Skip to main content
Version: 4.x

Register User

The Register User endpoint lets you create new WordPress users programmatically via the REST API. Useful for headless registration forms, mobile app sign-ups, or any external system that needs to provision WordPress accounts without going through the standard WordPress UI.

Registration is disabled by default. Enable it in Settings → Simple JWT Login → Register User.

API Reference

Explore and test this endpoint using the interactive API reference →

Endpoint

METHOD: POST

ENDPOINT: /simple-jwt-login/v1/users

URL Example: https://{{yoursite}}/?rest_route=/simple-jwt-login/v1/users&email=NEW_USER_EMAIL&password=NEW_USER_PASSWORD

PARAMETERS:

ParameterTypeDescription
emailrequired stringThe user email address.
passwordrequired* stringThe plain-text user password. Not required when Generate a random password is enabled in settings.
AUTH_KEYoptional stringAuth Code value. Required only if "Require Authentication Code" is enabled. The parameter name matches the Auth Code URL Key in Auth Codes settings (default: AUTH_KEY).
user_loginoptional stringThe user's login username.
user_nicenameoptional stringThe URL-friendly username.
user_urloptional stringThe user URL.
display_nameoptional stringThe user's display name. Default is the username.
nicknameoptional stringThe user's nickname. Default is the username.
first_nameoptional stringThe user's first name.
last_nameoptional stringThe user's last name.
descriptionoptional stringThe user's biographical description.
rich_editingoptional stringWhether to enable the rich editor. Accepts 'true' or 'false' as a string. Default 'true'.
syntax_highlightingoptional stringWhether to enable the rich code editor. Accepts 'true' or 'false' as a string. Default 'true'.
comment_shortcutsoptional stringWhether to enable comment moderation keyboard shortcuts. Default 'false'.
admin_coloroptional stringAdmin color scheme. Default 'fresh'.
use_ssloptional booleanWhether the user always accesses the admin over HTTPS. Default false.
user_registeredoptional stringDate the user registered. Format: Y-m-d H:i:s.
user_activation_keyoptional stringPassword reset key. Default empty.
spamoptional booleanMultisite only. Whether the user is marked as spam. Default false.
show_admin_bar_frontoptional stringWhether to show the Admin Bar on the front end. Accepts 'true' or 'false' as a string. Default 'true'.
localeoptional stringUser locale. Default empty.
user_metaoptional stringCustom user meta as a JSON string. Only keys listed in Allowed User Meta Keys (in plugin settings) are saved. Example: {"plan":"premium","source":"app"}

Request

Minimal registration:

{
"email": "test@simplejwtlogin.com",
"password": "SomeSuperSecretPassword"
}

Full registration with optional fields:

{
"email": "test@simplejwtlogin.com",
"password": "SomeSuperSecretPassword",
"user_login": "myuser",
"first_name": "John",
"last_name": "Doe",
"user_meta": "{\"plan\":\"premium\",\"referral_source\":\"landing_page\"}"
}

Responses

200

{
"success": true,
"id": 1,
"message": "User was successfully created.",
"user": {
"ID": 1,
"user_login": "myuser",
"user_nicename": "myuser",
"user_email": "myuser@simplejwtlogin.com",
"user_url": "https://simplejwtlogin.com/myuser",
"user_registered": "2021-01-01 23:31:50",
"user_activation_key": "",
"user_status": "0",
"display_name": "myuser",
"user_level": 0
},
"roles": [
"subscriber"
],
"jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

jwt is only included when Return a JWT in the registration response is enabled in plugin settings.

400

Required parameters are missing.

{
"success": false,
"data": {
"message": "The email address or password is missing.",
"errorCode": 35
}
}

401

Auth code is invalid or missing when required.

{
"success": false,
"data": {
"message": "Invalid auth code.",
"errorCode": 32
}
}

403

Registration is disabled, or the client IP is not on the allow-list.

{
"success": false,
"data": {
"message": "Register is not allowed.",
"errorCode": 31
}
}

409

A user with this email already exists.

{
"success": false,
"data": {
"message": "User already exists.",
"errorCode": 38
}
}

422

Email format is invalid or the email domain is not on the allow-list.

{
"success": false,
"data": {
"message": "The email address is invalid.",
"errorCode": 36
}
}

500

wp_insert_user() failed or an unexpected error occurred.

{
"success": false,
"data": {
"message": "User could not be created.",
"errorCode": 52
}
}

Examples

SHELL

curl -X POST 'https://simplejwtlogin.com/wp-json/simple-jwt-login/v1/users' \
-H "Content-type: application/json" \
-d '{"email":"myemail@simplejwtlogin.com","password":"test"}'

PHP

$simpleJwtLogin = new \SimpleJwtLoginClient\SimpleJwtLoginClient(
'https://simplejwtlogin.com',
'/simple-jwt-login/v1'
);
$result = $simpleJwtLogin->registerUser('email@simplejwtlogin.com', 'password', 'AUTH CODE');

JavaScript

fetch('https://simplejwtlogin.com/wp-json/simple-jwt-login/v1/users', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
email: 'email@simplejwtlogin.com',
password: 'my-secret-password',
AUTH_KEY: 'my-auth-code'
})
}).then(r => r.json()).then(console.log);

Error responses

CodeMeaning
31Registration is not enabled in plugin settings.
32Invalid Auth Code.
33Client IP is not on the allowed IP list.
35Email or password is missing from the request.
36Email address format is invalid.
37Email domain is not on the allow-list.
38A user with this email already exists.
52User could not be created (wp_insert_user returned an error).

Settings

Configure under Settings → Simple JWT Login → Register User.

User Registration

User Registration settings

Enable or disable the registration endpoint. When disabled, all POST requests to /users return a 403 error.

Require Authentication Code

Require Authentication Code

When enabled, every registration request must include a valid Auth Code. Without it, anyone can create an account on your site.

warning

Leaving registration open without an Auth Code is a security risk on public-facing sites.

New User Settings

New User Settings

Default User Role

The WordPress role assigned to newly registered users (e.g. subscriber, contributor, author, editor, administrator, or any custom role).

You can also assign a different role per Auth Code - when a user registers using a specific code, they receive the role tied to that code. Configure this in the Auth Codes settings.

Generate a random password

When enabled, a cryptographically secure random password is generated automatically and the password field is no longer required in the request. The password length is configurable (minimum 6, maximum 255 characters, default 12).

Post-Registration Options

Post-Registration Options

Auto-login after registration

When enabled, the new user is automatically logged in immediately after their account is created, following the redirect flow configured in the Login settings. Requires the Auto-Login feature to also be enabled.

Return a JWT in the registration response

When enabled, the API response includes a signed JWT for the new user. The JWT payload follows the configuration from the Authentication settings. If Authentication is not configured, the payload includes email, id, and username by default.

Send WordPress welcome email

When enabled, WordPress sends its default new-user notification emails (to the new user and to the site admin) after a successful registration via this endpoint.

Access Control

Access Control settings

Allowed IP Addresses

Comma-separated list of IP addresses allowed to call the registration endpoint. Leave blank to allow all IPs. Supports wildcards in any octet (e.g. 85.*.*.*).

Allowed Email Domains

Comma-separated list of email domains accepted during registration (e.g. gmail.com, company.org). Leave blank to accept all domains.

User Data

User Data settings

Allowed User Meta Keys

Comma-separated list of user_meta keys that may be set via the user_meta request parameter. Keys not listed here are silently ignored, even if sent in the request. Leave blank to disallow all custom meta.

Example: plan, referral_source, subscription_tier