bad Request | Invalid or missing field(s) | Error object |
| 401 | Unauthorized | User disabled or not verified | Error object |
| 429 | Too Many Requests | Too many verification requests | Error object |
Verify
The verify endpoint is used to verify a new email address using a valid user verification token.
POST /user/verify
{
"email": "user@example.com",
"token": "USER_VERIFICATION_TOKEN"
}
Fields
- emailrequired stringEmail address of the user.
- tokenrequired stringUser verification token provided from the register user or verification request endpoints.
Response
| HTTP status | Title | Description | Schema |
|---|---|---|---|
| 204 | No content | Email address verified | |
| 400 | Bad Request | Invalid or missing field(s) | Error object |
| 401 | Unauthorized | User disabled or not verified | Error object |
Password reset request
The password reset request endpoint is used to request a password reset for an existing user account. After requesting a password request, the user will receive an email with a password reset token if an active user account exists with the given email address. This token can be used with the password reset endpoint.
Password requests can be made no more than once every 3 minutes for a given email address. Emailed password reset tokens are valid for 15 minutes.
POST /user/password-request
{
"email": "user@example.com"
}
Fields
- emailrequired stringEmail address of the user.
Response
| HTTP status | Title | Description | Schema |
|---|---|---|---|
| 204 | No content | Password request accepted | |
| 400 | Bad Request | Invalid or missing field(s) | Error object |
| 429 | Too Many Requests | Too many password requests | Error object |
Password reset
The password reset endpoint is used to reset the password for an existing user account using a valid password reset token provided from the password reset request endpoint.
POST /user/password
{
"email": "user@example.com",
"password": "examplePassword123!",
"token": "PASSWORD_RESET_TOKEN"
}
Fields
- emailrequired stringEmail address of the user.
- passwordrequired stringPassword for the user account. The password must meet the following requirements:
- Minimum length of 12 characters
- Contain at least one lowercase letter
- Contain at least one uppercase letter
- Contain at least one number
- tokenrequired stringPassword reset token provided from the password reset request endpoint.
Response
| HTTP status | Title | Description | Schema |
|---|---|---|---|
| 204 | No content | Password successfully reset | |
| 400 | Bad Request | Invalid or missing field(s) | Error object |
| 401 | Unauthorized | User disabled or not verified or invalid token value | Error object |