Registration & Password Reset

Public endpoints for creating a new account (two-step OTP verification then registration) and for resetting a forgotten password (OTP request then reset). All four endpoints require no authentication.

Send Registration OTP

POST

https://multicartapi.com/api/v1/users/register/otp/sent

No auth (public)

Send a 6-digit email verification code to a prospective user's address before registration.

curl "https://multicartapi.com/api/v1/users/register/otp/sent" \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]"}'

Parameters

Parameter	In	Type	Required	Default	Description
`email`	body	string (email)	Required	—	Prospective user's email address. Must not already be registered on the platform.

Request body

{"email": "[email protected]"}

Response

{"code": 200, "data": "Verification code sent successfully!", "status": 1}

Notes

Rate-limited to 3 codes per email address per 15-minute window. Returns a failure response if the email is already registered. Sending a new code invalidates any previous unused code for that address. The OTP expires 10 minutes after issue.

Register New User

POST

https://multicartapi.com/api/v1/users/register

No auth (public)

Create a new user account using the OTP received from /users/register/otp/sent.

curl "https://multicartapi.com/api/v1/users/register" \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"name": "Alice Smith", "email": "[email protected]", "password": "S3cur3p@ss", "otp": 482931, "country": "Australia"}'

Parameters

Parameter	In	Type	Required	Default	Description
`name`	body	string	Required	—	Display name for the account.
`email`	body	string (email)	Required	—	Login email address. Must match the address used in the OTP step.
`password`	body	string	Required	—	Plaintext password; hashed server-side before storage.
`otp`	body	integer	Required	—	6-digit verification code received from /users/register/otp/sent.
`country`	body	string	Required	—	Country name e.g. "Australia".
`business_name`	body	string	Optional	—	Optional billing address field.
`address_1`	body	string	Optional	—	Optional billing address line 1.
`city`	body	string	Optional	—	Optional billing address city.
`state`	body	string	Optional	—	Optional billing address state.
`postal_code`	body	string	Optional	—	Optional billing address postal code.

Request body

{"name": "Alice Smith", "email": "[email protected]", "password": "S3cur3p@ss", "otp": 482931, "country": "Australia"}

Response

{"code": 200, "data": {"name": "Alice Smith", "email": "[email protected]"}, "status": 1}

Notes

On success, the server automatically provisions: a Starter plan subscription, an initial credit grant, a session auth token, and a UserAccount record with a generated api_key. The OTP expires 10 minutes after issue; after 5 incorrect OTP guesses the code is burned and a new one must be requested. Use /users/login after registration to obtain a session token.

Send Password Reset OTP

POST

https://multicartapi.com/api/v1/users/otp/send

No auth (public)

Send a 6-digit password-reset code to an existing user's registered email address.

curl "https://multicartapi.com/api/v1/users/otp/send" \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]"}'

Parameters

Parameter	In	Type	Required	Default	Description
`email`	body	string (email)	Required	—	The registered email address of the account whose password should be reset.

Request body

{"email": "[email protected]"}

Response

{"code": 200, "data": {"user": 42}, "status": 1}

Notes

Rate-limited to 3 codes per email address per 15-minute window. Invalidates all previous unused codes for the user. The user ID returned in data.user should be passed to /users/password/reset as the user field.

Reset Password

POST

https://multicartapi.com/api/v1/users/password/reset

No auth (public)

Set a new password using the OTP received from /users/otp/send.

curl "https://multicartapi.com/api/v1/users/password/reset" \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"user": 42, "otp": 193847, "password": "N3wp@ss!"}'

Parameters

Parameter	In	Type	Required	Default	Description
`user`	body	integer	Optional	—	User ID returned by /users/otp/send. Either user or email is required.
`email`	body	string (email)	Optional	—	Registered email address. Alternative to the user field; either one is required.
`otp`	body	integer	Required	—	6-digit reset code received from /users/otp/send.
`password`	body	string	Required	—	The new plaintext password; hashed server-side before storage.

Request body

{"user": 42, "otp": 193847, "password": "N3wp@ss!"}

Response

{"code": 200, "data": "Password reset successfully.", "status": 1}

Notes

Either user (integer ID from the /otp/send response) or email must be provided — not both required, but at least one is. After a successful reset, use /users/login with the new password to obtain a fresh session token.