# Create an account via email and password (headless)

Step 1 of headless account creation. Registers a new user with email and password, sends a verification code via email, and returns a signup_session_token. Use POST /api/oauth/signup/verify with the token and code to get OAuth tokens. Returns identical responses for new and existing users to prevent account enumeration.

Endpoint: POST /api/oauth/signup
Version: 1.0.0

## Request fields (application/json):

  - `email` (string, required)
    Email address for the new account

  - `password` (string, required)
    Password with at least 8 characters, one uppercase, one lowercase, one digit, and one special character

## Response 200 fields (application/json):

  - `signup_session_token` (string)
    Token to use with /api/oauth/signup/verify

  - `expires_in` (number)
    Session TTL in seconds (900)


## Response 400 fields

## Response 429 fields