Codi LogoCodi Docs
API

Auth - Customer Registration

Customer registration for tenant-scoped bookings (no OTP required).

Base path: /api/v1/auth

Customer registration is simpler than owner registration—no OTP needed. A customer is automatically scoped to a tenant (organization) via subdomain or x-tenant-slug header.

POST /api/v1/auth/register/customer — Create Customer Account

Auth: Public (resolveRequiredTenant)
Used by: customer-booki-web-app · Role: guest (unauthenticated)
organizationId: Resolved by tenant middleware — from x-tenant-slug header (auto-injected by the Nuxt $api plugin from the subdomain). The created customer account is permanently scoped to this organization.

Description: Register a new customer for the business. Automatically scoped to the tenant organization.

Request

{
  "firstName": "John",
  "middleName": "Cruz", // (optional)
  "lastName": "Smith",
  "email": "john@example.com",
  "phone": "09161234567",
  "password": "CustomerP@ss123"
}

Headers (required):

X-Tenant-Slug: janes-salon

OR access via subdomain: https://janes-salon.booki.app/api/v1/auth/register/customer

Fields:

  • firstName (string, required): First name (max 255 chars)
  • middleName (string, optional): Middle name (max 255 chars)
  • lastName (string, required): Last name (max 255 chars)
  • email (string, required): Valid email address (lowercase)
  • phone (string, required): Phone number (10-20 chars)
  • password (string, required): Min 8 chars, uppercase + lowercase + number + special char

Response (201 Created)

{
  "message": "Customer created successfully."
}

After registration, the customer can log in to receive tokens. All subsequent authenticated requests from this customer are automatically scoped to that organization.

Error Responses

422 Unprocessable Entity — Missing or unresolvable tenant:

{
  "statusCode": 422,
  "message": "Organization could not be determined. Please ensure you access via a valid subdomain."
}

400 Bad Request — Email already registered:

{
  "statusCode": 400,
  "message": "Email john@example.com is already registered"
}

422 Unprocessable Entity — Weak password:

{
  "statusCode": 422,
  "message": "Password must contain at least one uppercase letter, one lowercase letter, one number, and one special character"
}

cURL Examples

Via subdomain:

curl -X POST https://janes-salon.booki.app/api/v1/auth/register/customer \
  -H "Content-Type: application/json" \
  -d '{
    "firstName": "John",
    "middleName": "Cruz",
    "lastName": "Smith",
    "email": "john@example.com",
    "phone": "09161234567",
    "password": "CustomerP@ss123"
  }'

Via header (localhost development):

curl -X POST http://localhost:4001/api/v1/auth/register/customer \
  -H "Content-Type: application/json" \
  -H "X-Tenant-Slug: janes-salon" \
  -d '{
    "firstName": "John",
    "middleName": "Cruz",
    "lastName": "Smith",
    "email": "john@example.com",
    "phone": "09161234567",
    "password": "CustomerP@ss123"
  }'

Notes

  • Customer accounts are automatically scoped to the tenant (organization) via subdomain or header.
  • Password complexity is required (uppercase + lowercase + number + special character).
  • Once registered, the customer can immediately book services and login.
  • Customers are created with ACTIVE status.
  • See multi-tenancy guide for details on tenant resolution.

Auth - Login & Refresh

Login, logout, and token refresh endpoints with real payloads and responses.

Auth - Owner Registration

Owner registration flow with OTP verification and business details.