> ## Documentation Index
> Fetch the complete documentation index at: https://docs.flowxi.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Register (magic link) - set password

> Validates magic link token, sets password, activates account, and issues a token.



## OpenAPI

````yaml api-reference/openapi.yaml post /api/v1/auth/register/set-password
openapi: 3.0.3
info:
  title: Flowxi API Documentation
  version: 1.0.0
servers:
  - url: https://api.flowxi.app
security:
  - bearerAuth: []
tags:
  - name: Health
    description: Service healthcheck.
  - name: Registration
    description: Registration flows (magic link + email OTP).
  - name: Auth
    description: Login and session management.
  - name: Two-factor authentication
    description: TOTP 2FA endpoints (login verification + manage 2FA).
  - name: Devices
    description: Session/device listing and revocation.
  - name: Me
    description: Profile of the authenticated user (Sanctum session).
paths:
  /api/v1/auth/register/set-password:
    post:
      tags:
        - Registration
      summary: Register (magic link) - set password
      description: >-
        Validates magic link token, sets password, activates account, and issues
        a token.
      operationId: postApiV1AuthRegisterSetPassword
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - token
                - email
                - password
                - password_confirmation
              properties:
                token:
                  type: string
                  description: Magic link token (sha256 hex => 64 chars).
                  example: >-
                    bngzmiyvdljnikhwaykcmyuwpwlvqwrsitcpscqldzsnrwtujwvlxjklqppwqbew
                email:
                  type: string
                  format: email
                  example: cynthia.fahey@example.net
                password:
                  type: string
                  example: Str0ngP@ssw0rd!
                password_confirmation:
                  type: string
                  example: Str0ngP@ssw0rd!
      responses:
        '200':
          description: Account activated + token issued.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TokenIssuedResponse'
        '403':
          description: Invalid/expired/used magic link (anti-enumeration safe).
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiError'
              example:
                code: MAGIC_LINK_INVALID
                message: Invalid or expired magic link.
        '404':
          description: User not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiError'
              example:
                code: USER_NOT_FOUND
                message: User not found.
        '422':
          $ref: '#/components/responses/ValidationFailed'
        '429':
          $ref: '#/components/responses/RateLimited'
        '500':
          $ref: '#/components/responses/ServerError'
      security: []
components:
  schemas:
    TokenIssuedResponse:
      allOf:
        - $ref: '#/components/schemas/ApiOkBase'
        - type: object
          required:
            - access_token
            - token_type
            - user_id
            - account_status
          properties:
            access_token:
              type: string
              description: Bearer token (plain text). Shown only once.
              example: 125|XXXXXXXXXXXXXXXXXXXXXXXX
            token_type:
              type: string
              example: Bearer
            user_id:
              type: integer
              example: 123
            account_status:
              type: string
              example: active
      example:
        code: TOKEN_ISSUED
        message: Token issued.
        access_token: 125|XXXXXXXXXXXXXXXXXXXXXXXX
        token_type: Bearer
        user_id: 123
        account_status: active
    ApiError:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          description: Machine-readable error code.
          example: UNAUTHENTICATED
        message:
          type: string
          description: Localized, user-facing message.
          example: Unauthenticated.
    ApiOkBase:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          example: OK
        message:
          type: string
          example: OK
    ValidationError:
      type: object
      required:
        - code
        - message
        - errors
      properties:
        code:
          type: string
          example: VALIDATION_FAILED
        message:
          type: string
          example: Validation failed.
        errors:
          type: object
          additionalProperties:
            type: array
            items:
              type: string
      example:
        code: VALIDATION_FAILED
        message: Validation failed.
        errors:
          email:
            - The email field is required.
  responses:
    ValidationFailed:
      description: Validation failed.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ValidationError'
    RateLimited:
      description: Rate limited.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
          example:
            code: RATE_LIMITED
            message: Too many requests.
    ServerError:
      description: Server error.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
          example:
            code: SERVER_ERROR
            message: Server error.
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: Sanctum

````