User self-registration
17.2.3. User self-registration REST API

The Loginapp REST Self-Registration API exposes a REST API. This REST API allows users to register an account with user credentials, authentication means, and channel verified communication channels.

The Loginapp REST Self-Registration API is a public API. Special consideration is required since these calls are exposed publicly and therefore enumeration of user attributes and brute force attacks are a concern.


  • Loginapp REST Self-Registration requires the license bundle "SELFSERVICE".


The User Self-Registration API is a flow API (see 16. Flows as Airlock IAM concept for a detailed explanation of flows). When configuring the self-registration API in the configuration editor, it is possible to create multiple self-registration flows that may be selected by the REST client. One of the flows is marked out as the default. IAM uses the default if the client does not explicitly select a flow. A flow is a sequence of flow steps that the server will enforce.

  • In general, the self-registration flows will adhere to these rules:
  • Each step in the flow can be either interactive and therefore requires the client to supply data or it can be non-interactive and therefore will be processed without interaction with the user.
  • User data registration step:
    • All possible REST calls may be used repeatedly.
    • Validators are configured on individual user data items or on an entire user data registration step.
    • To proceed from a user data registration step to the next step requires a "continue" call.
  • To be able to proceed to the next step, all validators of the current step must run successfully. 
  • Channel verification steps are interactive but do not require a continue call. They are also not treated as validators.
  • Every continue and validate REST call will verify all validators of the current step.
  • Tags are not shared between self-registration and authentication flow sessions.

Further information and links