Users

Create a new user

Register a new user with the required account details.

POST
POST
POST

https://api.docly.com/v1/users

Request

curl --request DELETE \
  --url https://api.yourdomain.com/v1/auth/session \
  --header "Authorization: Bearer ACCESS_TOKEN" \
  --header "Content-Type: application/json" \
  --data '{
    "session_id": "sess_82bd91fa",
    "reason": "user_logout"
  }'

Request

curl --request DELETE \
  --url https://api.yourdomain.com/v1/auth/session \
  --header "Authorization: Bearer ACCESS_TOKEN" \
  --header "Content-Type: application/json" \
  --data '{
    "session_id": "sess_82bd91fa",
    "reason": "user_logout"
  }'

Request

curl --request DELETE \
  --url https://api.yourdomain.com/v1/auth/session \
  --header "Authorization: Bearer ACCESS_TOKEN" \
  --header "Content-Type: application/json" \
  --data '{
    "session_id": "sess_82bd91fa",
    "reason": "user_logout"
  }'

200

400

{
  "success": true,
  "invalidated_session_id": "sess_82bd91fa",
  "revoked_tokens": 2,
  "revoked_at": "2026-02-16T15:42:12Z"
}

200

400

{
  "success": true,
  "invalidated_session_id": "sess_82bd91fa",
  "revoked_tokens": 2,
  "revoked_at": "2026-02-16T15:42:12Z"
}

200

400

{
  "success": true,
  "invalidated_session_id": "sess_82bd91fa",
  "revoked_tokens": 2,
  "revoked_at": "2026-02-16T15:42:12Z"
}

The Create User endpoint allows you to register a new user in your application. This is typically used during the signup flow.

Authorizations

Authorization

string

required

A valid refresh token passed using the Bearer authentication scheme.

Format: Authorization: Bearer <refresh_token>

The token must be active and issued by your authentication server.

Authorizations

Authorization

string

required

A valid refresh token passed using the Bearer authentication scheme.

Format: Authorization: Bearer <refresh_token>

The token must be active and issued by your authentication server.

Authorizations

Authorization

string

required

A valid refresh token passed using the Bearer authentication scheme.

Format: Authorization: Bearer <refresh_token>

The token must be active and issued by your authentication server.

Request Body

device_id

string

optional

Unique identifier of the client device requesting the refresh.

Used for session tracking and anomaly detection.

Example: "web-3f92ab1c"

rotate_refresh_token

boolean

optional

Indicates whether a new refresh token should be issued.

Defaults to true.

If set to false, the existing refresh token remains valid.

client_version

string

optional

Version of the client application initiating the request.

Useful for telemetry and debugging.

Example: "2.4.1"

Request Body

device_id

string

optional

Unique identifier of the client device requesting the refresh.

Used for session tracking and anomaly detection.

Example: "web-3f92ab1c"

rotate_refresh_token

boolean

optional

Indicates whether a new refresh token should be issued.

Defaults to true.

If set to false, the existing refresh token remains valid.

client_version

string

optional

Version of the client application initiating the request.

Useful for telemetry and debugging.

Example: "2.4.1"

Request Body

device_id

string

optional

Unique identifier of the client device requesting the refresh.

Used for session tracking and anomaly detection.

Example: "web-3f92ab1c"

rotate_refresh_token

boolean

optional

Indicates whether a new refresh token should be issued.

Defaults to true.

If set to false, the existing refresh token remains valid.

client_version

string

optional

Version of the client application initiating the request.

Useful for telemetry and debugging.

Example: "2.4.1"

Response Fields

access_token

string

required

New short-lived access token used to authorize API requests.

refresh_token

string

required

New refresh token issued when rotation is enabled.

expires_at

string

required

ISO 8601 timestamp indicating when the access token will expire.

Example: "2026-03-01T18:25:43Z"

session_id

string

required

Identifier of the active authentication session.

refresh_token_expires_at

string

optional

Expiration timestamp for the newly issued refresh token.

Response Fields

access_token

string

required

New short-lived access token used to authorize API requests.

refresh_token

string

required

New refresh token issued when rotation is enabled.

expires_at

string

required

ISO 8601 timestamp indicating when the access token will expire.

Example: "2026-03-01T18:25:43Z"

session_id

string

required

Identifier of the active authentication session.

refresh_token_expires_at

string

optional

Expiration timestamp for the newly issued refresh token.

Response Fields

access_token

string

required

New short-lived access token used to authorize API requests.

refresh_token

string

required

New refresh token issued when rotation is enabled.

expires_at

string

required

ISO 8601 timestamp indicating when the access token will expire.

Example: "2026-03-01T18:25:43Z"

session_id

string

required

Identifier of the active authentication session.

refresh_token_expires_at

string

optional

Expiration timestamp for the newly issued refresh token.

Error Fields

error_code

string

required

Machine-readable identifier describing the failure.

Possible values:

  • refresh_token_invalid

  • refresh_token_expired

  • session_not_found

  • token_rotation_failed

error_description

string

required

Detailed explanation of why the request failed.

Error Fields

error_code

string

required

Machine-readable identifier describing the failure.

Possible values:

  • refresh_token_invalid

  • refresh_token_expired

  • session_not_found

  • token_rotation_failed

error_description

string

required

Detailed explanation of why the request failed.

Error Fields

error_code

string

required

Machine-readable identifier describing the failure.

Possible values:

  • refresh_token_invalid

  • refresh_token_expired

  • session_not_found

  • token_rotation_failed

error_description

string

required

Detailed explanation of why the request failed.

Previous

Previous

Previous

Next

Update user details

Next

Update user details

Next

Need help? Contact Support

Join our Discord Community

Questions? Contact Sales

Request

curl --request DELETE \
  --url https://api.yourdomain.com/v1/auth/session \
  --header "Authorization: Bearer ACCESS_TOKEN" \
  --header "Content-Type: application/json" \
  --data '{
    "session_id": "sess_82bd91fa",
    "reason": "user_logout"
  }'

200

400

{
  "success": true,
  "invalidated_session_id": "sess_82bd91fa",
  "revoked_tokens": 2,
  "revoked_at": "2026-02-16T15:42:12Z"
}

Create a free website with Framer, the website builder loved by startups, designers and agencies.