Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions epersonregistrations.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,33 +33,33 @@ Also exposes whether it's a new user registration, or a password reset for an ex
```

## Create new EPerson registration

**POST /api/eperson/registrations?accountRequestType={requestType_forgot_or_register}**

To create a new EPerson registration, perform a post with the JSON below to the eperson registrations endpoint (without being authenticated).
To create a new EPerson registration, perform a POST with the JSON payload below to the eperson registrations endpoint (without being authenticated).

```json
{
"email": "user@institution.edu",
"type": "registration"
"email": "user@institution.edu"
}
```

Requires query parameter 'accountRequestType' set with either 'register' or 'forgot' value, depending on the action requested.
Requires query parameter `accountRequestType` set with value either `register` or `forgot`, depending on the action requested.

No other properties can be set (e.g. the name cannot be defined)
If successful, an email will be sent with a token allowing the user to continue the registration

Verifying whether a new registration can be created can happen using the "epersonRegistration" [feature](features.md), verified against the site
If successful, an email will be sent with a token allowing the user to continue the registration.

Verifying whether a new registration can be created can happen using the "epersonRegistration" [feature](features.md), verified against the site.

Status codes:
* 201 Created - if the operation succeed
* 400 Bad Request - if e.g. the query param 'accountRequestType' is not present or contains something else than forgot or register
* 401 Unauthorized - if registration is disabled, you are not authorized to create a new registration
* 422 Unprocessable Entity - if the email address was omitted or the e-mail address is in a domain that is not allowed in config `authentication-password.domain.valid`


## Forgot password

The same endpoint as [Create new EPerson registration](#create-new-eperson-registration) is used.
The same endpoint as [Create new EPerson registration](#create-new-eperson-registration) is used (set query parameter `accountRequestType` to `forgot`).

Using the same endpoint ensures it's not possible for a malicious user to identify which email addresses are registered by attempting a registration and verifying whether the account exists
Loading