Menu
I'm trying to register a new user via API in strapi v4.2.0, but I keep getting error 400 that says
{ "data": null, "error":{ "status": 400, "name": "ApplicationError", "message": "An error occurred during account creation", "details":{} } }
here is the data that I send via POST to http://localhost:1337/api/auth/local/register
{
"username":"testingg",
"email":"[email protected]",
"password": "password"
}
header: Content-Type: application/json
here is the strapi users & permission setting page strapi users & permission setting page
here is the error log from the console
[2022-06-25 13:35:33.360] error: 2 errors occurred ValidationError: 2 errors occurred
at handleYupError (D:\Documents\Projects\indihome\web\api\node_modules\@strapi\utils\lib\validators.js:63:9)
at D:\Documents\Projects\indihome\web\api\node_modules\@strapi\utils\lib\validators.js:73:5
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at async Object.create (D:\Documents\Projects\indihome\web\api\node_modules\@strapi\strapi\lib\services\ent)ity-service\index.js:164:23)
at async Object.<anonymous> (D:\Documents\Projects\indihome\web\api\node_modules\@strapi\strapi\lib\services\entity-service\index.js:67:20) ity-service\index.js:164:
at async Object.register (D:\Documents\Projects\indihome\web\api\node_modules\@strapi\plugin-users-permissions\server\controllers\auth.js:339:20) s\entity-service\index.js
at async returnBodyMiddleware (D:\Documents\Projects\indihome\web\api\node_modules\@strapi\strapi\lib\services\server\compose-endpoint.js:52:18) ons\server\controllers\au
at async policiesMiddleware (D:\Documents\Projects\indihome\web\api\node_modules\@strapi\strapi\lib\services\server\policy.js:24:5) ces\server\compose-endpoi
at async D:\Documents\Projects\indihome\web\api\node_modules\@strapi\strapi\lib\middlewares\body.js:51:9
at async D:\Documents\Projects\indihome\web\api\node_modules\@strapi\strapi\lib\middlewares\logger.js:22:5 s\server\policy.js:24:5)
at async D:\Documents\Projects\indihome\web\api\node_modules\@strapi\strapi\lib\middlewares\powered-by.js:16:5
at async cors (D:\Documents\Projects\indihome\web\api\node_modules\@koa\cors\index.js:56:32) 6:5
at async D:\Documents\Projects\indihome\web\api\node_modules\@strapi\strapi\lib\middlewares\errors.js:13:7
at async session (D:\Documents\Projects\indihome\web\api\node_modules\koa-session\index.js:41:7)
at async D:\Documents\Projects\indihome\web\api\node_modules\@strapi\strapi\lib\services\metrics\middleware.js:29:5
```
894
asked Jan 18 '26 07:01
I had the same error, turned out strapi allows / requires passing a role and a password, and you need to pass the role by ID. "1" is the Authenticated.
Here is a curl command that you can import into postman to work with, just adjust your bearer token and adjust the post data to the format your user data requires.
Security Note: I heavily advise to add your own logic to this API route to adjust which roles the users of a specific role may give to newly created users for safety reasons (privilege escalation is the topic here)
curl --location --request POST 'http://localhost:1337/api/users' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer yourToken' \
--header 'Content-Type: application/json' \
--data-raw '{
"username": "foo",
"email": "[email protected]",
"password": "somePassword",
"role" : "1",
"twoFA" : { "twoFAmethod" : "email" }
}'
Another security note: It makes no sense that you are allowed to set the user password, here I would adjust the route to ignore this, set some cryptic default password, and send an email with a password reset (with context-adjusted wording of course though).
195
answered Jan 21 '26 07:01
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With