Hi, I'm creating like a layer on top of the medplum API to facilitate communication with the client application. In short the browser requests from a nextJS application, that then intermediates between our medplum instance and other third parties. I'm trying to create a /register endpoint and store the user in our medplum store with some sensitive defaults, and from what I can gather is not possible to do this without sharing the site captcha or having access to the password salt? Are there other methods or endpoints I could use to assign a password to a user, and create a User/Patient combination associated with a clientApplication or Organization. For reference, this is a code snippet of the handler:

const userResponse = await fetch(getUrl('/auth/newuser'), {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'Authorization': 'Bearer XXXX',
    },
    body: JSON.stringify({
      resourceType: 'User',
      password: userPassword,
      firstName,
      lastName,
      email,
      client_id,
    }),
  });

HI @dvidsilva , thank you so much for your patience. We do have API endpoints for registering users, which includes setting a password. Does this help? https://www.medplum.com/docs/auth/user-management-guide#invite-via-api

Hi, thanks so much, yes looks like this is what I needed. If i create a user with

project-id/invite

then they should be able to login using the login endpoint? some of the endpoints I was trying out gave me errors because it was missing a recaptcha key

Yes it should. You can see the invited users on the admin page: https://www.medplum.com/docs/app/admin-page

apologies, just saw this again, I think I'm good, I'm going to try the /invite option. I'm working on our dev servers and being a little more flexible, will reach out again or ask a friend when closer to production. I was referring to registering a new user, like going to the page /register or trying that endpoint, it would be nice to bypass the recaptcha key

Great! @dvidsilva